COVER STORY
The cyber business
is evolving fast
and we wanted to
improve the quality
of deliverables
as well as our
productivity.
Better responsiveness in times
of crisis
The ThreatQuotient solution allows
Airbus Cybersecurity analysts to
respond better and faster to
customer requests.
“Most SOCs work with a workflow
system to investigate IoCs collected
during an incident. It is often a manual
process but since the ThreatQ platform
can be integrated with a SIEM to do
the research and automatically identify
patterns and linkages and how to pivot
from a given IoC, we have even been
able to reduce our response time to
our customers,” said Menissez. “And
obviously, in an incident, quickly
identifying the pivots and monitoring
malicious activities as closely as
possible is a major advantage.”
Personalised information
Finally, the ThreatQuotient solution
allowed Airbus Cybersecurity to refine
the information delivered to customers
in order to better manage its security
posture. The ThreatQ platform makes it
possible to automatically ‘package’ the
most relevant flows according to the
exposure of the client to specific risks
and thus take a strategic approach to
mitigate risk.
Menissez said: “ThreatQ allows us to
offer a richer threat intelligence service,
with more context, but also faster. We
are now able to continuously deliver
cyberintelligence flows tailored to the
needs of our customers.”
We spoke to Frédéric Julhes, Director
of Airbus Cybersecurity France, who
discusses the company’s threat
intelligence posture and the driving
factors behind the implementation, in
more detail.
Can you describe your role at the
company and what this looks like
day to day?
In addition to being responsible for
our presence in France, I am leading
what we call the Programmes
business operations. This means
that I am managing tailored
design and integration projects
which are a very large part of
our business in France, the UK
and Germany. Day to day this
involves a lot of coordination
between departments and sites,
reviewing the status of the
different programmes, including
some very advanced defence
projects, making efficiencies
and improving service levels.
What was the driver
behind wanting to improve
an already mature and
reliable offering?
The cyber business is evolving
fast and we wanted to improve
the quality of deliverables as well
as our productivity. Concretely, this
means delivering well rated Cyber
Threat Intelligence (CTI) information
to customer analysts. On our side, we
were looking for more efficient ways to
set up CTI tools.
What technical manipulations
were you experiencing
before implementing the
solution and how did these
impact productivity?
As we originally worked with open
source tools and flat files, a lot of time
was spent on the set up and scripting.
When a customer asked for a ramp up of
our capability, the workload for the CTI
team increased dramatically.
How have customers benefitted
from the deployment of ThreatQ?
As we deployed ThreatQ, our
customers benefitted from a better
technical feed because the CTI
team could focus more on qualifying
and ranking information rather than
spending time on less value-added
tasks such as Linux administration.
There was a jump in productivity and
customers received more CTI reports
and information than before.
How would you now describe
your threat intelligence posture?
Historically in Airbus Cybersecurity,
the CTI activity was oriented only
on the investigation side, delivering
model analyses of cyberattackers and
interacting with CSIRTs (the Computer
Security Incident Response Teams) in
various organisations.
Later, in 2015, we developed a
dissemination offering that would allow
customers operating their own Security
Operations Centre to also benefit from
this highly specialised information.
Now with ThreatQ, we provide full
cyberdetection that supports good
incident management and we have
maintained our ability to tailor our
solutions for more complex customers,
notably critical national infrastructure. u
www.intelligentciso.com | Issue 26
53