Airbus Cybersecurity To Offer A Richer Threat Intelligence With ThreatQ

Intelligentcio | February 27, 2020

  • With ThreatQ, the company has been enabled to offer a richer threat intelligence service that has more context and is faster.

  • The ThreatQ platform is complementary to an existing MISP solution and allows the customer to build up their own knowledge base adapted with their context.

  • With ThreatQuotien t solution, Airbus Cybersecurity analysts will be able to respond better and faster to customer requests.


Airbus Cybersecurity has strengthened its already mature and reliable offering by enriching the threat intelligence service it had been offering customers since 2011 with contextual information at scale with the help of ThreatQuotient.


With ThreatQ, the company has been enabled to offer a richer threat intelligence service that has more context and is faster – with the result that it is now able to continuously deliver cyber intelligence flows tailored to the needs of its customers.


Since 2011, our threat intelligence service has worked very closely with our incident response teams. Among other things, this has allowed us to be very relevant and responsive when it comes to tracking attackers.

- Julien Menissez, Product Manager for Managed Services in Europe, Airbus Cybersecurity.


This proximity has paid off, enabling the service to better contextualize alerts that would otherwise remain purely technical, such as lists of IP addresses and other indicators of compromise (IoCs).


Technical alerts are effective in blocking specific attacks, often in an automated way. However, when they are enriched with relevant, contextual information they can become real decision-making tools allowing security analysts to answer questions, such as: What do we know about the attacker’s current targets and campaigns? Are we a potential target for this group in particular?


But to deliver this attractive theory, Airbus Cybersecurity needed to be equipped to offer a robust, industry-ready service.


“In 2015, we decided to create a dissemination offering that would allow customers operating their own SOC to benefit from this increased information. We first worked with flat files, and then we deployed MISP interfaces for our customers,” said Julien Menissez.


Malware Information Sharing Platform


In a world of threat intelligence, the Malware Information Sharing Platform (MISP) is a necessity. MISP is a freely available solution that facilitates the sharing of IoCs between researchers after the IoCs have been acquired and consolidated.


And the complication lies here. Julien Menissez recalls: “MISP is very good for dissemination, but ingestion is not simple! We were forced to use many other open source tools in parallel, requiring a lot of scripting and manual operations before delivering the information to our customers, while remaining within the timeframes allowed by our SLAs.”


The dissemination service became so successful, that the load on the Airbus Threat Intelligence team increased dramatically.  It quickly became clear that a manual approach could not be scaled up, as customers demanded more and more context and richer information, beyond what MISP can do with its tagging and commenting functionalities.


READ MORE: Oca releases 'opendxl ontology' to drive greater interoperability

Delivering Continuous Information


The Airbus Cybersecurity team then decided to research a new ‘cyber-intelligence back office’ – a tool capable of natively managing concepts such as the freshness of information, reliability, context and related data.


Julien Menissez said, “We quickly saw in ThreatQuotient the vendor best suited to our needs. We shared the same vocabulary (coming from the defense sector). The ThreatQ platform met our criteria, and the technical level of the ThreatQuotient subject matter experts was excellent.”


With ThreatQ, Airbus Cybersecurity will now be able to meet their goals. “We can now deliver the same service and the same knowledge, with the same quality as before, but much more quickly and with far fewer technical manipulations. And, obviously, it’s our customers who benefit. Airbus has gone from weekly information delivery to continuous information delivery,” Julien said.


The Airbus team can now offer an optional tool capable of helping them capitalize on their knowledge for slightly more mature customers, who do not yet operate their SOC but still have an internal CSIRT team. The knowledge acquired during the customer’s internal investigations is seamlessly integrated into the ThreatQ platform to enrich the information delivered back to the customer via the Airbus service.


The ThreatQ platform is complementary to an existing MISP solution and allows the customer to build up their own knowledge base adapted with their context. Since customers will keep all of their data within the ThreatQ Threat Library and therefore all the knowledge acquired by their CSIRT, they also have the freedom to change their threat intelligence feeds and sources at any time.


