Providing Cyber Detection and Response Services to critical infrastructures worldwide

For decades, cyber threats have increased their pressure on IT/OT infrastructures. At the same time, these infrastructures have been evolving fast as with the move to cloud, to become critical to our daily lives. Thales’ extensive expertise in the area of cybersecurity addresses the market’s need for detection and response to any threat all over the world.

Encompassing Threat Defense Assessment, Cyber Threat Intelligence, Cyber Detection, Deception, Threat Hunting, and 24/7 supervision with incident response, it ensures a robust defense against evolving threats.

With a commitment to innovation, Thales brings added value to key areas such as Artificial Intelligence (AI), Automation, Cloud, and OT, enhancing the effectiveness of the security services. Capitalising on the most advanced third party suppliers as well, the offering delivers a high level of cyber detection and response.

security-detect 11
11 SOCs (Security Operations Centres) Worldwide

France, Morocco, Netherlands, North America/Canada, Hong Kong/Singapore, Belgium/Luxembourg, Portugal, Spain, United Kingdom, New Zealand, and Australia

worldwide-detect 19
19 Consulting Teams Worldwide

Belgium, France, Germany, Hong Kong/Singapore, India, Luxembourg, Morocco, Netherlands, New Zealand, and Australia, North America/Canada, Portugal, Spain, United Arab Emirates Qatar, Saudi Arabia (KSA), United Kingdom.

sectors-detect 8
8 Main Sectors covered

Industry & Energy, Aeronautics, Finance & Insurance, Space, Ground Transportation, Defence & Governements, Telecommunications, Healthcare.


Cyber Threat Intelligence

Accelerating detection capabilities through the use of threat intelligence generated by our teams.

Capitalising on expert analysts who oversee the entire threat intelligence offering with expertise in sharing intelligence, indicators and operating reports that lead to proactive cybersecurity.

From Critical National Infrastructure, to Government, or companies from several critical domains worldwide, our threat Intelligence teams are sharing the latest threats, indicators and sources to customers thus enriching the Thales SOC, Security Operation


Capitalising on Threat Intelligence to enhance the daily supervision time

  • Are you well aware of the attackers’ mode of operations, objectives and overall threat landscape to assess your risks and build prioritized cyber plans?
  • Are you able to get the actionable information when major cyber issues arise in the world and to prioritize patch management correctly?
  • Do you have enough threat information to feed your cyber operations?
    As for example
    • Threat Intelligence information to improve mitigation and remediation
    • Retro-hunt of new indicators for detection in the past
    • Real time detection improvement through indicators in SIEM, NDR, EDR, etc.

Thales Cyber Threat Intelligence services

Capitalising on customized and specifically developped Thales feeds, as well as third party feeds as Mandiant, OSINT, CERT-IST, CERT-XLM, ESET, Filigran, ThreatQuotient, our CTI expert team worldwide is able to provide inputs, feeds and reports on the most valuable intelligence. Covering the wide range of cyber insights from Dark Web, Deep Web, blogs, social networks, Telegram, vulnerability feeds, SOCs, public sandbox, botnet, Customers, sensors, we can help you enhance your cyber strategy.

Our approach emphasizes cross-team collaboration, fostering the sharing of expertise among specialists.


Our 3 levels of Threat Intelligence insights



Threat Landscape



Attackers tactics,
Technics and



Indicators of


In 45% of cases, our team identifies indicators before a campaign impacts a customer.


Indicators provided 25 days before customers are affected, bolstering detection capabilities in advance for the customer.


100% detection rate when our cyber threat intelligence team engages in incident response.


Leverage operationally your understanding of the threats landscape.

Whatever the level of information needed, we can customise :

 The frequency of the feed chosen: regular or specific

 The nature of the report: pure IT or verticalised to main activity domains

 The deployment model: on SaaS or on-premise

The deliverables we propose are not only technically sound but also operationally effective. Whether it’s a technical report, an operable solution, or a marker-specific analysis, our CTI services are tailored to meet your specific needs.

To further enhance your understanding of the threat landscape, you can visit our dedicated cyber insights dedicated to cyber threat intelligence news, providing additional resources to stay informed and proactive:


Digital Risk Protection Services (DRPS)


Have a 360° view of one’s exposure and the current exploitable breaches

In today’s world, organizations have lots of possibilities and manners to control one’s cyber exposure on specific parts but it could happen to be more tricky when searching for an integrated approach in order to generate a cyber virtuous loop and continuous improvement.

By looking alternately outside and inside one’s infrastructure, we adjust the customer’s view on an attacker possible one, showing him the doors left open to cyber intrusions and data theft attempts.

The specific positioning of DRPS is to provide visibility into the open (surface) web, social media, dark web and deep sources to identify potential threats to critical assets.

