1

Cybersecurity Solution Provider

European Leader

LEADERSHIP

CEO & Co-Founder

Jean-Nicolas PiotrowskiFormer BNP Paribas CISO

ITrust, your cybersecurity expert

10 years experience in cybersecurity

35 collaborators and 30 Data Scientists in labs

More than 200 public and private clients

100% growth/year

VP Business

David OferIT Engineer

PhD in Management, HEC

20 years of experience in High tech

business development

CFO & Co-Founder

Henri PiotrowskiSupaéro Engineer, former AIRBUS-ATR CEO

Paris, Toulouse (headquarters), New York,

Colombus, Shanghai (ongoing)

Value proposal

Covers all cybersecurity activities in all sectors

Leading solutions

International

Cybersecurity as a Service

Shareholders and financial aid

100% French simplified joint-stock company / 483.352 € share capital / 3,3 M€ owner equityPrivate and institutional investors (NewAlpha, Nestadio, Crédit Agricole, Caisse d’Epargne)

Supported by the French state: Financial aid through BPI and the Deposits and Consignments Fund (reimboursable R&D financing)

Financing through the « Investment for the Future » programme

Partners

Prizes & Associates

ITrust, your cybersecurity expert

A company worthy of our attention: ITrust declares war on hacking

Translation (FR-EN) of article retrieved from the

<LesEchos.fr> online newspaper & published by Laurent Marcaillou,

Toulouse, 25.02.2015

“ITrust started its missions in IT security withinAirbus, Toulouse, in 2007. With this expertise, theyoung company designed the IKare software, able toscan an information system in order to detectpotential weaknesses and manage security. Launchedin 2012 , this solution minimizes the duration of anaudit concerning an information system. Its saleswere doubled in 2014 after registering roughly 1,030new clients.The enterprise, with only 25 employees, also doubledits turnover to 1,3 million euro and envisions anothertwo-fold increase in its turnover for the year 2015.Among its clients, we will stumble upon giants suchas: Total, Air France, Airbus, Bull [...]”

Articles in pressabout ITrust & its solutions

ITrust presents an unequaled software an European Level

“The Toulouse-based enterprise ITrust, specializedin IT security, is on the verge of unveiling a new, yetto be seen cybersecurity software.ITrust’s CEO, Jean‐Nicolas Piotrowski, was presentat the International Cybercrime Forum to presentthis exciting innovation.Q: Why is your new product considered abreakthrough among existing IT security solutions?R: We’ve been working on IT-Tude for 7 years now:it’s a groundbreaking technology that enablespeople to detect weak signals hinting at unknownviruses, otherwise known as APTs (AdvancedPersistent Threats).”

Translation (FR-EN) of article retrieved from the

<Tribune> online newspaper and published by Valentin Dohin,

29.01.2015

Articles in pressabout ITrust & its solutions

A French security solution on a French cloud

“Developed by the Secure Virtual Cloud(SVC) consortium, this 3-year projectworth 14 mil. Euro is led by theToulouse-based start-up ITrust and nineother partners, of which we willmention the IT Research Institute ofToulouse (IRIT), The System Analysis andArchitecture Laboratory (LAAS) and Bull.Founded in 2007, ITrust distributesIKare, a vulnerability managementsoftware proposed in cloud mode forreal-time monitoring, or throughlicensing bit by bit. Its interest?[...]”

Translation (FR-EN) of article retrieved from the <L’Usine Nouvelle> online

newspaper and published by Ridha Loukll, 20.09.2012

Articles in pressabout ITrust & its solutions

Defence & aero

Bank

Health & pharma

Public sector

Insurance & social protection

Transport & logistics

Education Energy &

utilities

Food industry

Client referencesMore than 100 clients in Europe – 300 000 continuously supervised IPs

15 million stolen credit cards

Target Credit Cards & Customer Info Hacked (2013)

“US discount retailer Target found 40million of its customer accounts werehacked during November 27 andDecember 15, 2013.Across the US, during Black Friday, theTarget stores were targeted andcustomer names, credit cards, debitcards, and CVV values of severalcustomers were hacked. The retailmajor said that other information suchas addresses, PIN, social securitynumbers, etc., were not hackedhowever. “

