Worldline - 2020 Universal Registration Document

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Building customer trust with reliable, secured, innovative and sustainable solutions

HowWorldline addresses cyber-threats The fight against cyber-criminality is done in three main aspects: prevention, detection and response as part of the Worldline’s Security Strategy.

Prevent

Detect

Respond

Threat Intelligence (TI) Vulnerability Assessment Penetration tests

Endpoint Detection and Response (EDR) Security Information and Event Management (SIEM)

Computer Security Incident Response Team (CSIRT) Security Incident Response Forensic Analysis

Worldline's fight against cyber-criminality

D

A. Prevent Threat Intelligence (TI): TI helps Worldline to deal w tih the ● wide variety of digital threats, including exploitation of vulnerabilities in computer systems, organised hacking and reputational or computer fraud. A security breach can compromise Worldline business, impact regulations, and have bearing on the Worldline reputation. To monitor the threats of today and potential future risks, monitoring of unstructured and external sources is required to better suit the on-going and ever-changing cyber-threat landscape; gathering valuable information from countless sources on the Internet such as vendor security advisories, vulnerability repositories, social media, black board systems, search engines, including Dark and Deep Web sites to determine their severity. Then it is necessary to prioritise and identify the action required to mitigate the threat. Vulnerability Assessment: Security operations perform ● vulnerability watch and warn stakeholders in a relevant delay. Vulnerability notification include the following information: Advices for remediation; ● Severity based on the Common Vulnerability Scoring ● System (CVSS); Availability of a patch; ● Requirement for extra analysis. ● Penetration Tests: Execution of penetration tests on IT ● platforms ( i.e. system, network equipment, infrastructure, applications). An audit report is created which includes understandable evidences of the findings: Details of the vulnerability; ●

Exploitation scenario (if the vulnerability has been ● exploited); Evidences of exploitation (if the vulnerability has been ● exploited); Proposed Remediation Plan. ● B. Detect Endpoint Detection and Response (EDR): Traditional Virus ● Protection is preventing of known threats. They have blind spots w hci h don’t stop advanced threats. The number and the device types is changing more and more from full managed endpoints to non-standard and IoT devices. EDR service makes it possible to detect advanced threats automatically, identify what is not prevented and to understand complex alerts. The most notable benefits of this solution are reduced attacker dwell time and accelerated incident detection and response. Security Information and Event Management (SIEM) ● solutions are a combination of two services categories of SIM (security information management) and SEM (security event manager). SIEM technology enables real-time analysis of security events generated by network hardware and applications. The most important capabilities of SIEM are: Data Aggregation: SIEM aggregates security log data ● from many sources, including network and security devices, servers, databases, and applications; Correlation: Correlation is the process of comparing ● events for common attributes and linking these events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. For example, it is possible to detect 10 unsuccessful login attempts to the same account followed by a successful one within a 5 min period;

Universal Registration Document 2020

123