Sèvres, October 19th, 2024 – With its Security Evaluation & Analysis Lab (SEAL), Almond is combining the skills of its Analysis Centre with those of the ITSEF (Information Technology Security Evaluation Facility) (CESTI in France) operated by Amossys. The aim is to create a very high added-value cyber laboratory, with the capacity to scale up to European level.
As a ITSEF accredited since 2011 by the French Cybersecurity Agency (ANSSI), Amossys is currently one of the rares French laboratory authorised to assess the cybersecurity of software and network equipment (such as firewalls, secure messaging applications, etc.) according to both the French CSPN (Certification de Sécurité de Premier Niveau – First Level Security Certification) scheme and the international CC (Common Criteria) scheme at one of the highest levels. To carry out these assessments, Amossys’s ITSEF mobilises highly technical teams and expertise (PhD in mathematics, cryptography professionals, offensive security experts, etc.). The laboratory operates as an impartial third party, independent of product developers, service providers and sponsors. ANSSI then uses the conclusions of the assessment work carried out by Amossys to decide whether or not to grant security certification to software publishers and manufacturers.
First issue: adoption of the European certification scheme (EUCC)
In January 2024, the European Commission announced the adoption of a new certification scheme, the EUCC (Common criteria based European Cybersecurity Certification scheme), a first on a European scale. The creation of the SEAL aims in particular to anticipate the delivery of the first EUCC certificates by early 2025 and position the Group’s assessment activities on a European scale. Almond’s ambition is to be the standard-bearer for French expertise in cyber assessment and certification.
Second challenge: developing cutting-edge expertise and technical offerings
Within its Laboratory, Almond is also strengthening its traditional expertise, particularly in reverse engineering, malware analysis and software testing by fuzzing. SEAL experts contribute to the Group’s incident response (CERT) and threat research and modelling (Cyber Threat Intelligence) activities. The Group aims to develop new, very high added-value technical offerings, including consultancy in post-quantum cryptography and software security, security assessment of embedded systems and Artificial Intelligence security.
Third challenge: developing solutions tailored to SMEs and start-ups
Finally, the SEAL aims to offer tailored solutions to SMEs and start-ups in the software industry, to help them respond to recent changes in European legislation which introduces stringent requirements for all software products in the EU. The SEAL’s ambition is to provide an agile support service, adapted to the budgetary constraints of software companies, within the culture of expertise and impartiality of a ITSEF.
Alexandre Deloup, previously Head of Evaluation and Analysis at Amossys, has been appointed Director of the SEAL.
“We want to make the SEAL the best European laboratory for analysing and evaluating cybersecurity solutions. This “Lab”, run by Amossys, is a major factor in Almond’s influence and transformation, enabling us to continue attracting the best experts and accelerate our growth. In addition, in the context of the opening up of the European market, it meets Almond’s objective of developing its business internationally by combining our expertise in the regulation of cybersecurity products with our ability to support our clients on key technical issues. Making such a tangible contribution to cybersecurity in Europe is a meaningful daily mission and makes us very proud.”
JEAN-FRANÇOIS ALIOTTI and OLIVIER PANTALEO,
CO-DIRECTORS OF ALMOND
