Lumifi vs Thales (S21sec)
Lumifi is a Pure-play MDR that works with your existing tools. Thales (S21sec) is a Services firm that works with your existing tools. Lumifi targets SMB, Mid-market, and Enterprise organizations; Thales (S21sec) serves Enterprise.
Buyer brief
Lumifi is a Pure-play MDR that works with your existing tools. Thales (S21sec) is a Services firm that works with your existing tools. Lumifi targets SMB, Mid-market, and Enterprise organizations; Thales (S21sec) serves Enterprise.
Lumifi (Pure-play MDR) and Thales (S21sec) (Services firm) serve different buyer profiles. Your decision depends on whether you prioritize Lumifi's pe-backed mdr roll-up with healthcare specialization, ex-military soc personnel, and a technology... or Thales (S21sec)'s thales/s21sec is strongest for complex, regulated and critical-sector environments that value glo....
At a glance
| FIELD |  |  |
|---|---|---|
| Best fit | Healthcare organizations needing HIPAA-aligned MDR, especially those already in the Critical Insight customer base | Critical infrastructure and public-sector buyers that need Thales/S21sec regional cyber detection and response |
| Price | Not published | Custom quote |
| Response authority | 3/6 actions · Configurable | 2/6 actions · Configurable |
| Stack | Works with existing stack | Works with existing stack |
| Data access | Dashboards | Reports only |
| Warranty | None listed | None listed |
- Best fit
- Healthcare organizations needing HIPAA-aligned MDR, especially those already in the Critical Insight customer base
- Price
- Not published
- Response authority
- 3/6 actions · Configurable
- Stack
- Works with existing stack
- Data access
- Dashboards
- Warranty
- None listed
- Best fit
- Critical infrastructure and public-sector buyers that need Thales/S21sec regional cyber detection and response
- Price
- Custom quote
- Response authority
- 2/6 actions · Configurable
- Stack
- Works with existing stack
- Data access
- Reports only
- Warranty
- None listed
Detailed comparison
| FIELD | LumifiTECH-AGNOSTIC | Thales (S21sec)TECH-AGNOSTIC |
|---|---|---|
| Fit | ||
| Target size | SMB, Mid-market, Enterprise | Enterprise |
| Sentiment | Mixed | Mixed |
| Your stack | ||
| Approach | Works with your tools | Works with your tools |
| EDR integrations | Microsoft Defender for EndpointSentinelOne Singularity XDRCrowdStrike FalconVMware Carbon BlackPalo Alto Cortex XDR | Customer endpoint security tools |
| SIEM integrations | Microsoft SentinelExabeamElasticStellar CyberNetWitnessEventTracker (Netsurion platform) | Customer SIEM platformsThales SOC tooling |
| Coverage | EPEndpoint: CoveredCloudCloud: Optional add-onIDIdentity: Optional add-onSaaSSaaS: Optional add-onNetNetwork: CoveredOTOT/IoT: Optional add-on | EPEndpoint: LimitedCloudCloud: LimitedIDIdentity: LimitedSaaSSaaS: LimitedNetNetwork: CoveredOTOT/IoT: Covered |
| Response | ||
| Response type | Active Remediation | Active Remediation |
| Approval policy | Configurable | Configurable |
| Response actions | IsolateQuarantineCustom playbooks | ContainCustom playbooks |
| IR included | Separate | ✓ Included |
| Cost | ||
| Price range | Not published | Not published |
| Minimum seats | None | None |
| Breach warranty | – | – |
| More details | ||
| Requires own agent | No | No |
| Endpoints | ✓ Included | ~ Limited |
| Cloud workloads | + Optional | ~ Limited |
| Identity | + Optional | ~ Limited |
| SaaS apps | + Optional | ~ Limited |
| Network | ✓ Included | ✓ Included |
| OT/ICS | + Optional | ✓ Included |
| Threat hunting | ✓ Included | ✓ Included |
| Response SLA | Not disclosed | Not disclosed |
| 24/7 coverage | ✓ | ✓ |
| Pricing model | Custom pricing based on environment size, coverage areas, and platform integrations. No public pricing information available. | Custom quote for Thales Cyber Detection and Response, Managed Security Services, SOC and MDR. Public prices are not published. |
| Hidden cost warnings | Incident response is NOT included in base MDR. It is a separate service from the Critical Insight division, likely priced separately.. OT/ICS coverage requires the NetWitness partnership (announced Feb 2026) and is not part of standard MDR. Pricing and maturity of this offering are unknown.. Roll-up strategy means the service you buy today may have been three different companies 13 months ago. Ask about integration status between Datashield, Netsurion, and Critical Insight operations.. Zero public pricing. No way to benchmark costs before a sales conversation.. Single US SOC in Scottsdale, AZ. No follow-the-sun coverage, which may affect overnight response quality. | The current S21sec domain routes to Thales-branded services, so buyers wanting legacy S21sec-specific delivery should confirm contracting entity, SOC location and delivery team.. Public pages do not publish prices, minimum terms, service credits, MTTD/MTTR or formal MDR SLAs.. Thales offers a broad cybersecurity services portfolio; buyers should separate base MDR scope from CTI, DRPS, DFIR, CERT, ICS monitoring and advisory services.. Named endpoint, identity and cloud containment actions are not public and should be confirmed tool by tool.. Data retention, raw log access, offboarding and detection-content export rights are not described publicly. |
