Innofactor MDRaaS vs Thales (S21sec)
Innofactor MDRaaS is a Microsoft-ecosystem that works with your existing tools. Thales (S21sec) is a Services firm that works with your existing tools. Innofactor MDRaaS targets SMB, Mid-market, and Enterprise organizations; Thales (S21sec) serves Enterprise. Innofactor MDRaaS includes 0 attack surfaces in base pricing (), compared to 2 for Thales (S21sec) (Network, OT/ICS).
Buyer brief
Innofactor MDRaaS is a Microsoft-ecosystem that works with your existing tools. Thales (S21sec) is a Services firm that works with your existing tools. Innofactor MDRaaS targets SMB, Mid-market, and Enterprise organizations; Thales (S21sec) serves Enterprise. Innofactor MDRaaS includes 0 attack surfaces in base pricing (), compared to 2 for Thales (S21sec) (Network, OT/ICS).
Innofactor MDRaaS (Microsoft-ecosystem) and Thales (S21sec) (Services firm) serve different buyer profiles. Your decision depends on whether you prioritize Innofactor MDRaaS's innofactor mdraas fits microsoft-heavy nordic buyers that want sentinel-based monitoring while ke... or Thales (S21sec)'s thales/s21sec is strongest for complex, regulated and critical-sector environments that value glo....
At a glance
| FIELD |  |  |
|---|---|---|
| Best fit | Nordic buyers already committed to Microsoft Azure and Sentinel | Critical infrastructure and public-sector buyers that need Thales/S21sec regional cyber detection and response |
| Price | Custom quote | Custom quote |
| Response authority | 0/6 actions · Approval required | 2/6 actions · Configurable |
| Stack | Works with existing stack | Works with existing stack |
| Data access | Full query access | Reports only |
| Warranty | None listed | None listed |
- Best fit
- Nordic buyers already committed to Microsoft Azure and Sentinel
- Price
- Custom quote
- Response authority
- 0/6 actions · Approval required
- Stack
- Works with existing stack
- Data access
- Full query access
- Warranty
- None listed
- Best fit
- Critical infrastructure and public-sector buyers that need Thales/S21sec regional cyber detection and response
- Price
- Custom quote
- Response authority
- 2/6 actions · Configurable
- Stack
- Works with existing stack
- Data access
- Reports only
- Warranty
- None listed
Detailed comparison
| FIELD | Innofactor MDRaaSTECH-AGNOSTIC | Thales (S21sec)TECH-AGNOSTIC |
|---|---|---|
| Fit | ||
| Target size | SMB, Mid-market, Enterprise | Enterprise |
| Sentiment | Mixed | Mixed |
| Your stack | ||
| Approach | Works with your tools | Works with your tools |
| EDR integrations | Microsoft Defender | Customer endpoint security tools |
| SIEM integrations | Microsoft Sentinel | Customer SIEM platformsThales SOC tooling |
| Coverage | EPEndpoint: Optional add-onCloudCloud: LimitedIDIdentity: LimitedSaaSSaaS: Not coveredNetNetwork: Optional add-onOTOT/IoT: Not covered | EPEndpoint: LimitedCloudCloud: LimitedIDIdentity: LimitedSaaSSaaS: LimitedNetNetwork: CoveredOTOT/IoT: Covered |
| Response | ||
| Response type | Guided Response | Active Remediation |
| Approval policy | Approval Required | Configurable |
| Response actions | Alert and notify only | ContainCustom playbooks |
| IR included | Separate | ✓ Included |
| Cost | ||
| Price range | Not published | Not published |
| Minimum seats | None | None |
| Breach warranty | – | – |
| More details | ||
| Requires own agent | No | No |
| Endpoints | + Optional | ~ Limited |
| Cloud workloads | ~ Limited | ~ Limited |
| Identity | ~ Limited | ~ Limited |
| SaaS apps | Not offered | ~ Limited |
| Network | + Optional | ✓ Included |
| OT/ICS | Not offered | ✓ Included |
| Threat hunting | ✓ Included | ✓ Included |
| Response SLA | Not disclosed | Not disclosed |
| 24/7 coverage | ✓ | ✓ |
| Pricing model | Tiered custom quote. Innofactor publishes Basic, Standard and Advanced MDRaaS tiers, each marked ask for pricing. | Custom quote for Thales Cyber Detection and Response, Managed Security Services, SOC and MDR. Public prices are not published. |
| Hidden cost warnings | Tier1 and Tier2 cover regular business hours, not 24/7.. Endpoint and network detection are add-ons, so base SIEM-only scope may be narrower than buyers expect.. Microsoft Sentinel cost depends on data ingestion, retention, analytics tiers and related Azure services.. Public pages do not publish named response actions or response SLAs.. Customers keep ownership of logs and incidents, so internal responsibility for mitigation should be clear before signing. | The current S21sec domain routes to Thales-branded services, so buyers wanting legacy S21sec-specific delivery should confirm contracting entity, SOC location and delivery team.. Public pages do not publish prices, minimum terms, service credits, MTTD/MTTR or formal MDR SLAs.. Thales offers a broad cybersecurity services portfolio; buyers should separate base MDR scope from CTI, DRPS, DFIR, CERT, ICS monitoring and advisory services.. Named endpoint, identity and cloud containment actions are not public and should be confirmed tool by tool.. Data retention, raw log access, offboarding and detection-content export rights are not described publicly. |
