Lineon - Your Trusted Partner

Your Trusted Partner

The Company

Through experience, we have acquired a vast knowledge of all the different security problems in the market today. They arise directly from the needs and constraints of each of our client’s business functions.
These security requirements are defined through evaluating the risks and opportunities. Security constraints, such as Industry Standards and Regulations, must also be taken in to account.
Based on these factors, we have structured our services to deliver a comprehensive approach to your Information Security needs.


Our Vision

LINEON : Your Partner in Security :

  • Build a durable trust
    relationship with our clients,
  • Understand your business context
    and needs in order to help you
    meet your objectives,
  • Work in partnership and exceed your
    expectations
    , so that you may remain flexible in your business
  • Elicit the best possible solution for you,
    drawing upon more than 15 years experience in security gained in a variety of
    customers and business environments (telecoms, defence, industry,
    public, fincance, …)

Our objective

To make security contribute to your performance:

  • Through a relevant analysis of your
    business objectives
    ,
  • Making security contribute to
    the improvement of your company performance,
  • With concrete, efficient and innovative solutions,
  • Giving priority to your investments and economic objectives.

The Founders


Professional information security expert for over 12 years, Sebastien has built his expertise through several missions to major businesses, whose diverse business challenges have enabled him to understand information security pragmatically while controlling key points of adhesions, specific to each business (industry, Telecom, Banking, Defence).
His taste for management and his desire for creativity led him, in 2009, to create the Business Unit Conix Security, through which he contributed significantly to the growth of Conix Services group.
A passionate professional in information security for nearly 10 years, Sylvain was able to develop his knowledge through working with client to solve issues and problems which were as rich as they were varied (industry, telecom, defence, services), focusing on quality of service, he delivered solutions in a pragmatic and rational with value to the client.

His commitment, sense of service and entrepreneurial desire led him to participate, with Sebastien, to create Business Unit CONIX Security and to contribute significantly its development and its excellent performance.

A professional information security expert with 18 years experience, during his career Olivier has been exploring the issues and problems of information security according to many points of view within various market: industry, telecoms, defence. This experience has been built on the basis of diverse and enriching tasks to operational aspects of projects or the Information Security Solutions. All this led him to participate with Sebastien to the creation of Business Unit Conix Security where within two years he trained a team of over 25 people, al of whom are now experts in the field of Information Security.

Your UK Contact

With over 6 years direct experience implementing Information Security within the Armed Forces, Matthew’s career has seen him managing projects, delivering technical solutions and enforcing HMG IT Security Standards in operational and domestic environments both in the UK and Overseas.  Most recently, he has worked passionately with deployed medical IT systems, resolving technical and security issues to deliver patient safety and system performance.

(Click on each for more information)

Our Products

Dashboard

A tool for controlling your security matters.

Dashboard

The enhancement of operational security indicators and communicating them to management is a crucial element of controlling the security aspects of business activities.

Synthesizing the technical indicators or high-level meta-data is the main difficulty in such an endeavour.

 

Generation of a dashboard based on Bayesian networks

LineOn proposes a comprehensive approach to the implementation of a cost-effective, reduced set of high-level indicators adapted to the Security activities of your business.

This approach is based on the use of Bayesian networks as a tool for synthesizing the information parameters.

A simplified demonstration:

Methodology

 

This approach is based on a set of open-source tools that we can put in place if you do not have your own tools beforehand.

  • For the management of information and means of collecting, using tools such as ETL, SIEMS, online questionnaires, import audit reports,
  • For management indicators, production and associated reporting, use of Business Intelligence tools such as Jaspersoft suites Pentao,
  • For the management of Bayesian networks, using tools such as Genie, Smile,
  • For the production of the instrument panel, use technology html5/javascript/CSS3 web.


A dashboard for security, in what context?

One of the main tasks of the CISO is the security management information system. This is developed in accordance with the company’s business strategy to protect the information assets and means of production against any threat, accidental or malicious.

One of the main areas of improving the management of the security activity is the provision of communication. In effect, this enhances the passage of information, in order to facilitate decision making by business management.

The production of these communication elements involves the use of the appropriate tools to obtain information about the current state of security across the system and visualize trends associated with its development.

In most cases, the CISO can already rely on reporting tools or operational supervision. However, these tools are not always able to synthesize the best information for the relevant indicators. Because of the large number of indicators and their highly technical nature, it can become very difficult to communicate effectively with non- security specialists.

Identifying information, qualifying it and defining how it will be organized in order to produce a synthesis suitable for targeted communication is a crucial element in a strategy for effectively controlling information security .

Pitfalls to avoid

One of the points that can hinder the establishment of a panel, is that it is often considered necessary to maximize the number of technical indicators . Indeed, it is always more rewarding and reassuring to be able to communicate around a simplified yet mature information model.

