How Thales Group Uses the ThreatQ Platform to Build its Leading Threat Intelligence Service

| Celine Gajnik |

In 2016, Ivan Fontarensky, Technical Director CyberDetect & Respond at Thales, wanted to rollout a Cyber Threat Intelligence (CTI) service to continue to add value to the company’s cybersecurity products used by critical infrastructure organizations around the globe.  

Threat intelligence is mandatory to strengthen detection and response and enable a proactive cyber defense strategy. And while Thales had already incorporated threat data into their detection and response solutions, Ivan recognized that the volume of threat data and variety of threat intelligence sources would continue to grow exponentially. Additionally, each customer has a unique threat landscape and, as such, needed to have threat intelligence curated and targeted specifically for their organization. 

To manage the growth of threat intelligence from their own internal research as well as from commercial, open source, government, and industry sources, they needed a way to harness all that data for analysis and make it actionable for their internal security operations centers (SOCs) and for their clients around the world. 

Key criteria and use cases
In our new customer success story, “Thales Group Builds Threat Intelligence Service Utilizing ThreatQ Platform as the Foundation”, Ivan describes how ThreatQuotient and the ThreatQ Platform satisfied the company’s key criteria for selecting a partner to help them build their threat intelligence capability, including the ability to integrate with an expanding number of data sources and cybersecurity tools for deeper analysis and understanding, strengthened detection and response, and proactive cyber defense.  

For example, ThreatQ’s comprehensive library of APIs and custom connectors can be written and deployed quickly to support integration with existing tools and threat intelligence sources. This allows the Thales team to aggregate and normalize massive amounts of raw data about threats, correlate and analyze data to turn it into threat intelligence, prioritize that intelligence, and create client-specific threat detection rules. They can then distribute relevant intelligence and threat detection rules to their internal SOCs, and to Thales CYBELS Sensors and other network security tools deployed in clients’ environments. 

Today, Thales CTI practice is led by the core CTI team comprised of 50 threat intel analysts and geopolitical analysts. This team owns the operation of the ThreatQ Platform and is responsible for aggregating and analyzing threat data, creating and sharing detections, and reporting on the latest threats. The CTI team works with the SOC teams and the Incident Response (IR) team to address their primary use cases including: alert triage, investigation and response, and research and reporting – from high-level analysis to more detailed studies


  • Personalized threat intelligence for clients worldwide
    Because the ThreatQ Platform is open, Thales is able to adapt their intelligence model to each of their clients. This personalized CTI service allows them to share the right intelligence at the right time to the right tools based on the client’s environment and industry, so clients can be proactive in their cyber defense strategy.
  • Elevated threat intelligence as a strategic advantage 
    Collaboration and visualization has enabled Thales to become a leading provider of CTI research, helping clients understand the evolving threat landscape and how to mitigate risk. 
  • Grew to become the largest CTI service in Europe
    Thales has expanded from a department of one to a full CTI service with 50 intel experts. ThreatQuotient provides the platform and support to help Thales scale their service and accelerate the distribution of actionable intelligence and detections, while maintaining a low total cost of ownership.

Ivan sums it up well: “Threat intelligence is mandatory and was essential to the ramp-up of our cybersecurity portfolio of solutions. We share a common vision with ThreatQuotient and, with the most mature and robust platform on the market, we knew they could help us industrialize our intelligence model to support our needs worldwide.”

To learn more about Thales and dig deeper into Thales’ key criteria and use cases, download the customer success story now.


Blog Archive

About ThreatQuotient™

ThreatQuotient™ understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQ™, empowers security teams with the context, customization and prioritization needed to make better decisions, accelerate detection and response and advance team collaboration.
Share This