Airbus Cybersecurity To Offer A Richer Threat Intelligence With ThreatQ

Intelligentcio | February 27, 2020

  • With ThreatQ, the company has been enabled to offer a richer threat intelligence service that has more context and is faster.

  • The ThreatQ platform is complementary to an existing MISP solution and allows the customer to build up their own knowledge base adapted with their context.

  • With ThreatQuotien t solution, Airbus Cybersecurity analysts will be able to respond better and faster to customer requests.


Airbus Cybersecurity has strengthened its already mature and reliable offering by enriching the threat intelligence service it had been offering customers since 2011 with contextual information at scale with the help of ThreatQuotient.


With ThreatQ, the company has been enabled to offer a richer threat intelligence service that has more context and is faster – with the result that it is now able to continuously deliver cyber intelligence flows tailored to the needs of its customers.


Since 2011, our threat intelligence service has worked very closely with our incident response teams. Among other things, this has allowed us to be very relevant and responsive when it comes to tracking attackers.

- Julien Menissez, Product Manager for Managed Services in Europe, Airbus Cybersecurity.


This proximity has paid off, enabling the service to better contextualize alerts that would otherwise remain purely technical, such as lists of IP addresses and other indicators of compromise (IoCs).


Technical alerts are effective in blocking specific attacks, often in an automated way. However, when they are enriched with relevant, contextual information they can become real decision-making tools allowing security analysts to answer questions, such as: What do we know about the attacker’s current targets and campaigns? Are we a potential target for this group in particular?


But to deliver this attractive theory, Airbus Cybersecurity needed to be equipped to offer a robust, industry-ready service.


“In 2015, we decided to create a dissemination offering that would allow customers operating their own SOC to benefit from this increased information. We first worked with flat files, and then we deployed MISP interfaces for our customers,” said Julien Menissez.


Malware Information Sharing Platform


In a world of threat intelligence, the Malware Information Sharing Platform (MISP) is a necessity. MISP is a freely available solution that facilitates the sharing of IoCs between researchers after the IoCs have been acquired and consolidated.


And the complication lies here. Julien Menissez recalls: “MISP is very good for dissemination, but ingestion is not simple! We were forced to use many other open source tools in parallel, requiring a lot of scripting and manual operations before delivering the information to our customers, while remaining within the timeframes allowed by our SLAs.”


The dissemination service became so successful, that the load on the Airbus Threat Intelligence team increased dramatically.  It quickly became clear that a manual approach could not be scaled up, as customers demanded more and more context and richer information, beyond what MISP can do with its tagging and commenting functionalities.


READ MORE: Oca releases 'opendxl ontology' to drive greater interoperability

Delivering Continuous Information


The Airbus Cybersecurity team then decided to research a new ‘cyber-intelligence back office’ – a tool capable of natively managing concepts such as the freshness of information, reliability, context and related data.


Julien Menissez said, “We quickly saw in ThreatQuotient the vendor best suited to our needs. We shared the same vocabulary (coming from the defense sector). The ThreatQ platform met our criteria, and the technical level of the ThreatQuotient subject matter experts was excellent.”


With ThreatQ, Airbus Cybersecurity will now be able to meet their goals. “We can now deliver the same service and the same knowledge, with the same quality as before, but much more quickly and with far fewer technical manipulations. And, obviously, it’s our customers who benefit. Airbus has gone from weekly information delivery to continuous information delivery,” Julien said.


The Airbus team can now offer an optional tool capable of helping them capitalize on their knowledge for slightly more mature customers, who do not yet operate their SOC but still have an internal CSIRT team. The knowledge acquired during the customer’s internal investigations is seamlessly integrated into the ThreatQ platform to enrich the information delivered back to the customer via the Airbus service.


The ThreatQ platform is complementary to an existing MISP solution and allows the customer to build up their own knowledge base adapted with their context. Since customers will keep all of their data within the ThreatQ Threat Library and therefore all the knowledge acquired by their CSIRT, they also have the freedom to change their threat intelligence feeds and sources at any time.