Developing a draft implementation of the Dashboard in a continuous improvement approach avoids this pitfall . Even if you do not have all the information possible, hotspots are generally properly addressed either technically or by collecting the opinions of experts. This allows us to produce a first panel, and then to change it over time as the information system grows and matures. One indicator may also be the measure of the level of maturity and its evolution over time.

Our answer

Our answer to this problem comes directly from our research work on Security Dashboards.

It is based on the following points:

  • The identification and selection of synthetic security indicators
  • The mathematical model to produce these synthesized indicators taking into account the transverse aspects of security
  • Different ways to represent these indicators for aspects of control as well as communication.

2-tableaudebord

 

 

2-protection

Risk Management

A method and tool for managing your business risks.

    Risk Management

    LINEON offer a pragmatic assessment of risk consistent with business issues because we use the foundation of a successful ISS governance.

    Based on methodologies of ISO / IEC 27005 and ISO / IEC 31000, LINEON has a proven expertise in the fields of analysis and management of IT risks.

    Value added:

    • An understanding of the challenges facing your business,
    • Discussions with different types of stakeholders,
      (operational, functional, business, top management),
    • Methodological base which has been internationally validated.

 

Management System

For implementing or auditing the Management System Safety Information Society (WSIS)

    Supporting the implementation and execution of WSIS audit within your business

    LineON assists you in the implementation of Management Systems Security Information.
    This quality approach of ISS governance enables the company to systematically manage security and ensure it is structured and effective for:

    • Management,
    • Control,
    • Streamlining investment,
    • Continuous improvement (PDCA).
    Our added value:
    • A pragmatic approach adapted to the context and means of our customers
    • The use of risk management expertise as the cornerstone to the approach for a solution
    • A mastery of normative guides, both generic (eg ISO / IEC 27002), and targeted (eg ISO / IEC 27011 on trades Telecom)
    • Certified personnel ISO / IEC 27001 (Lead Auditor / Implementer)

     

2-management

 

2-defense

Defence (MOD) and Classified environments

Management, audits or controls for your classified defence environments.

    IT management issues in the classified defence environment

    MOD procedures and legislation on the management of Protectively Marked material constantly evolves. Unless you conform to the new standards then existing contracts or List X sites could be placed in jeopardy.

    LINEON has expertise on these issues resulted offering customers concerned:

    • A thorough knowledge of the relevant HMG IT Security and Information Management policies
    • Experience in the implementation of secure technical infrastructure
    • Compliance audits in order to maintain accreditation and fulfil requirements under the regulations in force.
    Our added value:
    • A thorough knowledge of the relevant regulations (CESG standards, JSP 440, etc)
    • Security Cleared staff (at all levels) with experience working with the MOD and government.

     

     

Our Services

Optimize ROSI (Return On Security Investment) by taking into account the various security elements in your projects and programmes.
We have strong expertise, backed up by our reputation, in delivering an ISS model approach to the underlying issues and, through vast experience implementing the necessary technology, we assist our clients in an « end to end » solution, from the « Build » phase to the « Run » phase their projects. Through the varied skills of our expert staff we offer solutions adapted to each specific function of your business and the threats it faces.

1-conseil

Consultancy

Whether it be at the heart of your business, or only in support of it, the management information system and especially the security of it plays a more and more crucial role in today’s world.

Your business needs to be on top of current regulatory aspects but also the associated risks that could jeopardize processes, business continuity and, ultimately, your cash flow.

We support you in securing your entire system, our speciality is the security of information and information systems, but we are also capable of finding the best products for your business and implementing them through our team of experts.

 

Assistance

Protecting your corporate network can be daunting in it’s complexity. We offer your business the ability to rely our technical resources (backed up with industry qualifications such as CISCO)

    Operational Assistance

    We can also accompany you in your day-to-day operations:

    • The realisation of secure redundancy architecture to ensure high availability as well as fault tolerance.
    • Application of industry security standards and best practices within your projects (ISO 2700x, etc)
    • Incident forensics (root cause analysis/identification and action plan proposals)
    • High level support on main security solutions with the most up to date implementations as guided by industry best-practice or the OpenSource community

     

    Project Assistance

    You do not have an organic IT Security capability? Being unable to afford your own Full-Time IT Security team does not mean that you will not come up against security issues or compliance obligations during your programmes or projects. We can provide cost-effective assistance to you through the entire Corporate Programme, on specific projects or to specific functions. Whatever your requirement we can help you to define the appropriate sizing or check the consistency of the configuration in relation to your policies and procedures.

1-assistance

 

 

1-expertise technique

Technical

Because protecting your corporate network can be as important as it is complex, we offer you the opportunity to rely on us for implementing your technical resources by our staff who are certified by major manufacturers (Cisco CCSP, Fortinet FCNSP, CheckPoint etc..).


