The platform was created under Security made in Luxembourg’s C3 department (Cybersecurity Competence Center). Its ambition is to make security solutions accessible to as many professionals and startups as possible.
by: Delphine Sabattier
photo: Serge Deuces / Silicon Luxembourg
featured: Bertrand Lathoud
The offer, which is currently being finalized, has been specially designed to meet the needs of small structures. It will focus in particular on the ability of email servers and the firmware of connected objects used to resist to cyber-attacks. “If we can help them control certain cyberattacks at a reasonable cost, this will be free resources for building the business,” says Bertrand Lathoud, Head of C3. Mr. Lathoud knows the subject well. He has worked at Skype in Estonia, leading their anti-cybercrime unit, then at PayPal Europe as Information Security Officer, and was eventually involved in setting up C3 with Pascal Steichen (see our article “Protecting Our Digital Activities“). Together, they acknowledged that cybersecurity was too expensive. “I worked with many startup founders and realized that the cybersecurity market had not evolved enough for them: more often than not, the offers quoted were outside their available budget. There was no affordable solution for their specific needs,” says Bertrand Lathoud.
“We wanted the system to be fully accessible via the web and be able to be managed by a third party, such as an incubator or investor.”
Thus was born the idea of launching a platform that would allow them to test and detect the most obvious vulnerabilities without falling into full-blown “Pentests”, which are costly and resource-intensive. For this purpose, C3 partnered with several local providers, including Hacknowledge (see our article “Monitor The Security Of Your Company With Hacknowledge“), but also Stidia, Conostix, Imrim and Secconsult. It was necessary to find a solution that could cover as many organisations as possible without mobilizing an excessive amount of resources. As a result, C3 decided to focus on two particularly vulnerable areas: email server attacks and connected objects. The platform is not intended to replace existing market solutions but to allow security companies to expand their portfolio and reach more customers.
“We wanted the system to be fully accessible via the web and be able to be managed by a third party, such as an incubator or investor,” explains Bertrand Lathoud. If everything goes as planned, the first building blocks of the platform should be ready for the Cybersecurity Week Luxembourg. It will be the core of the C3 Testing pillar, and complement C3’s “Training” system, which consists of modules designed around the Room#42 infrastructure. In this simulator for cybercrisis management, teams are experiencing a major security crisis. This solution is already a real success and started being exported to France as a franchise.
“We focus on serving the Luxembourgish economy first, but always keep the European perspective in mind.”
C3 is also working on building a toolset for its third pillar for the cybersecurity of Luxembourg’s economy: the Threat Observatory. The SECURITYMADEIN.LU department wants to create a platform that should facilitate a more efficient corporate investments in security, and support more effective decisions in allocating security budgets. It aims to become a reference for citizens, economic decision-makers and any organization confronted with difficulties related to making the right choices when financing their cybersecurity. “We focus on serving the Luxembourgish economy first, but always keep the European perspective in mind”, smiles the C3 leader.