In order to give you a better service Airbus uses cookies. By continuing to browse the site you are agreeing to our use of cookies. I agree

To opt out of Google Analytics data collection, click here

Thanks. We have set a cookie so that Google Analytics data collections will be disabled on your next visit.

Incident Response and Forensics 

Do you know the best way to respond to a security event?

When attackers strike, it’s crucial to react quickly and effectively. Maintaining business continuity while identifying the attacker’s entry point and ensuring the integrity of data and systems is vital. However, the volume and sophistication of attacks is making this increasingly difficult.

This is where we come in. With experience in banking, government, media and more, Airbus CyberSecurity’s Computer Security Incident Response Team (CSIRT) is specially trained to react to threats and minimise their impact on your organisation.

In the event of an incident, the team will:

  • Diagnose the incident, establishing the root cause using advanced investigation techniques
  • Eradicate the problem while maintaining the digital chain of evidence
  • Reconstruct the system and deliver it in working order
  • Investigate further, providing a detailed report and recommendations for securing your systems and supporting data recover

Step-by-step response


PREPARE – take your time to devise a plan


IDENTIFY – establish the root cause


ASSESS – analyse the incident


RESPOND – kick-start your response


LEARN – reconstruct the attack to identify security gaps

Why Airbus CyberSecurity?

  • Robust and fast restoration of your affected systems
  • Reduced data loss through quick reaction
  • Systems reestablished to your compliance level
  • Minimised monetary asset loss
  • Work closely with European regulatory bodies, including ANSSI
    (PDIS qualified, PRIS qualification ongoing)


Tackling the growing threat of malware

Malware is insidious, and can be difficult to locate. When an incident is suspected, or during the recovery process, our experts are here to help.

Our teams conduct malware analysis, circumstance monitoring, code audits and APT host checks to identify:

  • Whether your system contains malware
  • If any files flagged pose a genuine risk and form part of a systematic APT attack
  • Which hosts in your organisation have been compromised, and the level of compromise
  • What the lifecycle of the malware looks like – without notifying the attacker – through offline analysis of data and log files

Following their investigations, our teams will provide:

  • A list of infected hosts
  • A list of detected malware samples
  • Information regarding the attack timeline
  • An indicator of compromise for malicious files
  • A series of recommended actions

When responding to a security event, time is of the essence. You need a partner you can rely on to help you respond to an attack quickly and effectively. Our years of experience make us ideally placed to transform your incident response strategy.



Complementary services

Account takeover analysis

Account takeover via phishing or spear phishing is cyber attackers’ most common entry point. Once they breach your system, it’s crucial to understand what account data – usernames, passwords, emails – has been exposed. With account exposure analysis, we deliver breach data to customers, as well as risk assessments of the breach and continuous reporting and history analysis

Telemetry analysis

Telemetry – the remote collection of data by operating systems and applications – is essential for various OS and application features. However, the challenge facing many organisations is that some telemetry data has no utility, but represents a significant risk to their systems. In accordance with BSI and ANSSI requirements, we conduct telemetry analysis, enabling customers to decide which telemetry to block and which to allow. Learn more.

MSSP SOC service

Given the increasingly complex cyber threat landscape, more organisations are implementing a comprehensive Security Operations Centre (SOC) solution, either outsourced or built in-house. Learn more.



Download the incident response fact sheet