Home > News > Top Stories > Airbus Cybersecurity To Offer A Richer Threat Intelligence With ThreatQ

Airbus Cybersecurity To Offer A Richer Threat Intelligence With ThreatQ

  • With ThreatQ, the company has been enabled to offer a richer threat intelligence service that has more context and is faster.

  • The ThreatQ platform is complementary to an existing MISP solution and allows the customer to build up their own knowledge base adapted with their context.

  • With ThreatQuotien t solution, Airbus Cybersecurity analysts will be able to respond better and faster to customer requests.


Airbus Cybersecurity has strengthened its already mature and reliable offering by enriching the threat intelligence service it had been offering customers since 2011 with contextual information at scale with the help of ThreatQuotient.


With ThreatQ, the company has been enabled to offer a richer threat intelligence service that has more context and is faster – with the result that it is now able to continuously deliver cyber intelligence flows tailored to the needs of its customers.


Since 2011, our threat intelligence service has worked very closely with our incident response teams. Among other things, this has allowed us to be very relevant and responsive when it comes to tracking attackers.

- Julien Menissez, Product Manager for Managed Services in Europe, Airbus Cybersecurity.


This proximity has paid off, enabling the service to better contextualize alerts that would otherwise remain purely technical, such as lists of IP addresses and other indicators of compromise (IoCs).


Technical alerts are effective in blocking specific attacks, often in an automated way. However, when they are enriched with relevant, contextual information they can become real decision-making tools allowing security analysts to answer questions, such as: What do we know about the attacker’s current targets and campaigns? Are we a potential target for this group in particular?


But to deliver this attractive theory, Airbus Cybersecurity needed to be equipped to offer a robust, industry-ready service.


“In 2015, we decided to create a dissemination offering that would allow customers operating their own SOC to benefit from this increased information. We first worked with flat files, and then we deployed MISP interfaces for our customers,” said Julien Menissez.


Malware Information Sharing Platform


In a world of threat intelligence, the Malware Information Sharing Platform (MISP) is a necessity. MISP is a freely available solution that facilitates the sharing of IoCs between researchers after the IoCs have been acquired and consolidated.


And the complication lies here. Julien Menissez recalls: “MISP is very good for dissemination, but ingestion is not simple! We were forced to use many other open source tools in parallel, requiring a lot of scripting and manual operations before delivering the information to our customers, while remaining within the timeframes allowed by our SLAs.”


The dissemination service became so successful, that the load on the Airbus Threat Intelligence team increased dramatically.  It quickly became clear that a manual approach could not be scaled up, as customers demanded more and more context and richer information, beyond what MISP can do with its tagging and commenting functionalities.


READ MORE: Oca releases 'opendxl ontology' to drive greater interoperability

Delivering Continuous Information


The Airbus Cybersecurity team then decided to research a new ‘cyber-intelligence back office’ – a tool capable of natively managing concepts such as the freshness of information, reliability, context and related data.


Julien Menissez said, “We quickly saw in ThreatQuotient the vendor best suited to our needs. We shared the same vocabulary (coming from the defense sector). The ThreatQ platform met our criteria, and the technical level of the ThreatQuotient subject matter experts was excellent.”


With ThreatQ, Airbus Cybersecurity will now be able to meet their goals. “We can now deliver the same service and the same knowledge, with the same quality as before, but much more quickly and with far fewer technical manipulations. And, obviously, it’s our customers who benefit. Airbus has gone from weekly information delivery to continuous information delivery,” Julien said.


The Airbus team can now offer an optional tool capable of helping them capitalize on their knowledge for slightly more mature customers, who do not yet operate their SOC but still have an internal CSIRT team. The knowledge acquired during the customer’s internal investigations is seamlessly integrated into the ThreatQ platform to enrich the information delivered back to the customer via the Airbus service.


The ThreatQ platform is complementary to an existing MISP solution and allows the customer to build up their own knowledge base adapted with their context. Since customers will keep all of their data within the ThreatQ Threat Library and therefore all the knowledge acquired by their CSIRT, they also have the freedom to change their threat intelligence feeds and sources at any time.


Faster Response In The Time Of Crisis


With ThreatQuotient solution, Airbus Cybersecurity analysts will be able to respond better and faster to customer requests.


Most SOCs work with a workflow system to investigate IoCs collected during an incident. It is often a manual process but since the ThreatQ platform can be integrated with a SIEM to do the research and automatically identify patterns and linkages and how to pivot from a given IoC, we have even been able to reduce our response time to our customers. And obviously, in an incident, quickly identifying the pivots and monitoring malicious activities as closely as possible is a major advantage.

