1. Introduction

TRACKWATCH is an innovative Breach Detection System (BDS) platform. It is a natural evolution of the IDS (Intrusion Detection System). Solution developed in France and meeting the hardening requirements issued by ANSSI for the application of the Military Programming Law, TRACKWATCH effectively protects organizations against digital intrusions. It is a next-generation intrusion detection solution based on innovative technologies responding to the latest and most sophisticated attack methods.

The TRACKWATCH platform consists of two appliances:

• A central appliance, called GCenter, which receives the information sent by the probes, and which uses TRACKWATCH technology to detect and analyze the “killchain”,

• One or more probes, called GCap, which listen to the traffic on which they are placed.

A GCap capture probe is strategically installed on a particular site. This probe will be responsible for capturing, reconstructing, sorting and transmitting files, codes and events to the GCenter management server. Regarding the confidentiality of the latter, no captured data is transmitted to the outside, its optimization adapts to restricted environments. The deployment mode of the solution is done in bypass from a TAP (aggregator or not) or port mirror (SPAN) if outside LPM.

The latest version notes for the equipment in the solution are available from the following links:

• Note de Version du GCenter

• Note de Version du GCap