Faster Response In The Time Of Crisis


With ThreatQuotient solution, Airbus Cybersecurity analysts will be able to respond better and faster to customer requests.


Most SOCs work with a workflow system to investigate IoCs collected during an incident. It is often a manual process but since the ThreatQ platform can be integrated with a SIEM to do the research and automatically identify patterns and linkages and how to pivot from a given IoC, we have even been able to reduce our response time to our customers. And obviously, in an incident, quickly identifying the pivots and monitoring malicious activities as closely as possible is a major advantage.

- Julien Menisse, Product Manager for Managed Services in Europe, Airbus Cybersecurity


Strategic approach to mitigate risk


The ThreatQuotient solution has allowed Airbus Cybersecurity to refine the information delivered to customers in order to better manage their security posture. The ThreatQ platform makes it possible to automatically “package” the most relevant flows according to the exposure of the client to specific risks, and thus take a strategic approach to mitigate risk.


READ MORE: SIEM  is a great tool but it's administrative challenges are a barrier

Spotlight

Oracle Communications surveyed 277 IT and telecom decision makers at medium and large businesses worldwide in its recent report, “Enterprise Networks in Transition: Taming the Chaos” to see what their biggest challenges are, and what solutions they believe will help.


Other News
DATA SECURITY

Menlo Security Cloud Security Platform Now Available in the AWS Marketplace

Menlo Security | March 01, 2022

Menlo Security, a leader in cloud security, today announced that the Menlo Cloud Security Platform is now available in the AWS Marketplace. Amazon Web Services (AWS) customers now have access to Menlo Security’s isolation-powered platform that eliminates malware threats, connects users to the enterprise applications from anywhere, and scales elastically to meet user demand. Detecting and responding to today's sophisticated threats using yesterday's legacy security tools doesn't work. The Menlo Cloud Security Platform, powered by a patented Isolation Core™, proactively prevents malware threats from reaching workers without sacrificing the user experience. With 75% of work happening in the browser every day, the browser has quickly become the primary attack surface for threat actors, ransomware, and other attacks. Menlo Security recently identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employing techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. “Our goal is to ensure our partners and customers are able to access and deploy the Menlo Security cloud security solution on their terms and on their timeline, Today’s threat landscape is constantly evolving and becoming more sophisticated as our recent discovery of HEAT attacks demonstrates. Having our cloud security solution available in the AWS marketplace enables our channel partners to transact and seamlessly support their customers and protect their employees and networks through the AWS Consulting Partner Private Offers (CPPO) program.” Sanjit Shah, head of strategic alliances for Menlo Security Key features of the Menlo Cloud Security Platform include: Centralized Platform - cloud-native platform which prevents malware from reaching users, eliminates the need for multiple appliances, and gives IT managers one interface to navigate. Elastic Isolation Core - The patented Isolation Core™ protects against known/unknown threats and isolates them before they reach users. Zero Trust isolation provides 100% protection without special software or plug-ins, so users don't experience negative impacts or interruption. Elastic Edge - Built to scale globally on demand. It dynamically scales to meet enterprise-level growth-over 3M users-with no performance hit and is easily extendable with a rich set of APIs and integrations. About Menlo Security Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. The company is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase. Menlo Security is headquartered in Mountain View, California.

