Security & Anti-Fraud

The context

In an increasingly complex environment – both in terms of technical equipment exploitation and increasing threats – managing and controlling vulnerabilities are key success factors.

In 2016, for example, an estimated 78% of business compromises were based on the exploitation of known vulnerabilities.
Knowledge of the level of protection of the company’s infrastructure has therefore become a core element of the CISO’s concerns. This issue presents a double challenge:  

  • Securing applications and infrastructures
  • Assessment by relevant indicators of the evolution of the overall level of protection of the company
data-vulnerability

Alternative

Recurring pentest campaigns are one of the solutions envisaged to detect vulnerabilities affecting infrastructures and applications. However, whether these intrusion tests are carried out by in-house teams or external service providers, the cost of this approach remains a deterrent to its systematic adoption. Pentest can be used for advanced analysis but it is not recommended as recurring method.

Did you know?
Furthermore, companies found that in the vast majority of cases (92%), attacks against them were not the result of the exploitation of a 0 day but of unpatched vulnerabilities, often which had been published for more than 6 months (as this was the case with WanaCry and Petya / NotPetya ransom software).
Being protected against such attacks is now a MUST for operators, ISPs or Content providers.

The pragmatic solution
Automatic vulnerability scanning solutions enable recurring and frequent updating of the most critical and often exploited vulnerabilities present on a client’s network and applications.

This automated approach makes it possible to optimise the level of detection and the frequency of diagnostics performed with regard to a financial investment that remains acceptable.

The Data Vulnerability Assessment offer of Orange International Carriers

Data Vulnerability Assessment enables you to detect, quantify and prioritise vulnerabilities in a system (an IP address or a website). Based on an easily deployable SaaS solution, it scans the selected systems on a regular basis and delivers expert reports allowing you to consider remedial action or additional analysis studies.

This managed solution offers, as an option, reports of several levels of depth in the technical analysis of vulnerabilities and global indicators of the state of the park. Therefore, it addresses not only technical players (management, operations…) but also experts. It takes into account the criticality of applications and infrastructures to provide you the most effective recommendations (prioritisation, analysis, solution).

 

Offer key points

Assess the level of protection and to detect the vulnerabilities present on your information system in a recurring way

Provide global indicators tailor-made by the Orange experts to enable your CISO and your management to follow the evolution of the level of security of your assets

To delegate the administration, configuration and implementation of the vulnerability scan solution to the Orange expert teams thanks to our managed service solution.

Peace of mind

Thanks to its strong experience on cyber security, Orange ensures you a peace of mind:

  • The partnership with Qualys, the recognised world leader in Vulnerability Assessment
  • Our offer protects ISPs and critical web sites of the French government

 

Reporting Options

In order to contextualise the analysis of vulnerabilities, recommendations and global indicators allowing patch management monitoring, Orange chose to propose 3 types of reports tailored to the customer needs:

  • A monthly managerial synthesis, providing the CISO and its management with global indicators on the state of security of the equipment of its fleet and its evolution over time,
  • A monthly technical report, integrating context and clarity into the analysis and solutions for the main vulnerabilities detected,
  • A quarterly recommendation report, describing a complete remediation plan adapted to the Client context for the 10 most critical vulnerabilities.

Here below are some examples of reports:

managerial-synthesis

Managerial synthesis

technical-report

Technical report

recommendation-report_imagelarge

Recommendation Report

Reseller Option

If you are an operator or an ISP, but also a reseller on your local market, our Data Vulnerability Assessment service can be easily resold to  your local ISPs or Corporate customers thanks to our B2B option.

How it works

Following a period of setup where Orange collects the list of assets you would like scanned (external IP addresses, external web sites), on a regular basis we provide you with industrialised and optionally customised reports according to your needs via a secured web portal, to which you will have access.

qualys_reference

Interested in our solutions?


 
Ban_listening - responding_White
delivery-footer
Delivery
86% of our customers tell us they are satisfied or very satisfied with our service delivery
customer-care-footer
Customer Care
We provide 24x7 Care through our Customer Service Center
service-manageemnt-footer
Service Management
Customer satisfaction survey score: 82,6% of respondents are satisfied or very satisfied in Q3 2019
billing-footer
Billing & cash management
90% of our customers tell us they are satisfied or very satisfied with our billing process