Faster Response In The Time Of Crisis


With ThreatQuotient solution, Airbus Cybersecurity analysts will be able to respond better and faster to customer requests.


Most SOCs work with a workflow system to investigate IoCs collected during an incident. It is often a manual process but since the ThreatQ platform can be integrated with a SIEM to do the research and automatically identify patterns and linkages and how to pivot from a given IoC, we have even been able to reduce our response time to our customers. And obviously, in an incident, quickly identifying the pivots and monitoring malicious activities as closely as possible is a major advantage.

- Julien Menisse, Product Manager for Managed Services in Europe, Airbus Cybersecurity


Strategic approach to mitigate risk


The ThreatQuotient solution has allowed Airbus Cybersecurity to refine the information delivered to customers in order to better manage their security posture. The ThreatQ platform makes it possible to automatically “package” the most relevant flows according to the exposure of the client to specific risks, and thus take a strategic approach to mitigate risk.


READ MORE: SIEM  is a great tool but it's administrative challenges are a barrier

Spotlight

As the next logical step in cloud computing, serverless is fundamentally changing the way developers need to think about applications and write code. While new technologies will always raise security questions, claims that serverless poses new risks are incorrect; there are no new cybersecurity threats that are serverless-specific. In fact, serverless can actually improve an application’s security posture. This includes advantages such as that the serverless provider handles security for major parts of the stack and a small, contained blast radius.

Spotlight

As the next logical step in cloud computing, serverless is fundamentally changing the way developers need to think about applications and write code. While new technologies will always raise security questions, claims that serverless poses new risks are incorrect; there are no new cybersecurity threats that are serverless-specific. In fact, serverless can actually improve an application’s security posture. This includes advantages such as that the serverless provider handles security for major parts of the stack and a small, contained blast radius.

Related News

SOFTWARE SECURITY

Exabeam Partners with Google Cloud

Exabeam | June 09, 2022

Exabeam, a pioneer in Next-Generation SIEM and XDR, announced today its intention to construct and evolve its modern cloud-native security information and event management (SIEM) and cybersecurity analytics solutions on Google Cloud. The move provides global security teams with endless data ingestion, speed, and scale options in their continuous battle against more sophisticated cybersecurity threats over an ever-expanding attack surface. “Exabeam is unlike any other SIEM vendor in that we leverage our machine learning-based, cyber analytics product to help security teams be more efficient. With this next version of our product, we will now become completely cloud-native offering unparalleled performance, scale, and cost efficiency. Exabeam is built by security people for security people.” Michael DeCesare, CEO and president, Exabeam Gerrit Kazmaier, Vice President and General Manager, Data Analytics and Business Intelligence at Google Cloud said that “Addressing and protecting data from security threats and attacks is a business-critical focus that is constantly evolving. We look forward to continuing our work together to create products that help companies securely leverage their data at cloud scale.” Adam Geller, chief product officer, Exabeam said that “After looking at several cloud players in the market, we selected Google Cloud, specifically the Data Analytics family of products including BigQuery, Dataflow, and Looker, because of its hyperscale, speed, and ability to support the type of technically advanced products we build at Exabeam. Google Cloud has enabled us to greatly accelerate our own security platform and product innovation resulting in state-of-the-art features and capabilities that can finally overcome the data proliferation and threat detection, investigation, and response (TDIR) challenges faced by security operations teams today.” Exabeam has been named a Leader with the highest ability to execute in the 2021 Gartner Magic Quadrant for SIEM for the third time in a row, joining a rapidly growing list of technology companies that power their products and businesses with Google data cloud products like BigQuery, Looker, Spanner, and Vertex AI.

