Thales builds 'Europe's largest' Cyber Threat Intelligence Service

ThreatQ Platform and ThreatQ Investigations allow Thales to pioneer market-leading personalised threat intelligence services.

  • 4 months ago Posted in

Thales has successfully standardised on the ThreatQ Platform to develop and scale its advanced, personalised, threat intelligence services. Thales now operates the largest Cyber Threat Intelligence (CTI) team in Europe and has elevated its CTI practice into a strategic advantage, with a team of 50 threat intelligence and geopolitical analysts now delivering highly personalised threat intelligence to clients worldwide. The team utilises the ThreatQ Platform to deliver integrated, tailored, and prioritised threat intelligence drawn from a rapidly expanding number of diverse threat data sources and cybersecurity tools.

Thales advanced cybersecurity products are used by critical infrastructure organisations to enable proactive cyber defence in 68 countries worldwide. In 2016, the company sought to develop a future-proofed solution to incorporate threat data more effectively into its detection and response portfolio.

The solution had to be capable of scaling to integrate the fast-growing volume of threat data sources, while also being able to curate and deliver timely intelligence based on each customer’s unique threat environment. Crucially, Thales wanted a solution that delivered actionable data for its internal security operations centres, and those of its clients.

ThreatQuotient, and its flexible ThreatQ Platform, were selected due to:

Comprehensive integration and customisation capabilities: ThreatQ’s comprehensive library of APIs and custom connectors can be written and deployed quickly to integrate with existing tools and threat intelligence sources, allowing the Thales team to aggregate, normalise, correlate and prioritise massive amounts of raw threat data into actionable intelligence.

Advanced collaboration and visualisation tools: Key to the successful creation of the Thales CTI team was the ability to work together across languages and geographies, pooling data and detection information through ThreatQ’s collaboration and visualisation tools to gain a full picture of the threat landscape.

Strong service and support ethos: ThreatQuotient and Thales formed a strong partnership allowing Thales to draw on ThreatQuotient’s CTI leadership and expertise to overcome any challenges fast.

Ivan Fontarensky, Technical Director, CyberDetect and Respond at Thales, underlines ThreatQ’s role in developing the company’s CTI practice: “Threat intelligence is mandatory and was essential to the ramp-up of our cybersecurity portfolio of solutions. We share a common vision with ThreatQuotient and, with the most mature and robust platform on the market, we knew they could help us industrialise our intelligence model to support our needs worldwide.”

The Thales CTI team now works with the SOC teams and the Incident Response (IR) teams on:

Alert triage: analysing intelligence and enriching it with additional threat data and context to reduce false positives, improve alert quality and prioritise actions.

Investigation and response: using ThreatQ Investigations to gain deeper insight into the activities and motivations of specific threat actors and sharing information on attack paths and impacts.

Research and reporting: Thales helps clients get ahead of attacks through its popular CyberThreat Hitmap, which offers strategic insight into top targeted regions, sectors, attack origins and malware, delivering around 300 reports a year.

Cyrille Badeau, Vice President, International Sales at ThreatQuotient, adds: “We are very proud of the part the ThreatQ Platform and the ThreatQuotient team have played in enabling Thales to establish and scale its pioneering cyber threat intelligence service. Our open platform allows Thales to adapt its intelligence model to each client, delivering timely, personalised CTI that puts them in a proactive position to deal with cyberthreats. Our relationship with Thales is a model partnership for sharing expertise that demonstrates how organisations can turn CTI into a strategic advantage for themselves and their customers.”

Ivan Fontarensky concludes: “Our partnership with ThreatQuotient has helped us grow from a team of one to 50 in a few years and become the largest CTI provider in Europe. Today threat intelligence is strategic to our cybersecurity products and research and to our continued market leadership.”

Once integrated into the WatchGuard Unified Security Platform architecture, the CyGlass technology will deliver AI- and ML-based detection of network anomalies and accelerate Open XDR capabilities.
Intel presents a software-defined, silicon-accelerated approach built on a foundation of openness, choice, trust and security.
BlueVoyant and Qualys join forces to offer an integrated managed service for Qualys VMDR and TotalCloud, delivering an enhanced vulnerability identification, cloud security, and compliance solution.
New cloud-centric platform, purpose-built for small and midsize MSPs, improves customer billing, reduces complexity, and maximizes revenues.
CloudBees has introduced a new cloud native DevSecOps platform that places platform engineers and developer experience front and center.
To mitigate ransomware attacks, IT professionals must consider both business-related and infrastructure data equally.
New solution combines forensics evidence with real-time telemetry to deliver unified insights into security incidents analysts need to perform investigation and response activities with efficiency and speed.
Orange Cyberdefense has launched a new security orchestration and automated response ‘as a service’ offering that provides cost-effective automation to streamline security, IT and business operations. By automating response-based actions through to the end user and driving a faster mean time to respond (MTTR) to security threats, AutoXR addresses the need for increased efficiencies and reduced costs, reducing the burden on staff who have limited time to execute tasks.