Extract from the “Recent Hacking Incidents Around the World“ article retrieved from the <MapsOfWorld>

online newspaper , published 01.09.2014

Authorities suspect perpetrator is based in the United States

“According to the LaTribune.fr, The NationalInformation System Security Agency (ANSSI)launched an investigation in order to establishwhether or not Airbus Helicopters fell victim to ahacking incident that might be linked to animportant call for tenders in Poland. The onlinenewspaper quotes relevant sources whenindicating that the perpetrator is most likelybased in the United States. The Americancompanies Sikorsky and Boeing are at the presentmoment involved in a full-blown commercialbattle on Polish territory with the Europeanmanufacturer. [...]”

Translation (FR-EN) of article retrieved from the <L’Usine

Digitale> online newspaper and published by Julien Bonnet,

13.11.2014

Airbus Helicopters, victim of a cyber-attack

Biggest heist of the centuryhits the banking sector

“A band of Russian, Ukrainian and Chinesecriminals discovered a way to hack intoseveral banking institutions by infiltratingtheir networks. The losses recorded afterthe attacks, which were launched in 2013and continue to this day, amount to abillion euro.We are potentially witnessing the biggestheist of the century. The RussianCybersecurity Expert, Kaspersky, releasedMonday a report revealing that, since2013, over a hundred banks had beenhacked by 2.0 thieves.”

Translation (FR-EN) of article retrieved from the

<FranceSoir.fr> online newspaper and published 16.02.2015

Banks: more than a billion dollars stolen by hackers

Sony Pictures Hack: Co-chairmain Amy Pascal resigns

“Amy Pascal, Co-chairman of Sony Pictures,finally announced her resignation.The group was hacked at the end ofNovember and the attackers leaked someof Mrs. Pascal’s emails, containing racistcontent directed towards President BarackObama.Having tarnished the studio’s reputation,the scandal quickly reached internationalproportions. In other words, the Co-chairman’s departure was to be expected.”

Translation (FR-EN) of article retrieved from the

<LePoint> online newspaper and published 05.02.2015

Hacking & its human consequences

Cybersecurity Solution ProviderExpertise – Products – Security Operations Center

EXPERTISE

Expertise

Consulting

Pentest

Darknet

Training

This is the core business of ITrust.

Our Security Consultants test the

resistance of your architecture, be

it externally or internally, and

accompany you in order to help

you secure your computer network

in the long term.

SOLUTIONS

vulnerability scanner

behavioral analytics

framework & AI

Our engineers are constantly

developing new tools to facilitate

the management, analysis and

understanding of vulnerabilities

and cyber attacks.

SOC as a Service

Managed and/or

SaaS and/or

OEM and/or

On Premise and/or

ITrust manages the entire security

process of companies that wish to

outsource their cybersecurity.

Our Security Operations Center

integrates advanced reporting and is

based on our two leading products.

Vulnerability managementRisk & Report

Vulnerability scanning tool

The implementation of IKare can lead to a 90% reduction of

vulnerabilities on the network it is deployed on. 90% is also

the rate of success of our penetration tests (auditing)

performed at our clients. IKare allows the identification and

correction of their security flaws.

TOP 10 uncovered Covered

security flaws by IKare

“Wordy” systems

Weak passwords

Permissions and access rights

Inter-domain trust

Databases

with default passwords

“Wordy” DNS serves

Sharing confidential files

Poorly configured

protocols

Abandoned development

servers

Non-rectified known vulnerabilities

Vulnerability coverage rate of the

top 10 vulnerability by technology type:

99% of security flaws could be easily rectified...

…but these issues cannot be addressed by an antivirus & firewalls!