| Data portability | Partial | Partial |
| Contract terms | Annual | Custom cyber detection and response engagement, Managed Security Services, SOC and MDR, Critical-infrastructure cybersecurity services |
| Channels | EmailPortalPhone | EmailPhonePortal |
| Data access | Dashboards | Reports only |
| Dedicated analyst | – | – |
| SOC regions | North America | EuropeMEAAPAC |
| Onboarding | Varies by integration complexity. API-based integrations for Microsoft Sentinel, Defender, and SentinelOne can take days to weeks. | Not published. Thales describes customer-centric service roadmaps and selecting/deploying detection and response technologies, but no standard MDR onboarding timeline. |
| Industry focus | HealthcareCritical InfrastructureEnergyManufacturingFinancial ServicesLegalGovernment (local/state) | Critical InfrastructureGovernmentDefenseEnergyManufacturingAviationSpaceFinancial ServicesTelecommunicationsHealthcareTransportationAutomotiveUtilitiesMaritime |
| MTTD | Not published | Not published |
| MTTR | Not published | Not published |
| Community view | Gartner Peer Insights 4.9/5 (25 reviews in Managed Security Services, 6 in MDR), but very small sample size. Virtually no Reddit or G2 discussion. Glassdoor 2.9/5 (25 employee reviews) with only 39% recommending and 22% positive business outlook. Compensation rated 3.3/5, down 17% year-over-year. The Gartner rating looks good on paper but the tiny review count and lack of independent practitioner discussion make it hard to assess real-world performance. | The current public evidence is strong for Thales-branded global SOC, MDR, CTI, DFIR and critical-infrastructure detection and response, but weak for S21sec as a standalone public MDR brand. Buyers should validate current delivery model, SOC location, response authority, pricing and whether the contract is with Thales/S21sec in the relevant country. |
| Compliance | SOC 2 Type IINIST CSFHIPAAPCI DSS | DORATIBER-EUPCI DSSEASA Part-ISEASAICAOUNECE |
| Certifications | SOC 2 Type II (SOC facility attestation) | 8 threat intelligence and AI-driven SOCs around the worldSOCs in France, Morocco, the Netherlands, Belgium and Luxembourg, Portugal and Spain, and New Zealand and Australia |
| Founded | 2022 | – |
| Data retention | Customer data remains on customer infrastructure in co-managed model. Retention varies by platform and contract. | Not published. Public pages do not describe default log retention, raw log access, storage tiers or export terms for Thales SOC and MDR. |
| API available | ✓ | – |
| Website | Visit → | Visit → |
FAQ
What is the main difference between Lumifi and Thales (S21sec)?
Lumifi is a Pure-play MDR that is technology-agnostic (works with your existing tools). Thales (S21sec) is a Services firm that is technology-agnostic (works with your existing tools).
How do Lumifi and Thales (S21sec) differ in response capabilities?
Lumifi supports 3 autonomous actions (custom playbooks, endpoint isolation, file quarantine) and approval is configurable. Thales (S21sec) supports 2 autonomous actions (custom playbooks, network containment) and approval is configurable. Incident response is not included with Lumifi and included with Thales (S21sec).
How does Lumifi pricing compare to Thales (S21sec)?
Lumifi pricing: Custom-quoted pricing. Thales (S21sec) pricing: Not published. Watch for with Lumifi: Incident response is NOT included in base MDR. It is a separate service from the Critical Insight division, likely priced separately.; OT/ICS coverage requires the NetWitness partnership (announced Feb 2026) and is not part of standard MDR. Pricing and maturity of this offering are unknown.. Watch for with Thales (S21sec): The current S21sec domain routes to Thales-branded services, so buyers wanting legacy S21sec-specific delivery should confirm contracting entity, SOC location and delivery team.; Public pages do not publish prices, minimum terms, service credits, MTTD/MTTR or formal MDR SLAs..
Should I choose Lumifi or Thales (S21sec)?
Choose Lumifi if: healthcare organizations needing HIPAA-aligned MDR, especially those already in the Critical Insight customer base. Choose Thales (S21sec) if: critical infrastructure and public-sector buyers that need Thales/S21sec regional cyber detection and response. Lumifi is not ideal for buyers who need published MTTD/MTTR metrics, transparent pricing, or independent validation (MITRE, Forrester) before committing. Thales (S21sec) is not ideal for buyers that need a standalone legacy S21sec-branded MDR package.
Daylight Security
AI-native MDR for buyers comparing active remediation across endpoint, cloud, identity, and SaaS. Daylight works with existing EDR/SIEM stacks and uses ChatOps-native collaboration, so it can be a useful third reference point in this comparison.