Cyberthreat detection: the experience of a major retailer
A major retailer group initially reached out to Thales for help in specific aspects of cybersecurity. But that first project ended up as the basis for a broader partnership that is now helping the retail giant to develop its whole approach to IT security. As well as strengthening its threat detection and response capabilities, the retailer group has embarked on a far-reaching transformation of its IT system and adopted a company-wide policy aimed at empowering its IT security teams.
Initial involvement
Like all companies, the major retailer faces threats that could compromise the integrity of its information system. In 2014, the retail giant contacted Thales. A Rapid Reaction Team of cybersecurity experts and consultants was dispatched to work on-site with the group teams, using sovereign probes and other dedicated tools to gain a clear picture of the threat environment and perform a dual set of checks to confirm or rule out vulnerabilities and assess which security measures needed to be reinforced.
After the success of this first experience, the major retailer group wanted to pursue the collaboration with the objective of scaling up to more robust, industrial-grade detection procedures and related processing. The Thales teams used the intervening time to gain a thorough understanding of the group鈥檚 IT organisation.
Transition phase
The ad-hoc supervision solution implemented over the next few months was directly informed by this analysis. Based on standard tools that form the bedrock of Thales鈥檚 value proposition, it is perfectly tailored to retailer鈥檚 specific operating environment and provides a context-sensitive view of incidents and events. It also identifies non-conformities and 鈥榗orrects鈥 the retailer鈥檚 IT system accordingly. Using the information gathered, the major retailer group鈥檚 Chief Information Security Officer is better able to brief and empower the IT teams and the users of the system as well as ensure the necessary security fixes are rapidly implemented across the company. This transitional phase has helped raise awareness of the cyber risks that the group organisation faces and the importance of effective IT security.
Having rigorously tested its IT organisation and threat detection and prevention processes, mass retail actor issued an RFP for a full-scale security supervision solution. In 2015, Thales was selected to implement a Cyber Security Operations Centre (CSOC) that is tailored and non-generic but shared, so that the retail group benefits from best practices and the experience and feedback of other customers. It is based on the proven tools used at Thales CSOCs (correlation tools, log management, incident management, the CERT-IST service[1], etc.) and adapted to the major retail group鈥檚 specific context.
A tailored solution
In less than three months, the Thales teams had rolled out the solution. The Thales CSOC was connected to the group鈥檚 information system and decisions had been made about the equipment to be supervised and the incidents or events to be escalated. In addition, clear processes had been established to manage customer communications and define the rules to be implemented 鈥 a key part of the tailoring process 鈥 based on priority threat scenarios as well as best practices specified by ANSSI, France鈥檚 national agency for information system security.
Eric Banzet, Sales Director for Thales鈥檚 Critical Information Systems & Cybersecurity business: 鈥Our gradual and modular approach to services and solutions has allowed us to build a genuine partnership with the major retailer group. The success of the ongoing support we鈥檙e providing 鈥 from consultancy to supervision 鈥 lies in our unique combination of methodology and technical expertise applied to the customer鈥檚 business operations.鈥&苍产蝉辫;
Further reading:
Thales security supervision solutions: a comprehensive and scalable response to cybersecurity requirements