Cyberthreat detection: the experience of a major retailer
A major retailer group initially reached out to Thales for help in specific aspects of cybersecurity. But that first project ended up as the basis for a broader partnership that is now helping the retail giant to develop its whole approach to IT security. As well as strengthening its threat detection and response capabilities, the retailer group has embarked on a far-reaching transformation of its IT system and adopted a company-wide policy aimed at empowering its IT security teams.
Initial involvement
Like all companies, the major retailer faces threats that could compromise the integrity of its information system. In 2014, the retail giant contacted Thales. A Rapid Reaction Team of cybersecurity experts and consultants was dispatched to work on-site with the group teams, using sovereign probes and other dedicated tools to gain a clear picture of the threat environment and perform a dual set of checks to confirm or rule out vulnerabilities and assess which security measures needed to be reinforced.
After the success of this first experience, the major retailer group wanted to pursue the collaboration with the objective of scaling up to more robust, industrial-grade detection procedures and related processing. The Thales teams used the intervening time to gain a thorough understanding of the group’s IT organisation.
Transition phase
The ad-hoc supervision solution implemented over the next few months was directly informed by this analysis. Based on standard tools that form the bedrock of Thales’s value proposition, it is perfectly tailored to retailer’s specific operating environment and provides a context-sensitive view of incidents and events. It also identifies non-conformities and ‘corrects’ the retailer’s IT system accordingly. Using the information gathered, the major retailer group’s Chief Information Security Officer is better able to brief and empower the IT teams and the users of the system as well as ensure the necessary security fixes are rapidly implemented across the company. This transitional phase has helped raise awareness of the cyber risks that the group organisation faces and the importance of effective IT security.
Having rigorously tested its IT organisation and threat detection and prevention processes, mass retail actor issued an RFP for a full-scale security supervision solution. In 2015, Thales was selected to implement a Cyber Security Operations Centre (CSOC) that is tailored and non-generic but shared, so that the retail group benefits from best practices and the experience and feedback of other customers. It is based on the proven tools used at Thales CSOCs (correlation tools, log management, incident management, the CERT-IST service[1], etc.) and adapted to the major retail group’s specific context.
A tailored solution
In less than three months, the Thales teams had rolled out the solution. The Thales CSOC was connected to the group’s information system and decisions had been made about the equipment to be supervised and the incidents or events to be escalated. In addition, clear processes had been established to manage customer communications and define the rules to be implemented — a key part of the tailoring process — based on priority threat scenarios as well as best practices specified by ANSSI, France’s national agency for information system security.
Eric Banzet, Sales Director for Thales’s Critical Information Systems & Cybersecurity business: “Our gradual and modular approach to services and solutions has allowed us to build a genuine partnership with the major retailer group. The success of the ongoing support we’re providing — from consultancy to supervision — lies in our unique combination of methodology and technical expertise applied to the customer’s business operations.”
Further reading:
Thales security supervision solutions: a comprehensive and scalable response to cybersecurity requirements