Read More

PLATFORM SECURITY

Red Sift Partners with SMX to Provide End-to-End Cloud Email Security to Organizations in Australia and New Zealand

Red Sift | May 09, 2022

Red Sift, provider of the only integrated cloud email security and brand protection platform, today announced a strategic partnership with SMX, the cybersecure email specialist, to help enterprises in Australia and New Zealand strengthen their email security posture and threat protection. Through this exclusive arrangement, Red Sift’s best-in-class Reporting Platform integrates with SMX’s new Domain Protection Service (DPS) to deliver a new joint DMARC implementation offering, helping customers improve email threat monitoring and agility in responding to threats. Red Sift and SMX will be showcasing their joint offering at AusCERT 2022 in Broadbeach, Australia, May 10-13 (booth #B19). SMX’s DPS service enables enterprises to maintain an effective DMARC implementation, using Red Sift’s best-in-class Reporting Platform to identify, quantify, and respond in real-time to dynamic threats. Red Sift’s real-time reporting provides vital data that allows SMX to deliver their expertise in refining the security profile and manage SMX DPS deployments effectively across an enterprise’s domains. SMX’s expertise, coupled with Red Sift’s reporting capabilities, provides the level of agility and monitoring required to keep up with today’s email threat landscape. “Every company in Australasia has a unique threat environment and clients increasingly want a region-specific, locally designed and supported approach to cyber security,” says Richard Fraser, CEO of SMX. “Our DMARC managed service, DPS, made possible through this strategic partnership with Red Sift, provides clients with the tailored protection profile required to respond in real-time to dynamic threats, and will enhance email cyber-security throughout Australia and New Zealand.” According to Gartner, 90% of the Global 2000 will have DMARC in place by 2026. As email threats continue to evolve and become increasingly complex, it is more important now than ever before that enterprises establish a streamlined and sustainable DMARC implementation process that can be easily updated to reflect today’s dynamic digital environment. With the Red Sift and SMX partnership, enterprises now have access to an end-to-end email threat monitoring service, powered by real-time reporting with actionable insights that enable them to maximize their agility in quantifying and responding to threats. As a result, customers have greater confidence in their DMARC implementation and overall email security posture. “SMX shares our mission to provide enterprises with the solutions necessary to proactively protect their business and brand reputation from email security threats, rather than ‘mopping up’ after an attack. Our partnership with SMX enables us to help more organizations in Australia and New Zealand strengthen their DMARC implementations, and we’re excited to continue to scale globally in partnership with SMX.” Cameron McLean, Regional Manager, Asia Pacific, Red Sift Experts from Red Sift and SMX will be on hand at booth #B19 at AusCERT 2022 to showcase their joint DMARC managed service for enterprises. About Red Sift Red Sift enables security-first organizations to successfully communicate with and ensure the trust of their employees, vendors and customers. As the only integrated cloud email and brand protection platform, Red Sift automates BIMI and DMARC processes, makes it easy to identify and stop business email compromise, and secures domains from impersonation to prevent attacks. Founded in 2015, Red Sift is a global organization with international offices in the UK, Spain, Australia, and North America. It boasts a client base of all sizes and across all industries, including Wise, Telefonica, Pipedrive, ITV, Dominos, and top global law firms. Find out how Red Sift is delivering actionable cybersecurity insights to its global customers at redsift.com. About SMX SMX is a cyber security company with specialist expertise in email. It’s all we do. That means you get local expertise to help you secure your organisation’s email. And when you protect your email, you’re also protecting your brand reputation. For more than 17 years, our in-house development team has been delivering that to hundreds of public and private sector businesses, offering training, support and the latest in tech solutions.

Read More

DATA SECURITY

SentinelOne Expands Partner Ecosystem with New Zero Trust, CNAPP, Patch Management, and Threat Simulation Integrations