The DRPS service

The DRPS service proposes brand protection through surveillance of misinformation on social networks, open, deep and dark web, illegal use of brands, and intellectual property violations. It also includes VIP and executive surveillance. Additionally, the service offers fraud prevention by monitoring cybersquatting, phishing, and malicious mobile apps, with responsive « takedown » services. Data leak monitoring involves surveillance of intellectual property leaks, information leaks, identification leaks, confidential information, etc.


Reduce the Cost of Cyber Attacks

by implementing the right mitigation action before the threats cause significant damages


Improve your Compliance to Regulation

monitoring and reporting on data breaches and other security incidents


Enhance your own Brand and Customers Trust

by ensuring that brand impersonation and customer personal information leakage is under control


Reduce Cost of Detecting issues on the internet

by leveraging the Thales platform and set of experts, specialized in DRPS services


Managed Security Services (MSS) and Managed Detection & Response (MDR)

With our Managed Security services, gain time and maturity by getting real time detection for compliance and threats detection and response:

You will benefit from services provided by top-level experts, trained and up-to-date with a lot of experience gained through a global pool of customers.

  • Expertise through dedicated operators and analysts
  • Monitoring and management tasks to provide you with specialized support.
  • Customer relationship: continuous improvement and tuning, crisis and governance from weekly operational reviews to strategic committees
  • Customization of services
  • Core engine work: data collection, log management, correlation and detection
  • Incident processing: ticket enrichment, analysis and management, semi-automatic response)

We use 3rd party technologies (QRadar SIEM, Microsoft Azure Sentinel, Palo Alto XSOAR etc.) as well as organic technologies (Thales Cybels Threat Intelligence, Big Data Platform, CSPM (Cloud Security Posture Management), etc.).


Deployment models based on your specificities

Our experts are spread on all the continents and able to coordinate in order to deliver:

  • 24/7 follow the sun supervision
  • 24/7 local service
  • Build and transfer
  • Build and operate
  • Fully managed services

Listening to your needs

  • Risks based detection
  • Security Policies & Procedures,
  • Agile from the building to follow-up processes
  • Per vertical adapted Threat Intelligence and services
  • Providing use cases based on your assets


  • From strategy to operations
  • Leveraging Multi-clients detection & response
  • Incidents handling, Getting Indicators of Compromise (IoC) pushed onto your SIEM, in near real-time
  • Leveraging threat intelligence from past incidents and information-sharing sources


  • Integration of innovations as automation, enhancing the detection and response,
  • Artificial Intelligence to support the answering to some first level cases
  • Including continuous improvement built in co-construction

Multiple environments

Thales is specialized in detection and response in every type of environment that enables our SOC to correlate all the information coming from your ecosystem, including:

IT Monitoring and Response

We are dedicated to educating experts capable of preventing and countering cyber threats. Our programs include tailored training to address specific needs.

OT Monitoring & Visibility

The specialised Thales Industrial and Automation Control Systems Security team cooperates with Thales SOC to provide detection capabilities over that specific environments, leveraged in MITRE Att&ck for Industrial Control Systems (ICS) Tactics, Techniques and Procedures (TTPs)

Hybrid-Cloud Monitoring And Response

Thales SOC has proven track record and is certified in different public cloud providers


Optimise your detection capabilities

Monitoring and response services combine the infrastructure visibility provided by a security information and event management platform with the detection and response capabilities of an endpoint detection and response platform. It is made to work for you, adjusting detection capabilities based on customer business risks, analyzing infrastructure and endpoint events, and responding to issues instantly.

The benefits of such approach is to enhance:

 Detection rate

 Time to detect

 The deployment model: on SaaS or on-premise

By leveraging detection mechanisms embedded in the infrastructure, you can enhance cybersecurity surveillance for specific perimeters:

  • Endpoint Detection and Response (EDR)
  • Probes (IDS) including certified or country eyes only probes
  • Compliance Detection mechanisms from public cloud providers such as AWS, Microsoft Azure and Google
  • Application level detection
  • Active Directories supervision

EDR (Endpoint Detection and Response) as a Service

These solutions provide very powerful methods for detection of known and unknown threats, but there is a lot of side tasks that your security team must afford to secure a high level of security. Our experts manage the EDR solution on your endpoints from a centralized point, providing:


enabling the detection of unknown threats based on behavior


with intelligence indicators coming from the investigations performed for our customers (APTs, threat campaigns, Threat actors, etc).


with our very specialized team

24 x 7 x 365 OPERATION

supported by our global multi-SOCs which continuously monitors the endpoints providing intelligence, best practices and expert analysts 


providing the mechanisms to isolate the devices independently of the host and the network where they are connected intelligence, best practices and expert analysts


Threat Hunting

A proactive and iterative investigation process within networks aimed at detecting and isolating advanced threats that can bypass existing security solutions.

