Incident Response and Forensics

Currently experiencing an incident?

Call +33 9 72 30 13 99 if you’re in the UK or France, or request a call back
from our German team.

Do you know the best way to respond to a security incident?

When attackers strike, your organisation needs a reliable and experienced partner to help you respond quickly and effectively. Maintaining business continuity while identifying an attacker’s entry point and ensuring the integrity of data and systems is vital. However, the volume and sophistication of attacks is making this increasingly difficult.

This is where we come in. Airbus CyberSecurity’s Computer Security Incident Response Team (CSIRT) is specially trained to react to threats and minimise their impact on your organisation.

We support you through each step of an incident response: detection, containment, reconstruction and crisis management.

As well as protecting Airbus’ complex systems and networks, we have experience working with clients in media, financial services, industrial manufacturing, government and more. Crucially, our CSIRT will customise its response based on your organisation’s operational constraints to:

  • Quickly restore affected systems
  • Reduce data loss
  • Reestablish systems to your compliance level
  • Minimise monetary losses
  • Deliver first class protection of your assets

Step-by-step response

(According to ISO-27035):

  • Prepare
  • Identify
  • Assess
  • Respond
  • Learn

Tackling the growing threat of malware

Malware is insidious, and can be difficult to locate. When an incident is suspected, or during the recovery process, our experts are here to help.

Our teams conduct malware analysis, circumstance monitoring, code audits and APT host checks to identify:

  • Whether your system contains malware
  • If any files flagged pose a genuine risk and form part of a systematic APT attack
  • Which hosts in your organisation have been compromised, and the level of compromise
  • What the lifecycle of the malware looks like – without notifying the attacker – through offline analysis of data and log files

Following their investigations, our teams will provide:

  • A list of infected hosts
  • A list of detected malware samples
  • Information on the attack timeline
  • An indicator of compromise for malicious files
  • A series of recommendations

Complementary services

Account exposure analysis

Account takeover via phishing or spear phishing is cyber attackers’ most common entry point. Once they breach your system, it’s crucial to understand what account data – usernames, passwords, emails – has been exposed. With account exposure analysis, we deliver breach data to customers, as well as risk assessments of the breach and continuous reporting and history analysis.

Telemetry analysis

Telemetry – the remote collection of data by operating systems and applications – is essential for various OS and application features. However, the challenge facing many organisations is that some telemetry data has no utility, but presents a significant risk to their systems.

In accordance with BSI and ANSSI requirements, we conduct telemetry analysis, enabling customers to decide which telemetry to block and which to allow.


We have a longstanding working relationship with ANSSI, France’s national cyber security agency, and are proud to have achieved PDIS certification. This demonstrates that we deliver the most secure incident detection services, and enables Airbus CyberSecurity to work with critical national infrastructure organisations in France. We are now in the process of qualifying for an ANSSI PRIS certification for incident response.

Currently experiencing an incident?

Call +33 9 72 30 13 99 if you’re in the UK or France, or request a call back from our German team.

Back to top