SentinelOne | January 15, 2022

SentinelOne an autonomous cybersecurity platform company, today announced integrations with Remediant, Blue Hexagon, Keysight, and Automox, expanding the set of capabilities available via SentinelOne’s Singularity Marketplace. With comprehensive integrations across enterprise use cases, the Singularity Marketplace enables customers to unify leading technologies to autonomously protect against threats at machine speed. Enable Zero Trust with Remediant SentinelOne’s joint solution with Remediant enables organizations to enforce Zero Trust solutions across cloud, hybrid, and on-premises infrastructure with a single agent. With the rise of credential stuffing attacks and ransomware, endpoints and identities are two of the most exploited attack vectors today. SentinelOne captures behavioral telemetry across user endpoints, cloud workloads and IoT, feeding process and file activities to Remediant. This enables administrators, auditors, and incident responders to identify malicious sessions and activity in a single workflow. “This partnership with SentinelOne marks one of the first, and best, examples of what becomes possible when leading identity and endpoint security solution providers align their capabilities,” said Paul Lanzi, Co-founder, Remediant. “As partners, we are both aware that today's remote workforce has to be secured by a new generation of tools that secure endpoints and privileged access. We're launching this partnership because EDR and identity vendors working together is one of the most powerful things we can do for our customers to ensure they can defend against attacks." Strengthens Cloud Ransomware Security with Blue Hexagon SentinelOne’s integration with Blue Hexagon enables the rapid detection and prevention of malware and ransomware in the cloud. As the first line of defense, SentinelOne secures endpoints, cloud workloads and IoT devices with AI powered protection, detection and response. The integration shares Blue Hexagon’s awareness of malware and ransomware reducing the time to respond through automated remediation. In addition, cloud misconfigurations are shared with SentinelOne. “We are excited to partner with SentinelOne, a leader in XDR, to provide a threat detection and response solution that unifies endpoint, cloud, and network security.With Singularity XDR and Blue Hexagon, joint customers can use leading solutions to seamlessly share ransomware intelligence and automate response across cloud environments.” Nayeem Islam, CEO and Cofounder, Blue Hexagon Proactive Threat Simulation with Keysight SentinelOne’s integration with Keysight allows joint customers to safely simulate threats in order to validate threat detection and remediation. Keysight’s Threat Simulator attacks both network and endpoints from a ‘Dark Web’ environment. Attacks are validated against Singularity XDR’s protection and detection models using SentinelOne’s rich API functionality, identifying gaps in the cyber kill chain and suggesting updates to organizational security infrastructure. “The integration of Keysight Threat Simulator with SentinelOne is exciting because it allows our joint customers to automate validation of their security processes and defenses before actual threats occur,” said Greg Copeland, Director of Technical Alliances, Keysight. “Cyber defense groups can test and train their operations teams using realistic scenarios, to sharpen their skills and procedures proactively.” Automate Vulnerability Management with Automox SentinelOne and Automox’s joint solution delivers end-to-end vulnerability discovery and remediation. As corporate networks become more technically diverse, organizations often struggle to keep up with patch management and cyber hygiene, forcing security teams to adopt multiple tools that require heavy training, dedicated on-site resources, and multiple dashboards. SentinelOne and Automox provide the visibility and workflows needed to significantly reduce the time to remediation and the burden on in-house resources. “As corporate IT environments become more distributed and overwhelmed with multiple operating systems and a vast inventory of third-party software, organizations are left wide open to cyber attacks,” said Jay Prassl, founder and CEO at Automox. “SentinelOne mirrors our mission to proactively reduce security exposure. Through our partnership, enterprise and government organizations benefit from a powerful, cloud-enabled solution to detect and remediate vulnerabilities, seamlessly and at scale.” About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

DATA SECURITY

ITC Secure and Cassava Technologies Announce Joint Venture to Expand Industry Leading Security Operations and Microsoft Cloud Security Expertise