Read More

NETWORK THREAT DETECTION

Chariton Valley Commits To Protecting All Customers From Growing Cybersecurity Threats With Calix ProtectIQ Home Network Security

Calix | July 15, 2022

Calix, Inc. (NYSE: CALX) announced today that Chariton Valley Telephone Corporation (Chariton Valley) expects to double its customer connections after providing ProtectIQ® home network security to all customers at no cost. Chariton Valley leverages the full power of Calix Revenue EDGE to transform its value proposition and improve the customer experience. In May, the 70-year-old broadband service provider (BSP) launched ProtectIQ, part of Calix Revenue EDGE Suites, as it continues to roll out GigaSpire® BLAST systems across its Midwestern communities. In a climate of increased cybersecurity concerns, Chariton Valley has equipped all GigaSpire BLAST customers with effortless access to robust home network security. In doing so, the BSP increases customer loyalty across rural regions and nearby cities in north-central and northeast Missouri. Many Chariton Valley customers have sophisticated internet habits—half identify as gamers and almost 40 percent work from home. By evolving its value proposition, the innovative BSP has also fortified itself against billion-dollar market cap competition in Palmyra and Hannibal. In its first two months of offering ProtectIQ to all customers, Chariton Valley blocked more than 48,000 web threats, intrusions, malware, and viruses from entering home networks—proving the immediate value of its investments. The comprehensive Revenue EDGE platform enables BSPs of all sizes to easily and quickly launch differentiating turnkey, managed offerings. Chariton Valley continues to evolve its value proposition and strengthen its growing customer connections by: Transforming its business to help communities thrive for decades. Chariton Valley is on track to complete a historic five-year, $42 million fiber-to-the-home (FTTH) buildout in its member service territory, and another $40 million in expansion opportunities next year by leveraging the secure broadband access network platform, Calix Intelligent Access EDGE™. In May, it began rolling out turnkey, managed offerings in EDGE Suites, starting with ProtectIQ, recently recognized by the cybersecurity industry as “Best in Anti-Phishing, Network Security & Management,” at no cost to its customers. As a result, Chariton Valley blocked thousands of web threats in only two months—further proving the value of its investment in the region. Creating internet experiences that grow with customers’ needs. After the successful rollout of ProtectIQ, Chariton Valley is now taking a targeted approach to introduce its second EDGE Suite, the advanced parental controls in ExperienceIQ®. Calix-partnered BSPs have seen a 178 percent increase in people using ExperienceIQ since the beginning of the year. Both ProtectIQ and ExperienceIQ are accessed through the BSP’s branded subscriber-facing mobile app, built on CommandIQ®, giving customers more control over their home networks. Leveraging data and insights to offer services that meet each customer’s unique needs. Using the insights and analytics in Calix Marketing Cloud (Marketing Cloud), even a small BSP like Chariton Valley can successfully leverage data for segmenting and targeting. For example, Chariton Valley uses Marketing Cloud to uncover which of its customers are most likely to need the advanced parental controls of ExperienceIQ. Now their marketing team can quickly identify the right people for the new service. This enables Chariton Valley to get maximum ROI from every dollar invested in marketing. “As a member-owned organization, the customer experience informs everything we do,” said Kirby J. Underberg, president and chief executive officer at Chariton Valley. “Chariton Valley is committed to the region’s future—the investment we made building a secure fiber network will benefit people living in north-central and northeast Missouri for the next three decades. However, we also understand that we are responsible for protecting our customers from the increasing threat of digital dangers that come along with the positive generational impact of secure, fast Wi-Fi. By adding critical services like home network security and advanced parental controls, we will continue to invest in our customers by providing superior internet experiences long after the latest deals from our competitors expire.” Along with ProtectIQ and ExperienceIQ, EDGE Suites also includes connected home camera security systems (Arlo Secure). Additionally, Calix is launching two new managed offerings this summer: social media monitoring (Bark) and connected device protection (Servify Care). “Chariton Valley’s incredible first two months offering ProtectIQ to all customers underlines why today’s successful broadband business must be about more than just fast Wi-Fi, ProtectIQ has helped BSPs of all sizes block millions of digital threats in 2022. The Missouri-based market leader competes against a billion-dollar market cap company and wins because it leverages the full power of the Revenue EDGE platform to easily and quickly launch turnkey, managed offerings like ProtectIQ that improve the customer experience. We look forward to supporting Chariton Valley’s continued growth as they evolve their value proposition to reflect their commitment to protecting customers in north-central and northeast Missouri.” Matt Collins, executive vice president of commercial operations and chief marketing officer at Calix About Calix Calix, Inc. Calix cloud and software platforms enable service providers of all types and sizes to innovate and transform. Our customers utilize the real-time data and insights from Calix platforms to simplify their businesses and deliver experiences that excite their subscribers. The resulting growth in subscriber acquisition, loyalty, and revenue create more value for their businesses and communities. This is the Calix mission: to enable broadband service providers of all sizes to simplify, excite, and grow. This press release contains forward-looking statements that are based upon management’s current expectations and are inherently uncertain. Forward-looking statements are based upon information available to us as of the date of this release, and we assume no obligation to revise or update any such forward-looking statement to reflect any event or circumstance after the date of this release, except as required by law. Actual results and the timing of events could differ materially from current expectations based on risks and uncertainties affecting Calix’s business. The reader is cautioned not to rely on the forward-looking statements contained in this press release. Additional information on potential factors that could affect Calix’s results and other risks and uncertainties are detailed in its quarterly reports on Form 10-Q and Annual Report on Form 10-K filed with the SEC.

