SafeCore: Driving efficiency and simplifying security by virtualising network and communications infrastructure

It's summertime in France, and the country is pulsing with energy as the World Cup gets underway. Match after match, from Lille to Marseille, Paris to Bordeaux, Nantes to Lyon, supporters cheer and chant, and emotions are running high.

Stéphane works as a network and communications security engineer for a major French broadcaster on the outskirts of Paris. Like everyone else, he's been feeling the excitement for weeks. But the broadcaster is considered a critical national infrastructure (CNI) provider, so it's a potential target for cyberattacks of all kinds, especially during an event of this scale. 

As such, it receives particularly close attention from the national cybersecurity agency ANSSI, whose mission is to prevent cyberattacks against French interests.

Stéphane and his team remotely monitor the networks used to broadcast matches from stadiums up and down the country – and that means keeping a watchful eye not just on information servers, network equipment and communication systems, but on thousands upon thousands of videosurveillance cameras.

For several years, Stéphane’s employer has been undertaking a digital transformation to harness the latest technological breakthroughs, reduce costs and advance its environmental ambitions in line with its CSR strategy.

For engineers like Stéphane, this transformation can be summed up in two short words: Nexium SafeCore. Developed by Thales, Nexium SafeCore is a software-based solution for virtualisation of security, communications and network functions, and it has radically changed how engineers and their teams work day to day.

Simplified deployment, management and maintenance

Part of Stéphane's job is to deploy, manage and maintain these remotely operated cameras installed across the country via secure access points. Before Nexium SafeCore, engineers had to travel to each site armed with a whole assortment of equipment: a router to get connected, a firewall and an encryptor to secure network traffic, a server to host the applications used on the infrastructure, and more besides.

Thanks to virtualisation, all they need is one machine. Stéphane can still install a network node physically on site, but all he needs is a single USB key – or he can do it remotely from the comfort of his own office. 

Engineers manage the infrastructure on their computer screens. Nexium SafeCore’s intuitive user interface is easy to get to grips with, even for less qualified technicians. It lets them monitor network traffic continuously and uses advanced software to detect the slightest anomaly in real time.
In a couple of clicks, Stéphane can maintain the system remotely, installing updates and even adding new functions as needs evolve. The key to this flexibility is a catalogue of Nexium SafeCore-supported applications – developed by commercial partners including Fortinet, Cisco and Nokia, or by Thales itself or other defence contractors – to set up satcom links, 4G/5G, LOS connections and more. 

A high-security system

Nexium SafeCore is designed for the armed forces, critical infrastructure providers and defence contractors with particularly high security requirements.

All the technologies involved are developed in France or Europe, from design and development to production, deployment and entry into service, making Nexium SafeCore a sovereign solution that bolsters the strategic independence of the country and the continent. 

Nexium SafeCore is secure-by-design, meaning that security is built into every component starting from the design phase and throughout the solution life cycle. It partitions virtual machines (VMs) to separate them from each other, from the platform itself, and from network traffic, and natively supports information system security mechanisms such as secure boot with chain of trust validation across both hardware and software, access monitoring and filtering, command traceability, emergency deletion of confidential information, and so on. It is this approach that has earned the solution first-level certification from ANSSI after cybersecurity assessment tests conducted at the accredited Information Technology Security Evaluation Facility (ITSEF).

While virtualisation has long existed in protected environments, Nexium SafeCore can be deployed in environments with fewer security protections in place. Emergency services can now count on secure virtualised services, even on the scene of an incident. Nexium SafeCore ensures a system’s integrity without affecting the way the software normally runs – and that makes all the difference.

Thanks to Nexium SafeCore, government agencies and CNI providers can now virtualise and deploy sensitive functions remotely and in compliance with the level of security required by their critical information systems.

Businesses can also leverage this military-grade security to deploy their networking and communications infrastructure. The result of seven years of work by Thales teams, Nexium SafeCore is a truly innovative, patented solution that provides them with the trusted infrastructure they need. 

Lower costs, quicker response

Beaujoire Stadium in Nantes is playing host to the must-watch match of the tournament: France v. England. Sparks are sure to fly. And to capture them from every angle, a myriad of cameras surround the pitch, dot the stands and watch the action from the sky above. The match will be broadcast live to football fans all over the world.

The stadium is equipped with secure access points set up on the Nexium SafeCore platform, which also hosts the communication functions and the software used by the automatic videosurveillance cameras. Security officers on site can access SafeCore on their laptops, allowing them to stay in touch, protect sensitive traffic and work on trusted applications. 

Stéphane installed the network node himself, with no need to travel because everything was handled remotely. Logged into Nexium SafeCore on his computer screen in Paris, he can see all the indicators, such as the number of packets being sent over the network, and supervise the entire stadium infrastructure.

Suddenly he notices something suspicious: a camera has been disconnected and then reconnected. Was it just a routine event? Or something more sinister? Maybe a group of activists is trying to hack into a camera’s video stream to broadcast a pre-recorded message. It would be hard to find a bigger audience than this one.

Stéphane doesn’t want to leave anything to chance. He immediately deploys a virtualised security sensor to the stadium access point to analyse the feed and raise the alarm if an attack has taken place. He counts his blessings – without Nexium SafeCore, he would have had to send a technician to the site to physically connect and configure the sensor. Alternatively, he could have installed a sensor on the network of each host stadium as a preventive measure. But both scenarios would have taken more time and cost more money.

The camera incident turns out to be a false alarm, and a few hours later the sensor confirms that the integrity of the network has not been compromised. But this wasn’t the first alert, and it probably won’t be the last. With Nexium SafeCore, Stéphane knows he’ll be able to handle anything that may arise, and that puts his mind at ease. He even has time to keep an eye on another crucial indicator – the score. France has gained an early lead. The future is looking bright!