Thales Cyber Solutions CERT is uncovering threats before they strike

Effectively responding to a cyber incident is the key to recovering from it. Thales Cyber Solutions CERT (TCS-CERT) has a dedicated team on standby for our customers. Apart from responding to incidents, they also go above and beyond to identify threats before they occur.

If one of our clients experiences a security incident, they turn to the Thales Cyber Solutions Computer Emergency Response Team (TCS-CERT). Fabien Bernard, the division’s Team Leader, describes their role: “You could compare us to firefighters, but for IT. When faced with a security incident, we immediately step in to investigate and mitigate the cyber intrusion.” TCS-CERT is comprised of highly experienced security experts capable of handling sophisticated attacks and threats, ranging from ransomware to Advanced Persistent Threats (APT) exfiltrating corporate data.

However, it’s better to uncover a threat before it escalates into an incident. Therefore, TCS-CERT not only responds to security incidents, but also proactively invests in preventing them. A primary source of threat indicators is our Cyber Threat Intelligence feed. “This is a collaborative effort, consisting of a mixture of open-source and semi-private datasets of potential threats,” Fabien says. This up-to-date information assists the TCS-CERT team in uncovering the latest types of attacks.

Another method used by TCS-CERT to identify threats before they strike is digital surveillance. Fabien’s team continuously monitors the deep web and the dark web. He explains: “When we discover cyber criminals discussing one of our clients in such a place, we are immediately alerted. This could involve leaked credentials or an organization claiming to be executing a Distributed Denial-of-Service (DDoS) attack against our client. As soon as we learn about this information, Thales alerts the customer and provides guidance on how to protect our client’s systems.”

These proactive services are more critical than ever, Fabien explains, as threat actors are accelerating their operations. “In the past, it could take hundreds of days between the time attackers breached a network and when they exploited this access to steal data or disrupt services. Now we see this happening in just a few hours. It has become imperative to detect a potential breach as soon as possible, ideally even before it occurs.”

Thales has some unique selling points for its TCS-CERT service, Fabien emphasizes. As digital sovereignty becomes a priority for more organizations, it’s worth noting that Thales is one of the few European companies operating in a domain dominated by US-based companies.

Thales uses AI to automatically classify digital surveillance alerts, such as automatic identification of parking domain. In addition, although automated processing is key in integrating IoC into a threat feed, our analyst manually classifies and validates many IoCs daily. “Only 0.8% of the IoCs are incorporated into our Cyber Threat Intelligence feed, as we rigorously check for duplicates and relevancy. We have numerous guardrails in place to ensure a high-quality feed,” Fabien concludes.

You can learn more about our intelligence-driven security at our Cyber Meet-Up 2025 conference on September 18. We have a talk scheduled to discuss how the TCS-CERT team uncovers threats before they strike.

Register today for Cyber Meet-Up 2025