Our dedicated threat hunters team conduct proactive searches within organizations, distinguishing Threat Hunting from traditional threat management measures such as firewalls, Intrusion Detection Systems (IDS), sandboxing, and SIEM (security Information Event Management) systems.

We focus on several key objectives:

Malicious Activity Detection

Identifying threats that evade traditional controls

Detection Of Improvements

Enhancing Detection and Response capabilities

Creation Of New Use Cases

Developing new methods for detecting incidents

Response Time Reduction

Promptly responding to incidents as they occur

Evaluation Of Security Measures

Assessing the effectiveness of existing security measures in place

We provide:

  • Our services combine tools and human expertise, and include a yearly run phase in the deployment model.
  • We evaluate the importance and priority of the client’s offerings to develop a surveillance plan that is in synchronisation with their business.
  • We employ systems that incorporate numerous technologies to offer the customer with tools for detecting incidents and resolving them.
  • We keep an eye on the way things work for infrastructures, services, cloud components and many more.
  • We spot threats and potential security occurrences, respond to them according to playbooks tailored to the client’s organization, and automate the process when necessary to minimise response times and the performance of repetitive tasks, thereby enhancing their quality.
  • We’re with the customer all through the incident, providing context-specific info, individualized resolution suggestions, and expert teams in critical incident management.
  • A work in agile mode with a continuous improvement model based on the agreement, scope, and customer requirements.
  • Transparency and real-time insight into the state of all elements, technical, contractual, and compliance levels at any given time.

Digital Forensics and Incident Response (DFIR)

Digital Forensics and Incident Response (DFIR)

Because not every incident looks alike, we believe that different levels of response are necessary, evaluating each time the severity and the potential impact associated for critical infrastructures.

Responding to incidents requires a team that knows how to solve the problem and has solved many incidents for clients of different sizes or industries.

At Thales, we bring unparalleled value to Cyber Incident Response support, recognizing the critical need for swift and effective resolution in the face of evolving cyber threats. Our dedicated teams, strategically positioned worldwide, provide close support for security managers, ensuring a comprehensive response to incidents.


Zoom on operational incident response

Several levels of operational incident response in order to help you treat proportionally each alert or threat

Daily Alerts

it could be the beginning of something, but it is first handled by usual teams, who are in charge of defining if it’s a false positive or not

Need To Go Further

if the first step concludes to something infrequent or reminding of an attack kill chain phase, we’ll go to round 2, which consists in Forensics and Malware Analysis

Last But Not Least

if the in depth analysis shows that an attacker is doing lateral movements in the customer infrastructure, and that sensitive data or financial loss are at stake, then our Rapid Response Team will be requested


24x7 Activation

This service can be activated at any time, with a global coordination from our SOC, from where we can deploy specific tools and activate the required skills to analize, contain and eradicate the threat as rapidly as possible.

In case of urgency:


Attack Surface Management


Vulnerability Management as a service

By assessing the entire infrastructure, these services help identify and understand vulnerabilities, providing information for practical remediation.

  • A tailor-made approach, taking into account the unique needs and characteristics of each customer
  • State-of-the-art tools with constantly updated intelligence feeds to include newly discovered vulnerabilities
  • Experienced operators carrying out assessments and managing the complete vulnerability cycle, ensuring accurate identification and effective remediation.
  • Vulnerability assessment available 24/7 through our Security Operations Centers or Incident Response Teams, ensuring continuous monitoring and protection.


  • Coverage is comprehensive, including a wide range of assets such as IT systems, operational systems, cloud and regulated assets.
  • A contextualized view of vulnerabilities, associated with business risks and prioritised remediation efforts.
  • An improve resolution process, to become actively involved in securing digital assets.
  • Validation of vulnerability exploitability ensured through services such as penetration testing, breach and attack simulations, or code reviews, guaranteeing thorough assessment and mitigation.

Breach & Attack Simulation (BAS)

The « Defence-in-depth » concept extends beyond the information system, incorporating breach simulation for both application and infrastructure security. Rather than assuming invulnerability, breach simulation starts from a compromised asset, testing the scope of potential breaches.

Our experts execute innovative methodologies as well as cutting-edge automation tools to assess the level of security of your organization.

Red teaming and Penetration testing

In the realm of cybersecurity, organizations face the ongoing challenge of safeguarding their digital assets against sophisticated threats. While traditional penetration testing offers insights into specific vulnerabilities, Red Teaming takes a broader approach, simulating Advanced Persistent Threats (APTs) and assessing the full spectrum of security operations.

To know more on these offers