- Julien Menisse, Product Manager for Managed Services in Europe, Airbus Cybersecurity


Strategic approach to mitigate risk


The ThreatQuotient solution has allowed Airbus Cybersecurity to refine the information delivered to customers in order to better manage their security posture. The ThreatQ platform makes it possible to automatically “package” the most relevant flows according to the exposure of the client to specific risks, and thus take a strategic approach to mitigate risk.


READ MORE: SIEM  is a great tool but it's administrative challenges are a barrier

Spotlight

More featured news

Spotlight

Related News

Data Security

GuidePoint Security Announces Portfolio of Data Security Governance Services

GuidePoint Security | January 30, 2024

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the availability of its Data Security Governance services, which are designed to help customers address the challenges of unstructured data and data sprawl through a proven process and program to meet their unique needs. GuidePoint’s Data Security Governance services consist of policies, standards, and processes leveraging the newest technologies to meet organizations’ data governance goals in both on-prem and cloud environments. Once the right strategy is determined with the customer, GuidePoint Security consultants will review program requirements, assess current policies and controls, perform gap analysis, design and develop/enhance the program, recommend and implement supporting technologies, and create operational processes and metrics. “Whether an organization is just beginning to build their data security governance program or needs help assessing and improving an existing program, our team and service capabilities are built to meet them at their current maturity level,” said Scott Griswold, Practice Director - Security Governance Services, GuidePoint Security. “We work side by side with the customer to conduct the necessary data discovery in their environment and provide tailored recommendations for solutions and processes to ultimately build/improve upon the data security governance program.” GuidePoint’s Data Security Governance Services include: Sensitive Data Cataloging: For organizations just getting started in the process of protecting their sensitive data, GuidePoint offers Data Identification workshops to identify sensitive data types in the environment, including trade secrets, intellectual property, and sensitive business communications. Data Security Governance Program Assessment: For organizations with existing Data Security Governance or Data Protection programs, GuidePoint Security experts will assess the program to identify policy non-compliance, gaps in data protection requirements—whether legal, regulatory, contractual, or business—and program maturity levels. Data Security Governance Program Strategy Development: The GuidePoint team will work with an organization's key stakeholders to design a program strategy aligned with relevant requirements. The outputs of this effort include delivering ongoing sensitive data discovery, automated classification and labeling, the application of required sensitive data protections, restrictions on where sensitive data can be stored and sent, and data retention policy enforcement. Merger and Acquisition Data Identification: This offering provides the ability to identify sensitive data within an M&A target or recent acquisition (including locations, amounts, and access rights) and then perform penetration testing on the storage repositories where that sensitive data exists to determine the risk of data compromise. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com.

Read More

Data Security

GuidePoint Security Announces Portfolio of Data Security Governance Services

GuidePoint Security | January 30, 2024

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, today announced the availability of its Data Security Governance services, which are designed to help customers address the challenges of unstructured data and data sprawl through a proven process and program to meet their unique needs. GuidePoint’s Data Security Governance services consist of policies, standards, and processes leveraging the newest technologies to meet organizations’ data governance goals in both on-prem and cloud environments. Once the right strategy is determined with the customer, GuidePoint Security consultants will review program requirements, assess current policies and controls, perform gap analysis, design and develop/enhance the program, recommend and implement supporting technologies, and create operational processes and metrics. “Whether an organization is just beginning to build their data security governance program or needs help assessing and improving an existing program, our team and service capabilities are built to meet them at their current maturity level,” said Scott Griswold, Practice Director - Security Governance Services, GuidePoint Security. “We work side by side with the customer to conduct the necessary data discovery in their environment and provide tailored recommendations for solutions and processes to ultimately build/improve upon the data security governance program.” GuidePoint’s Data Security Governance Services include: Sensitive Data Cataloging: For organizations just getting started in the process of protecting their sensitive data, GuidePoint offers Data Identification workshops to identify sensitive data types in the environment, including trade secrets, intellectual property, and sensitive business communications. Data Security Governance Program Assessment: For organizations with existing Data Security Governance or Data Protection programs, GuidePoint Security experts will assess the program to identify policy non-compliance, gaps in data protection requirements—whether legal, regulatory, contractual, or business—and program maturity levels. Data Security Governance Program Strategy Development: The GuidePoint team will work with an organization's key stakeholders to design a program strategy aligned with relevant requirements. The outputs of this effort include delivering ongoing sensitive data discovery, automated classification and labeling, the application of required sensitive data protections, restrictions on where sensitive data can be stored and sent, and data retention policy enforcement. Merger and Acquisition Data Identification: This offering provides the ability to identify sensitive data within an M&A target or recent acquisition (including locations, amounts, and access rights) and then perform penetration testing on the storage repositories where that sensitive data exists to determine the risk of data compromise. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com.

Read More

More featured news