IKare –Positioning

Automated Vulnerability & Security Audit tool

Values Accessible and intuitive

Simple and modern

Tailored reporting to management

Best practices

The fruit of the cybersecurity experience of our consultants

Why? ALM : Up-to-date systems

IT : Supervision and Dashboard

DG : Risk Assesment - legal

Use Virtual machine or server in your information system

Cloud mode: from ITrust servers

Ready to deploy and operational in a few minutes

Deployement No agents needed for installation

Automated network discovery

Ready to integrate in the information system

Assets French Cloud (not restricted by the Patriot Act)

Service and proximity

R&D with LaaS, IRIT and TSoE

IKare Vulnerability Management Product positioning

• Vulnerability audit in real-time

• Proactive security issues identification

• Infrastructure and applications automated discovery

• Correlation and supervisionVulnerability detection becomes more reliable. These engines limit the number of false positives and allowthe detection of abnormal behaviors.

• Responsibility area determination

• Security alerts

• Virtual groups ensuring decision-making concerning security

• Trending, security evolution in time

• Business unit management

IKare functions

IKare: simple & intuitive interface

A major breakthrough

“BEHAVIORAL ANALYSIS IS THE MOST PLAUSIBLE SOLUTION FOR UNKNOWN VIRUS”NSA VICE CHAIRMAN 2012

“The next Pearl Harbor we might beconfronted with could very well be a

cyber attack”– Leon Panetta, US Secretary of Defense& former CIA Director (August 2011Senate Hearing)

Behavioral analysis can boost cybersecurity

“Behavioral analysis is the most plausible solution for unknown viruses”

– NSA Director , 2012

21

A groundbreaking technology

• Protects your infrastructures against APTs, viruses & unknown attacks

• Detects malicious behaviors within your information system

• Identifies weak signals in order to anticipate performance problems,

but is also capable of identifying stealth attacks

• Avoids data extraction

• Avoids resource depletion within your information system

ReveeliumAnomaly Detection Platform

Reveelium is a complete anomaly detection and prevention platform:

It relies on your existing infrastructures (« Plug and play »);

Automatically detects, analyses and prioritizes anomalies, grading them according to their potential risk;

Predicts performance or security issues with the use of machine

learning technologies.

ReveeliumProduct principle

1. A weak signal analysisbuilt on our research and partnerships with mathematical laboratories.

2. A logical correlatorbuilt on the experience of our engineers and security consultants.

3. A shared knowledge base

Reveelium is a unique combination of 3 scanning engines:

An innovating 3D-technology

• What is an anomaly?– Weird condition/nonsensical sample/deviation from the norm

– Data inconsistency not matching with any normal behavior

(either observed or learned)

• How do we detect it?– By using Machine Learning technologies

– By building profiles of normal behaviors

– By identifying deviations from the norm

Anomaly detection

Machine learning

Huge data volumes learning

Normal behaviors learning with a minimum of human interaction

& Statistical and preventive analysis

Validating learning

Identifying nonsensical / missing samples

Identifying seasonalities

Identifying abnormal behaviors

Reveelium engines

is not a new concept, but Reveelium repurposes it in thescope of automatic learning applied to supervised systems.

Learning VS correlation…

… why not use both,

for better qualified results:

• Eliminating false positives

• Correlating external data sources

in order to fine-tune the decision-making process

• System expert

Post-treatment results

Anomaly detection engines

Reveelium: APT Threat ModuleUse case demonstration

Reveelium: APT Threat ModuleUse case demonstration

Plugin SIEM or through application

VM Standalone

External VM SaaS or on the premisesCovers the entire supervision platform: logging, log correlation, alert correlation

POC Model

Similar to a plugin for enterprise applications, journals, XML data, meant to search for professional anomalies and all abnormal behaviors alike (AS, IAM, Messaging…)

Plug and play on a supervision platform

No need to be a security consultant or Data Scientist!

can be delivered through private or public cloud by

Saas or OnPremise

Delivery models

• Risk management policies

• Justifying the existence of a cyber attack

• Ability to assess proof for a filed complaint

• Security level history up until the moment of the attack

• Legal investigation – forensic computing

• Cyber-insurance

• Limited criminal risk

• Pro-active defense process

Legal outlook

Thank you

Contact

ITrust Headquarters

55 Avenue l’Occitane, BP 67303

31673 Labege Cedex

Telephone: +33 (0)5 67 34 67 80

Email: sales@itrust.fr

International Office:

24 rue Firmin Gillot

75015 Paris

www.itrust.fr/en

www.ikare-monitoring.com

www.reveelium.com/en