    LINEON offers the expertise of its consultants to resolve your specific issues:

    • Manage your security equipment (operational maintenance, patch management, administration):
      • Firewall (Cisco, Fortinet, Juniper, …)
      • Proxy / reverse proxy/ application proxy
      • Antivirus and antispam
      • Authentication Server (Strong authentication, Radius, LDAP, …)
    • Define the prerequisites and implement IPSec and SSL VPN tunnels (eg : Fortigate, Juniper Secure Access, openSSL, …)
    • Monitor your network:
      • SIEMS Solution (Security Information and Event Management System) to trace activities and threats through automated logs analysis,
      • System network flows analysis via IPS / IDS probes (Snort, Cisco, Netasq, Juniper, …)
    • Post-incident analysis and forensics

 

Audit

LINEON performs audits for its customers whether they be of a technical, organizational or functional nature, or through a penetration testing approach with a main objective :
To develop value to your business through audit and analysis of your business risks.

    With our expert technicians, LINEON is able to cover all technological environments, such as:

    • WEB and WEB 2.0
    • System and network infrastructures
    • Telecom (data connectivity, IAD/STB, …)

    Our added value :

    • An innovative audit reporting approach aims to provide:
      • Action plan prioritisation regarding the identified business risks
      • Investment justification through a ROSI (Return On Security Investment) assessment
      • Provide the IT Security stakeholder with feedback to communicate with business entities, top management or the public.
    • Use of recognised technical and functional ISO standards, in order to assess compliance:
      • OWASP for the WEB environments
      • ISO/IEC 19001 for the audit approach formalisation
      • ISO/IEC 2700X – I.T. Security referential
      • PCI-DSS (Payment Card Industry – Data Security Standard)
      • Regulatory framework for environments classified defense (IGI 1300/II 920)

     

1-audit

 

1-test d'intrusion

Intrusion testing (Pen-Testing)

The Intrusion Test is designed to test the robustness of the security of the information system of the company if it happened to be the target of a real attack targeted or not.

    The consultant in charge of penetration testing will take the approach of a potential attacker to compromise existing security measures to exploit the computing resources of the company, manipulate or steal information, for example.

    Through its technical expertise and technology watch on the latest developments in computer security, it will implement the tools and techniques commonly used by hackers in the case of current or past real attacks.

    The major difference with a real attack is the strict observance of the charter signed with the client, including the respect for the integrity of the systems specified and strict confidentiality of the information collected. It is in other words an attack « blank » allowing customers to test its safety in the real world and proactively without the risks associated with a malicious attack (lost productivity, information theft, damage to reputation and / or brand …)

    After the penetration test, a detailed report is submitted describing the vulnerabilities discovered and the severity of the impact on the security of the information system of the company.

    Finally, a set of corrective measures proposed to return to the level of safety expected.

 

Computer Forensics


The term Computer Forensics covers the entire process, knowledge and methodologies required to gather evidence, conserve a legal chain of custody and analyse the scene in order to support any legal framework for any eventual lawsuit.

    The collection of digital evidence could, for example, lead us to:

    • retrace the logs of a single or group of machines
    • analyse data, even if they have been deleted (deliberately or accidentally)
    • retrace browsing history
    • finding traces of documents, emails, etc

    Legal procedures can be difficult, we support and assist you on site for all of these investigations.

    We can also work upstream of these procedures in order to avoid doubts. For this, we use digital evidence to foresee and report issues. This allows the board or relevant managers to make the right decision.

    Real-world example: Eliminating doubt in an investigation about illegal downloading.

    By comparing several search strings, it was possible to trace the navigation of the suspected person (even though he thought he had cleared the browser cache), as well as the images he had erased and those he had hidden in a partition on his work laptop. The establishment of the evidence and the expert report allowed the company to take the necessary measures.

1-investi

Our References

LINEON accompanies large groups in their security policy information.

Our Events

LINEON was present at the major IT security events below:



Logo SSTIC 2013

The 2013 edition of the Symposium on Security of Information Technology and Communications, which takes place on the campus of the southern suburbs of the University of Rennes annually brings together major players in the security and enthusiasts come to share and exchange on the subject.

Connect you on the website of SSTIC to more informations of next edition.

cropped-logo-fsid-2012

Conférence « Innovation for Security » avec 2 tracks: Digital Security et Security of the Physical Space

Logo SSTIC 2012

The 2012 edition of the Symposium on Security of Information Technology and Communications, which takes place on the campus of the southern suburbs of the University of Rennes annually brings together major players in the security and enthusiasts come to share and exchange on the subject.

Connect you on the website of SSTIC to more informations of next edition.

Join Us

We currently have no open vacancies but we always welcome a direct approach from qualified and experienced IT Security professionals.

Please send your CV to enquiries(at)lineon.co.uk

Contact Us

Questions? Comments? Let us know!


Our details

LINEON U.K.
1, Heddon Street Mayfair
London W1B 4BD
United Kingdom


LINEON S.A.S.
40, Rue Lauriston
75116 Paris
France