At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Active remediation
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 3 SOC regions
- Surfaces
- Network · OT/ICS
- IR retainer
- ✓ Bundled
- Customers (public)
- Thales says 400 customers trust it to supervise critical information systems; MDR-specific customer count is not published.
- SOC analysts
- Thales publishes 8 threat intelligence and AI-driven SOCs and 400 customers supervised, but not an MDR-specific analyst count.
- Onboarding
- Not published. Thales describes customer-centric service roadmaps and selecting/deploying detection and response technologies, but no standard MDR onboarding timeline.
Best for
Ideal for
- Critical infrastructure and public-sector buyers that need Thales/S21sec regional cyber detection and response
- Large enterprises that want global SOC coverage with local European delivery options
- Organizations that need MDR alongside CTI, DFIR, CERT, vulnerability management and OT/ICS monitoring
Not ideal for
- Buyers that need a standalone legacy S21sec-branded MDR package
- SMBs that want transparent per-endpoint MDR pricing
- Teams that require public response runbooks, portal details, MTTD/MTTR and service-credit SLAs before sales engagement
Coverage
Endpoint
Limited
Cloud
Limited
Identity
Limited
SaaS
Limited
Network
Included
OT / IoT
Included
Compatible tools
EDR
SIEM
Cloud
Additional capabilities
Incident response
- Monitoring
- 24/7 · Thales publishes 24x7 expert teams across federated SOCs in Europe, MEA and APAC. Exact shift model and staffing ratios are not published
- First response
- Alert only — provider notifies your team with recommended actions · Custom playbooks supported
- Containment
- Network containment
- Notification
- Phone · Email
- Response SLA
- Not disclosed · Thales publishes 24x7 expert teams, rapid incident response, containment, automation and DFIR language.
- IR included
- Yes — in contract
Detection quality
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- Public pages do not publish false-positive rates or triage methodology. Thales describes advanced technology, cyber threat intelligence, human expertise and in-depth analysis inside SOC operations.
Threat hunting
- Included
- Yes — in base service
- Approach
- proactive
- Frequency
- Not published
Pricing
Custom quote for Thales Cyber Detection and Response, Managed Security Services, SOC and MDR. Public prices are not published.. Custom cyber detection and response engagement or managed security services or soc and mdr or critical-infrastructure cybersecurity services contracts.
- Indicative price
- Not published
What costs extra
- -DFIR scope and retainer terms
- -CERT incident response scope
- -ICS and OT monitoring
- -Cyber Threat Intelligence
- -Digital Risk Protection Services
- -Attack surface and vulnerability management
- -Technology integration services
- -Data retention and log storage
- -Real-world attack simulations
Cost caveats
- -The current S21sec domain routes to Thales-branded services, so buyers wanting legacy S21sec-specific delivery should confirm contracting entity, SOC location and delivery team.
- -Public pages do not publish prices, minimum terms, service credits, MTTD/MTTR or formal MDR SLAs.
- -Thales offers a broad cybersecurity services portfolio; buyers should separate base MDR scope from CTI, DRPS, DFIR, CERT, ICS monitoring and advisory services.
- -Named endpoint, identity and cloud containment actions are not public and should be confirmed tool by tool.
- -Data retention, raw log access, offboarding and detection-content export rights are not described publicly.
Pricing compiled from public sources. Verify directly with the provider.
The team
- Analysts
- Direct employees · Thales publishes 8 threat intelligence and AI-driven SOCs and 400 customers supervised, but not an MDR-specific analyst count.
- Certifications
- Regional CERT expertiseDFIR expertiseThreat intelligence expertise
- Channels
- Email · Phone · Portal
- Data access
- Reports Only
- Portal
- Public pages do not describe a customer MDR portal, raw query access or dashboard capabilities.
- Account manager
- Shared / pooled
Reputation
The current public evidence is strong for Thales-branded global SOC, MDR, CTI, DFIR and critical-infrastructure detection and response, but weak for S21sec as a standalone public MDR brand. Buyers should validate current delivery model, SOC location, response authority, pricing and whether the contract is with Thales/S21sec in the relevant country.
What customers praise
- — Global SOC network with local European, MEA and APAC coverage
- — Strong fit for critical infrastructure and regulated sectors
- — Broad adjacent capabilities across CTI, DFIR, CERT, DRPS, vulnerability management and OT monitoring
Common complaints
- — Legacy S21sec branding is not clearly separate from current Thales branding
- — No public MDR pricing or contractual SLA
- — Named response actions, default technology stack and portal experience are not public
Reddit (r/sysadmin, r/msp)
No meaningful Reddit signal found for S21sec or Thales MDR specifically.
Questions to ask
8 questions to ask Thales (S21sec)▾
- 1.
Is our contract delivered by Thales, S21sec, or a local Thales/S21sec entity?
- 2.
Which SOC location will monitor us, and where will logs, tickets and reports reside?
- 3.
Which security tools and SIEM platforms are included by default?
- 4.
Which response actions can Thales execute directly, and which require our approval?
- 5.
Is DFIR and CERT incident response included in MDR or quoted separately?
- 6.
What is included in base SOC and MDR versus CTI, DRPS, vulnerability management and ICS monitoring add-ons?
- 7.
What contractual SLA applies to triage, notification, containment and escalation?
- 8.
What reports, detections, playbooks, tickets and historical logs can we export during offboarding?
Evidence
Sources reviewed
Main public source used for the provider profile.
Official Thales cybersecurity services page used to verify 8 threat-intelligence and AI-driven SOCs, 400 supervised critical-information-system customers, detection and response service scope, 24x7 expert teams and sector focus.
Current S21sec-domain page used to verify that the legacy S21sec candidate now resolves to Thales-branded Cybersecurity Services content rather than a separate public S21sec MDR package.
Shortlisted legacy official S21sec/Thales SOC datasheet URL. Direct access is protected by anti-bot controls, and text-render retrieval resolved to current Thales Cybersecurity Services content, supporting the successor-branding treatment.
Public-data caveats
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response authority may depend on pre-approval and contract scope.