Autonomous SOC PlatformOrange Cyberdefense Automates Incident Response Process with Intezer
As a leading MSSP, Orange Cyberdefense uses Intezer to automate incident response processes to ensure they can protect their clients from cyber attacks.
Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing consulting, solutions and services to organizations around the globe.
Orange Cyberdefence’s Goals
- Automate investigation tasks that take hours of time to manually complete.
- Optimize time and resources of their security analysts and investigators.
- Provide deep analysis and clear identification of threats for faster mitigation.
The Challenge of Fast Incident Response
The Orange Cyberdefense Forensics and Incident Response team was hunting for new ways to accelerate their analysis processes. Faster investigations would further improve their Mean Time to Respond.
The 2,500 cybersecurity experts who work together at Orange Cyberdefense provide a wide array of cybersecurity services including targeted threat intelligence, auditing/penetration testing, red/purple teaming, managed threat detection and response, and incident response and cyber resilience digital forensics. With a success rate of identifying 90% of threats before they have any business impact, Orange Cyberdefense proudly serves and protects clients worldwide including high-tech startups, SMBs, financial institutions, and cosmetics giants.
The Forensics and Incident Response team are the first responders when a client is under attack. Serving clients from all sectors and of all sizes, from startups to enterprise giants, the team is called to contain, mitigate and document different types of threats, on a daily basis.
They wanted to automate more of their incident response process, so they could increase efficiency and cut down their mean time to respond even more.
The Solution for Cutting Tasks from Hours to Seconds
The team initially used the free version of Intezer to test it out.
Intezer provides analysis about threats within seconds, by automating the collection of files, URLs, memory forensics, and other artifacts through its API or integrations with other security tools. Intezer analyzes all the related evidence to detect threats, recognizing even the slightest amount of code reuse and enabling it to identify a threat’s functionalities, quickly contain the risk, and speed up remediation.
Intezer’s automated processes can replace the manual analysis and reverse engineering tasks that would otherwise take several hours.
After the Orange Cyberdefense team saw how much time Intezer could save their team, they upgraded to the full service.
Intezer contributes to our incident response and forensics investigations daily. Knowing what we are dealing with in the middle of an attack, in less than 30 seconds, directly impacts our clients’ risk mitigation and recovery time.
Robinson Delaugerre, Head of Forensics and Incident Response at Orange Cyberdefence
Success Story: Automation Leads to Faster Mitigation
The Orange team was responding to an attack that was classified as Trojan.Generic by other solutions. Intezer provided a binary analysis within seconds, with real evidence and input about the malware, classifying the threat as IcedID. From Intezer’s deep analysis the team knew they were dealing with a remote access tool that can dump passwords, and use C&C over https, and were able to prepare for mitigation accurately and at speed. This has also happened with Qakbot, another banking Trojan.
Instead of giving the malware to a reverse engineer, which would have taken 1-2 hours and delayed the investigation and response, Orange Cyberdefense got the answers they needed in seconds from Intezer.
Success Story: Threat Intelligence Collaboration
Responding to a client’s incident, the investigators submitted a malware sample analyzed by Intezer to their Orange Cyberdefense threat intelligence repository. This allowed them to spot a similar sample submitted two days earlier from a different incident with another client. Collaboration between the investigators enabled them to combine what they knew about IoCs and IP addresses, revealing links between the incidents. Intezer was able identify it as two variants of the same malware, deployed by the same threat actor on two different victims. This threat intelligence-based collaboration resulted in faster threat hunting, containment, and mitigation of both incidents.
Intezer gives Orange Cyberdefense the tools to automate and accelerate their processes, enabling them to ensure 24/7 incident response and forensics investigation services to their clients globally.