| Data portability | Full | Partial |
| Contract terms | Tier1 Basic, Tier2 Standard, Tier3 Advanced, Custom | Custom cyber detection and response engagement, Managed Security Services, SOC and MDR, Critical-infrastructure cybersecurity services |
| Channels | EmailPhone | EmailPhonePortal |
| Data access | Full query access | Reports only |
| Dedicated analyst | – | – |
| SOC regions | Europe | EuropeMEAAPAC |
| Onboarding | Innofactor says the core infrastructure resides in the customer's Azure cloud environment and needs no on-premises infrastructure. It describes deployment as rapid and light, but does not publish a standard onboarding duration. | Not published. Thales describes customer-centric service roadmaps and selecting/deploying detection and response technologies, but no standard MDR onboarding timeline. |
| Industry focus | Public Sector | Critical InfrastructureGovernmentDefenseEnergyManufacturingAviationSpaceFinancial ServicesTelecommunicationsHealthcareTransportationAutomotiveUtilitiesMaritime |
| MTTD | Not published | Not published |
| MTTR | Not published | Not published |
| Community view | Innofactor has limited MDR-specific public review volume. The public buyer case rests on Nordic Microsoft expertise, Sentinel in the customer's Azure environment, tiered service levels and clear customer control of logs and incidents. Buyers should validate response authority, total licensing cost, add-on scope and Tier3 operating model before signing. | The current public evidence is strong for Thales-branded global SOC, MDR, CTI, DFIR and critical-infrastructure detection and response, but weak for S21sec as a standalone public MDR brand. Buyers should validate current delivery model, SOC location, response authority, pricing and whether the contract is with Thales/S21sec in the relevant country. |
| Compliance | ISO 27001ISO 9001ISO 13485AQAP-2110ISO 14001 | DORATIBER-EUPCI DSSEASA Part-ISEASAICAOUNECE |
| Certifications | ISO 9001:2015ISO 13485:2016ISO/IEC 27001:2022AQAP-2110ISO 14001:2015Microsoft Solution Partner designationsMicrosoft Advanced Specializations | 8 threat intelligence and AI-driven SOCs around the worldSOCs in France, Morocco, the Netherlands, Belgium and Luxembourg, Portugal and Spain, and New Zealand and Australia |
| Founded | 2000 | – |
| Data retention | Not published as a standard MDR retention period. Innofactor says logs and incidents remain in the customer's own Azure environment. | Not published. Public pages do not describe default log retention, raw log access, storage tiers or export terms for Thales SOC and MDR. |
| API available | – | – |
| Website | Visit → | Visit → |
FAQ
What is the main difference between Innofactor MDRaaS and Thales (S21sec)?
Innofactor MDRaaS is a Microsoft-ecosystem that is technology-agnostic (works with your existing tools). Thales (S21sec) is a Services firm that is technology-agnostic (works with your existing tools). Innofactor MDRaaS covers 0 attack surfaces in base pricing vs. 2 for Thales (S21sec).
How do Innofactor MDRaaS and Thales (S21sec) differ in response capabilities?
Innofactor MDRaaS supports 0 autonomous actions (none) and requires approval before acting. Thales (S21sec) supports 2 autonomous actions (custom playbooks, network containment) and approval is configurable. Incident response is not included with Innofactor MDRaaS and included with Thales (S21sec).
How does Innofactor MDRaaS pricing compare to Thales (S21sec)?
Innofactor MDRaaS pricing: Not published. Thales (S21sec) pricing: Not published. Watch for with Innofactor MDRaaS: Tier1 and Tier2 cover regular business hours, not 24/7.; Endpoint and network detection are add-ons, so base SIEM-only scope may be narrower than buyers expect.. Watch for with Thales (S21sec): The current S21sec domain routes to Thales-branded services, so buyers wanting legacy S21sec-specific delivery should confirm contracting entity, SOC location and delivery team.; Public pages do not publish prices, minimum terms, service credits, MTTD/MTTR or formal MDR SLAs..
Should I choose Innofactor MDRaaS or Thales (S21sec)?
Choose Innofactor MDRaaS if: nordic buyers already committed to Microsoft Azure and Sentinel. Choose Thales (S21sec) if: critical infrastructure and public-sector buyers that need Thales/S21sec regional cyber detection and response. Innofactor MDRaaS is not ideal for buyers that need public MDR pricing or response SLAs before sales engagement. Thales (S21sec) is not ideal for buyers that need a standalone legacy S21sec-branded MDR package.
Daylight Security
AI-native MDR for buyers comparing active remediation across endpoint, cloud, identity, and SaaS. Daylight works with existing EDR/SIEM stacks and uses ChatOps-native collaboration, so it can be a useful third reference point in this comparison.