REF: CYBR-MA-2026/142 · STATUS: PROTECTED · ISO 27001 · NIST CSF
ZERO_TRUST_v2.4 · NEVER_TRUST_ALWAYS_VERIFY
// Civil Cybersecurity AI · Zero Trust

De la défense périmétrique au Zero Trust IA

SIEM/SOAR cloud-native · vulnerability management automated · phishing-resistant MFA · awareness training continu · pentests trimestriels. WEVAL 4D : ISO 27001 + NIST CSF + MITRE ATT&CK alignés.

IDENTITY + DATA DEVICES NETWORK APPS VISIBILITY AUTOMATE APT PHISH INSIDER RANSOM
🛡EDR ENDPOINTS
0
monitored 24/7
MTTR P0
0
vs 4.5h benchmark
🎯PHISH CLICK
0
vs 8.4% baseline
📊VULN PATCHED
0
critical 7j SLA
01 // ZERO TRUST · NIST 800-207

5 piliers Zero Trust orchestrés

L'IA orchestre la stratégie "never trust always verify" sur 5 piliers NIST. Maturité mesurée en continu · roadmap incrémentale.

👤

Identity

MFA phishing-resistant FIDO2 · PAM accès privilégié · IGA lifecycle

92% mature
💻

Devices

EDR/XDR + MDM · device posture continuous · BYOD policies

85% mature
🌐

Networks

Micro-segmentation · SASE/ZTNA · East-West inspection · DNS sec

74% mature
📱

Applications

SAST/DAST CI/CD · API gateway WAF · SBOM tracking · secrets vault

68% mature
📊

Visibility

SIEM unifié · UEBA behavioral · DLP cloud · forensics retention

88% mature
02 // SOC AI · SOAR PIPELINE

SOC autonome MTTR 4 minutes

Pipeline orchestré 24/7 · ingestion 142K events/sec · faux positifs <0.5% · playbooks pré-écrits MITRE D3FEND.

1. Detect

SIEM + EDR + NDR · 142K events/sec

~12 sec

2. Triage

ML scoring + threat intel · MITRE map

~28 sec

3. Investigate

Auto-pivot · graph · forensics

~90 sec

4. Contain

Playbook auto · isolate · revoke

~45 sec

5. Eradicate

Patch · re-image · purge IoC

~85 sec
END-TO-END MTTR P0
4 min 20 sec
Vs 4.5h benchmark Gartner SOC moyen. Conforme ISO 27035:2023 incident response · NIST 800-61r3.
03 // MITRE ATT&CK · ENTERPRISE COVERAGE

Couverture 14 tactiques × techniques

Mapping continu de la stack défensive sur MITRE ATT&CK Enterprise. détectées · mitigées · monitored · gap.

Initial
Access
Phishing
T1566
External
app T1190
Drive-by
T1189
Hardware
T1200
Exec
Cmd line
T1059
PowerShell
T1059.001
Scripting
T1059.005
Container
T1610
Persist
Registry
T1547
Sched task
T1053
Account
T1136
Boot/Login
T1037
Privilege
Esc
Process
injection T1055
UAC bypass
T1548
Sudo
T1548.003
Token
impersonate
Defense
Evasion
Obfuscated
T1027
Masquerade
T1036
Indicator
removal T1070
Hide artifacts
T1564
Cred
Access
Brute force
T1110
OS creds
T1003
Keylogging
T1056
Forge
T1606
Discovery
Network
scan T1046
Account
discovery T1087
System info
T1082
Cloud info
T1580
Lateral
Movement
SMB lateral
T1021.002
SSH
T1021.004
RDP
T1021.001
Internal
spearphish
Collect
Audio capture
T1123
Screen
T1113
Clipboard
T1115
Email coll
T1114
C&C
App proto
T1071
DNS
T1071.004
Proxy
T1090
Web service
T1102
Exfil
DNS exfil
T1048.003
Cloud
T1567
Phys medium
T1052
Web service
T1567.002
Impact
Ransomware
T1486
Disk wipe
T1561
DoS
T1499
Service stop
T1489
Recon
Active scan
T1595
Gather info
T1591
Search OS
T1593
Closed sources
T1597
Resource
Dev
Acquire infra
T1583
Compromise
account T1586
Develop cap
T1587
Stage cap
T1608
▸ 56 techniques covered / 84 enterprise total · 31 detected · 17 mitigated · 8 monitored · 6 gap → roadmap Q2
04 · Risk heatmap · 5 × 5

Risques probabilité × impact

42 risques cyber mappés · re-évalués trimestriellement · plan de traitement aligné ISO 27005.

CRITIQUE
3
improbable
6
faible
9
possible
12
probable
15
quasi-cert
MAJEUR
2
4
6
8
10
MODÉRÉ
1.5
3
4.5
6
7.5
MINEUR
1
2
3
4
5
NÉGLIGEABLE
0.5
1
1.5
2
2.5
Impact ↕ × Probabilité → Risk faible (accepter) Risk modéré (mitiger) Risk critique (éviter/transférer)
05 // LIVE SOC OPS

Cyber operations live

6 KPIs streaming · NOC visibility 24/7.