Using the latest Big data and Big analytics technologies, Thales consolidates internal and external data logs to detect and understand cyberthreats and develop appropriate responses.



Thales’s Cyber Security Operation Centres (SOC) keep watch over customers’ critical information systems around the clock, detecting abnormal patterns in the hundreds of millions of events recorded every day on their servers and networks to guard against security breaches. This calls for an intimate knowledge of how each organisation works and interacts with its partners and customers. And it requires us to understand how cyberattackers behave so we can protect our customers' systems and act accordingly if an attack occurs. The Big data and Big analytics technologies implemented by Thales make it possible to consolidate internal and external data logs to detect, understand and respond to cyberthreats of all types.

Thales has also developed an application to analyse information from the social web — blogs, forums and social media — by dynamically combining content analysis of online conversations with detection and analysis of social communities. CYBELS Sensor provides an effective threat surveillance and prevention capability by detecting ‘weak signals’ and anticipating attacks before they occur. Unlike generic search engines or even specialised search applications, CYBELS Sensor pulls together different threads and monitors discussions about threats and attacks in detail, gleaning invaluable knowledge about hacker communities and gaining a better understanding of how they behave, how they are structured and their favoured methods of attack at any given moment.


Securing big data


How can organisations manage the risks associated with big data? Thales has the answer.


Big data and the analytics-driven insights that flow from it provide organisations with huge commercial and operational benefits. But there are new dangers as well.

First, data streaming across fixed and mobile networks is vulnerable to interception. From banking to healthcare and from transportation to defence, the volume of data in motion is increasing all the time.

Second, Big data and Big Analytics systems are an increasingly attractive target for data thieves and malicious insiders. “Big Analytics is frequently about extracting value from massive amounts of seemingly innocuous data – and when you do that, you render that data more valuable to an attacker,” says Richard Moulds, VP Strategy with Thales e-Security.

Techniques such as triangulation – connecting isolated points of data to identify an individual – are a powerful commercial tool. But they can be disastrous in the wrong hands. “Big data as a tech weapon for identity theft becomes very scary,” stresses Moulds.

To get the most out of big data, organisations need tools to secure sensitive information, whether it’s on the move or ‘at rest’ in analytics and storage systems. And it’s important that these tools do not restrict the freedom of businesses to analyse the data they hold.

Thales e-Security is a global leader in data protection with customers that include governments, businesses and technology vendors. Around 70% of global debit transactions are handled by Thales’ products.

To assure protection in a Big data environment, specialised technologies have to be applied: “To protect data, you can encrypt it entirely, you can encrypt while preserving some of its format – format preserving encryption – or you can tokenise it or simply mask it,” explains Moulds. “Masking is a one-way process, whereas tokenisation is reversible and essentially takes sensitive data and replaces it with surrogate information that is useless to an attacker.”

Approaches like these not only protect and sensitive data anonymisation, they also allow businesses to carry out Big analytics while data is still protected, so risk is minimised. Growing demand for data scrambling technologies underlines the trend away from traditional perimeter-oriented security to more data-centric approaches that directly relate to privacy legislation.

“Virtualisation and cloud computing means companies have less and less direct control over technology,” says Moulds. “We’re rapidly moving into an era where sensitive data will need to be encrypted or tokenised by default.”

More information:


“We’re rapidly moving into an era where sensitive data will need to be encrypted or tokenised by default”



Cybels Maps for a dynamic appraisal of information system risks

Thanks to Big data technologies, administrators can now consult a complete, constantly updated map of their information systems, significantly improving their ability to track, analyse and respond to cyberattacks.

Unusual data flows, unexpected situations or disruptions to an information system — how should companies respond to a suspected or actual cyberattack? When this occurs, it is essential that the right steps are taken to regain control without creating any additional risks. It is equally important to determine exactly how and when the attack was carried out.

Thales’s dedicated Rapid Response Team has successfully intervened for large numbers of private companies and public-sector organisations, offering a complete range of cybersecurity solutions and helping them take appropriate action straight away and subsequently rebuild their systems that come under attack.

An innovative approach

Known as Cybels, the solution leverages the benefits of Thales’s proprietary Big data technologies and includes a powerful tool called Cybels Maps, which uses sophisticated algorithms to analyse tens of millions of log entries to automatically reconstruct all data flows within the network. To perform such an operation manually would be impossibly time-consuming and fraught, especially in the event of a cyberattack, given the complexity and constantly evolving nature of information systems today.

Using advanced visual analytics techniques, Cybels Maps is a highly effective decision-support tool for security operators. Via a simple graphic representation of all components of the information system, any unusual data flows — such as internet communications outside the normal access gateways, for example – are quickly and easily detected. It is also possible to view a graphic representation of data flows for a specified time period, such as weekends, when certain types of exchanges are not expected to occur. Cybels Maps identifies anything unusual on the network, whether in terms of the type of activity or the number of times it occurs, and alerts operators, enabling them to respond quickly, as soon as anomalies are detected.

A complete toolkit

Derived from R&D work by the CeNTAI research unit (Centre de Traitement et d’Analyse de l’Information), Cybels Maps is just one of the tools in the Rapid Response Team’s toolkit. Subscribers have the assurance that the team are on hand to intervene within the shortest possible timeframe. Cybels Maps is available as a service to rapidly diagnose problems and alert operators to unexpected situations.

In today’s environment of all-pervasive cyberthreats, companies have a whole armoury of tools at their disposal to minimise the impact of an attack — which will inevitably happen, sooner or later, given the intrinsic vulnerabilities of all information systems and related equipment, applications, etc. A highly effective addition to the Cybels range, Cybels Maps further consolidates Thales’s leadership in the search for comprehensive solutions to protect and secure its customers’ information systems.