New Episode of No Limite SQ Podcast Features Mercator, an Open Source System Mapping Tool

In this episode of the weekly French-language podcast No Limite SQ, dedicated to cybersecurity, Didier Barzin, RSSI at a hospital in Luxembourg, introduces Mercator, an open source tool for mapping information systems. Accompanied by Nicolas Ruf and Hervé Chaur, Didier explains the motivations behind the development of Mercator, its features, and its impact in the field of cybersecurity.

Didier Barzin was inspired by the ANC's information system mapping guide and took advantage of the lockdown period due to the Covid crisis to develop Mercator. The tool was designed to meet a personal need of Didier's, who was looking for a solution to map information systems in a consistent and comprehensive manner. Mercator allows for the centralization of information scattered across different inventories and interconnects them in a graph, thus facilitating the management of incidents and changes in information systems.

One of the major challenges of mapping information systems is keeping the information up to date. Didier emphasizes that this requires significant manual work, as there is no automated solution capable of understanding the criticality of applications or the relationships between different system elements. Mercator offers a gamification approach to encourage users to complete and update the mapping, displaying a compliance dashboard that shows the level of consistency of the mapping.

Mercator was developed in PHP, a choice motivated by the simplicity and speed of development of this language, as well as the large community of PHP developers. Didier also created a company, Sourcentis, to ensure the sustainability of Mercator and allow a small team to maintain and improve the tool. Mercator is used by various organizations, including hospitals, universities, banks, and cybersecurity consultants.

The tool goes beyond simple IT mapping by integrating elements of CMDB (Configuration Management Database), allowing the management of information such as maintenance contracts, administrative privileges, and license expirations. Didier stresses the importance of comparing the mapping with reality to identify discrepancies between what is declared and what is actually in place.

Didier also shares an anecdote about a security incident at his hospital, where a technician introduced malware via a USB key, highlighting the importance of vigilance and appropriate security measures. He also mentions the use of Mercator to model biomedical equipment and machine tools in industrial environments.

In conclusion, Mercator is a valuable tool for managing information systems, providing a complete and consistent view of the various interconnected elements. Didier Barzin encourages users to contribute to the improvement of the tool and to share their feedback to enrich the community.

To learn more, watch the full video: https://www.youtube.com/watch?v=TSkcIuhTBd8