Read More

SOFTWARE SECURITY

Atera Launches New Integration with Malwarebytes

Atera | July 08, 2022

Atera, a remote-first IT management company, today announced a new integration with Malwarebytes, a provider of real-time cyber protection. Atera is the first remote management company to offer an integration that automates licensing and provisioning of the Malwarebytes OneView platform. This partnership plays an integral role for Atera to provide streamlined and maximized security operations for its community of more than 10,000 customers across 105 countries. "With workplaces continuing to evolve and employees working from anywhere in the world, the risk of ransomware attacks continues to climb. At Atera, we are committed to providing a platform with unmatched security and transparency for our customers," said Gil Pekelman, CEO of Atera. "An integration with Malwarebytes has been one of the most requested by our users, and we're thrilled to roll this out for our customers so they can easily install and manage their endpoint security solutions." This latest integration by Atera will include the option for users to deploy Malwarebytes' products directly through Atera, providing additional ease of use within the Atera platform. Customers will gain access to Malwarebytes' OneView platform, enabling license management, detailed, value-driven reporting that can be shared with their end users, and customer site administration. The integration will include Incident Response, Endpoint Protection, and Endpoint Protection and Response — the latter two being available for both Mac and Windows workstations and Mac/Windows/Linux servers. "As a leading provider of software and solutions to combat malware, we are continuously looking for opportunities to streamline and simplify cybersecurity, making it available for everyone. "Integrations with RMM providers are one way to help achieve this simplicity. Through our latest partnership with Atera, we are furthering the ability of global organizations with limited resources to successfully combat malware and manage endpoints at scale." Brian Thomas, Vice President of Worldwide MSP and Channel Programs for Malwarebytes About Atera Atera is the developer of a Remote Monitoring and Management (RMM) and Professional Services Automation (PSA) platform, built with a dispersed workforce in mind. With more than 10,000 customers in over 105 countries, Atera's intuitive all-in-one platform offers IT professionals and businesses improved operational efficiency, seamless integrations, and end-to-end management at industry-disruptive pricing. Atera's platform empowers IT teams of all sizes to maximize efficiency while transforming to a streamlined remote work environment by analyzing over 60,000 data points per second, 24/7. To learn more, visit atera.com. About Malwarebytes Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, that mission has expanded to provide cyber protection for everyone. Malwarebytes provides consumers and organizations with device protection, privacy, and prevention through effective, intuitive, and inclusive solutions in the home, on-the-go, at work, or on campus. A world-class team of threat researchers and security experts enable Malwarebytes to protect millions of customers and combat existing and never-before-seen threats using artificial intelligence and machine learning to catch new threats rapidly.

Read More