ITC Secure | December 16, 2021

ITC Secure (ITC), a leading advisory-led cyber security services company and a Microsoft Gold cyber security partner, and Cassava Technologies, the pan-African technology leader, announced today that they have entered into a Joint Venture (JV) to build and launch an extensive portfolio of cyber security services, powered by Microsoft Azure cloud technologies in Africa. Hardy Pemhiwa, the CEO of Cassava Technologies said: “Digital transformation in Africa is accelerating the adoption of cloud services which is creating an urgent need to better protect users and business-critical data. Cassava Technologies footprint covering more than 15 countries in Africa, we are well-positioned to meet the growing needs of businesses and individuals and expand access to cybersecurity and other digital services. We look forward to bringing ITC’s world-class cyber expertise, coupled with Microsoft’s industry-leading technology, to build Africa’s digital future.” “The strategic partnership between ITC Secure and Cassava Technologies, as a pan-African technology leader, will bring Microsoft’s cutting-edge cloud security solutions to the African market to drive the growth of the technology sector and innovation across Africa.” Andre Pienaar, the Chairman of ITC Secure Admiral Mike Mullen, the Chairman of ITC Secure USA said: “The combination of ITC Secure and Cassava Technologies will help guide us to the future while addressing the growing needs of individuals and organisations in the African market for a secure digital world, built on the best solutions and delivered by the best experts.” Replicating best practice of a leading UK SOC to build a cutting-edge SOC in Africa ITC’s 24/7 Operations Centre, based in London, is at the forefront of delivering managed security services. As part of the JV, ITC and Cassava Technologies will build a state-of-the-art SOC in Africa. The centre will leverage Cassava Technologies’ in-depth knowledge of the African continent and ITC’s extensive experience in cybersecurity, to enable the rapid delivery of cyber services and operations on the continent. Steering the future ITC’s mission to ‘make the digital world a safer place to do business’ echoes Cassava Technologies’ vision of a digitally connected future that leaves no African behind. This JV addresses the growing need to ensure that individuals and organisations are safe and secure online and will further demonstrate how cyber security can be a business enabler, helping to drive growth and create jobs across Africa. Facilitating knowledge transfer locally The skills gap in the cyber security industry continues, with recruitment and retention an ongoing challenge. The JV will facilitate access to experts globally and close collaboration and knowledge transfer locally. This will enable faster on the ground response, the sharing of cyber security best practice and streamlined sharing of internal resource. Extended portfolio of cyber security services ITC’s integrated delivery model provides access to the best cyber security skills, technology, and governance. Encompassing a unified suite of solutions that start with an advisory-led approach, including Identity and Access Management capabilities and managed security services like Managed Detection and Response. At the heart of ITC’s integrated delivery model is PULSE, an extended detection and response platform powered by Microsoft Sentinel, that integrates specialist knowledge and expertise. ITC is a Microsoft Gold partner in Security and Cloud and a member of the Microsoft Intelligent Security Association. Organisations will gain access to a level of expertise recognised by Microsoft as the “highest, most consistent capability” – underpinned by a cohesive set of services that scale. About ITC Secure ITC Secure is an advisory-led cyber security services company. We have a 25+ year track record of delivering business-critical services to over 300 blue-chip organisations - bringing together the best minds in security, a relentless focus on customer service and advanced technological expertise to help businesses succeed. With our integrated delivery model, proprietary platform and customer-first mindset, we work as an extension of your team throughout your cyber journey and always think not only about you, but also your customers and the reputation of your brand. ITC Secure a certified Great Place to Work® and is headquartered in London, UK. With a dynamic balance of the best in people, technology, and governance, we make cyber resilience your competitive advantage. About Cassava Technologies Cassava Technologies is a pan-African technology leader providing a vertically integrated ecosystem of digital solutions, designed to significantly accelerate connectivity and drive digital transformation across the African continent. Cassava Technologies creates the enabling digital infrastructure with cross-border fibre, renewable energy solutions, and a state-of-the-art network of data centres that provides access for millions to complementary digital services of Wi-Fi, Cloud, cybersecurity and fintech solutions. This ecosystem aims to transform the lives of individuals and businesses across the continent by enabling social mobility and economic prosperity.

Read More

Spotlight

Oracle Communications surveyed 277 IT and telecom decision makers at medium and large businesses worldwide in its recent report, “Enterprise Networks in Transition: Taming the Chaos” to see what their biggest challenges are, and what solutions they believe will help.

Resources