We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Thales has successfully standardised on the ThreatQ Platform to develop and scale its advanced, personalised, threat intelligence services. Thales now operates the largest Cyber Threat Intelligence (CTI) team in Europe and has elevated its CTI practice into a strategic advantage, with a team of 50 threat intelligence and geopolitical analysts now delivering highly personalised threat intelligence to clients worldwide. The team utilises the ThreatQ Platform to deliver integrated, tailored, and prioritised threat intelligence drawn from a rapidly expanding number of diverse threat data sources and cybersecurity tools.
Thales advanced cybersecurity products are used by critical infrastructure organisations to enable proactive cyber defence in 68 countries worldwide. In 2016, the company sought to develop a future-proofed solution to incorporate threat data more effectively into its detection and response portfolio.
The solution had to be capable of scaling to integrate the fast-growing volume of threat data sources, while also being able to curate and deliver timely intelligence based on each customer’s unique threat environment. Crucially, Thales wanted a solution that delivered actionable data for its internal security operations centres, and those of its clients.
ThreatQuotient, and its flexible ThreatQ Platform, were selected due to:
Comprehensive integration and customisation capabilities: ThreatQ’s comprehensive library of APIs and custom connectors can be written and deployed quickly to integrate with existing tools and threat intelligence sources, allowing the Thales team to aggregate, normalise, correlate and prioritise massive amounts of raw threat data into actionable intelligence.
Advanced collaboration and visualisation tools: Key to the successful creation of the Thales CTI team was the ability to work together across languages and geographies, pooling data and detection information through ThreatQ’s collaboration and visualisation tools to gain a full picture of the threat landscape.
Strong service and support ethos: ThreatQuotient and Thales formed a strong partnership allowing Thales to draw on ThreatQuotient’s CTI leadership and expertise to overcome any challenges fast.
Ivan Fontarensky, Technical Director, CyberDetect and Respond at Thales, underlines ThreatQ’s role in developing the company’s CTI practice: “Threat intelligence is mandatory and was essential to the ramp-up of our cybersecurity portfolio of solutions. We share a common vision with ThreatQuotient and, with the most mature and robust platform on the market, we knew they could help us industrialise our intelligence model to support our needs worldwide.”
The Thales CTI team now works with the SOC teams and the Incident Response (IR) teams on:
Alert triage: analysing intelligence and enriching it with additional threat data and context to reduce false positives, improve alert quality and prioritise actions.
Investigation and response: using ThreatQ Investigations to gain deeper insight into the activities and motivations of specific threat actors and sharing information on attack paths and impacts.
Research and reporting: Thales helps clients get ahead of attacks through its popular CyberThreat Hitmap, which offers strategic insight into top targeted regions, sectors, attack origins and malware, delivering around 300 reports a year.
Cyrille Badeau, Vice President, International Sales at ThreatQuotient, adds: “We are very proud of the part the ThreatQ Platform and the ThreatQuotient team have played in enabling Thales to establish and scale its pioneering cyber threat intelligence service. Our open platform allows Thales to adapt its intelligence model to each client, delivering timely, personalised CTI that puts them in a proactive position to deal with cyberthreats. Our relationship with Thales is a model partnership for sharing expertise that demonstrates how organisations can turn CTI into a strategic advantage for themselves and their customers.”
Ivan Fontarensky concludes: “Our partnership with ThreatQuotient has helped us grow from a team of one to 50 in a few years and become the largest CTI provider in Europe. Today threat intelligence is strategic to our cybersecurity products and research and to our continued market leadership.”