PLC network: the history of industrial systems  facing up to the challenges of the future

Introduction Industrial systems are a category of information systems of their own, with codes and properties that differ from "classic" IT systems. It is well known that the level of maturity of the industrial sector in terms of cybersecurity is…

Deceptive Security: the solution for effective detection in the cloud? – your luring strategy. 

    Today, cyber-attacks are part of our daily lives, and are becoming increasingly numerous and sophisticated.   Simultaneously, we are moving towards Information Systems built on an ever-increasing diversity of environments, thanks in particular to the Cloud, which is now…

IT for OT: What process to develop cybersecurity solutions adapted to industrial businesses?

During the Wavestone OT Cyber Day, Loïc Lebain and Benoit Bouffard conducted a workshop in which they noted that IT departments were still struggling to develop a catalogue of cybersecurity solutions for OT. Based on their experience with our customers,…

The Quest for Cybersecurity’s Purple Squirrels: How to Find and Keep Them

“Talent shortage”, “skills gap”, “employee burnout in cybersecurity”, “high turnover rate” – as a cybersecurity professional, you must be familiar with these expressions, for better or for worse. You may have seen the big headlines pointing out talent shortage issues…

PIPL: is information system decoupling necessary to comply with protectionist local laws?

The PIPL (Personal Information Protection Law) has emerged as an unprecedented first example of highly protective regulation of personal data, establishing an uncertain framework that reinforces China's control. Despite recent clarifications from China’s authorities, the centralisation of information systems continues…

Application control: what strategy you should adopt for your industrial supervision system?

The industrial control system (ICS) is the set of resources and machines used to supervise and control an industrial process. This article looks at the security issues surrounding Windows devices of the ICS supervision and maintenance layer: SCADA servers and…

CI/CD in AWS: The Solution to All Your Problems? What You Need to Know.

Integrating security directly into the configuration of CI/CD pipelines, especially through the practice of DevSecOps, enables the development of secure applications while increasing delivery frequency. This relieves pressure on security teams, which can often be a limiting factor in the…

Surviving an Active Directory compromise: Key lessons to improve the reconstruction Process 

Active Directory is a critical asset whose failure affects a large portion of your information system  Your company is currently dealing with a major ransomware crisis. Given its central role in managing access, authentication, and network resources within any organisation,…

Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT

Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing. Azure, in…

Barb’hack 2022: Leveraging PHP Local File Inclusion to achieve universal RCE

For the third consecutive time, the French city of Toulon hosted the French southernmost hacking event known as Barb'hack. We - two of Wavestone security auditors - have had the opportunity to attend the conference and participate in the Capture-the-Flag (CTF) event…

Back to top