HomeResources
CTI - What are the measurable key figures ?

CTI - What are the measurable key figures ?

10% increase

in threat detection and volume

2021

client since

EDF (Électricité de France) is a French state-owned multinational electric utility company and a recognized global leader in low-carbon energy production. Founded in 1946 to rebuild and unify France's electrical grid, the company has spent 80 years pioneering electricity generation, transmission, and distribution.

Industry

Energy & Utilities

feedback with

Thomas Burnouf

company size

197,000+ employees

chosen solution

Sekoia CTI

A PDF version of this case study is available

Download case study

"We chose Sekoia’s solution for its strong expertise, reactivity, and availability of the teams. Sekoia teams remain available before, during and after the purchase act. Whenever we ask a question, we usually get an answer within 24/48 hours. When we make suggestions for improvement, they are taken into account in the improvement of the returned data, which is very important to us."
Group SOC manager, EDF
Thomas Burnouf

EDF, a global group to be secured

The SOC team of the “Transformation and Operational Efficiency” directorate of EDF (corporate) is responsible for preventing, detecting and responding to security incidents that may affect the Group’s employees and infrastructure.

The scope of activities of this team extends mainly to Europe, as well as the United States and China. This team monitors and secures approximately 200,000 assets.

What was the need?

The SOC team was looking for a sovereign, trusted information feed to detect cyber threats that could target the EDF Group.

This information had to be sufficiently contextualized and relevant to allow the team to integrate it directly into the SIEM and security tools without prior processing.

Choosing Sekoia CTI

A POC was conducted for a period of 12 months in collaboration with EDF teams, Threat Quotient and Sekoia teams. This POC was demanding in its integration and successfully reached the initial objective. This integration enabled to bring a large coverage of detection of common threats (Phishing, Ransomware, Malware) that can target the EDF group.

Because of a high-quality feed and a near-zero false-positive rate, the automation, was a determining criterion in the choice of the solution and the feasibility of this project.

Despite several POCs in parallel, Sekoia was chosen for the strong expertise, the reactivity and the availability of its teams.

Quality CTI with an undeniable ROI

The implementation of the Sekoia CTI feed has enabled:

  • A mesurable ROI: The quality and relevance of the information made it possible to avoid calling on the SOC team’s analysts.
  • Time was saved and the teams did not need to recruit to contextualize the data.
  • Information enrichment leading to a 10% increase in threat detection + volume des menaces.
  • Relevant detections that prevented attacks.
  • A decrease in the volume of false positives passing to less than 10 for more than 1,000,000 indicators.

The proof-of-concept process

Phase 1: Preparation

A kick-off meeting was organized to allow the transmission to the EDF teams.

Phase 2: Intelligence assessment

  • Testing IoCs
  • Source testing
  • Trackers testing
  • Testing of malware and threat actors profiles
  • Testing of FLINT reports (Flash Intelligence Report)

Phase 3: POC Assessment

In a debriefing meeting, the EDF teams decided to generalize this POC.

Duration: 12 months

FAQ

What are the main cybersecurity challenges facing energy providers?

Energy providers operate across complex, hybrid environments that bridge critical physical infrastructure with modern cloud networks. When teams rely on disconnected, siloed security tools, attackers easily exploit the gaps between them. This leaves analysts chasing isolated alerts without the real-time context needed to stop an operational disruption.

How can Sekoia help energy providers detect and respond to threats faster?

Sekoia deploys thousands of pre-built, verified detection rules alongside threat intelligence to catch threats others miss. When an incident occurs, analysts can launch manual or automated response actions using built-in playbooks. This, combined with the AI security assistant, ROY, allows security teams to investigate and resolve threats in minutes instead of hours.

How can energy providers meet compliance requirements while improving resilience?

Sekoia offers region-specific data residency so you can choose exactly where your data is stored to satisfy local regulations. The platform ensures complete data ownership with audit-ready logging and controls built for strict regulatory standards. At the same time, every investigation is automatically documented with full evidence and reasoning, making compliance effortless while you proactively close security gaps.

How does Sekoia handle the huge log volumes generated by energy networks?

Sekoia uses AI-driven prioritization and context to automatically rate-limit noisy rules and group related signals. This ensures your analysts stay focused on genuine threats to infrastructure, rather than triaging any repetitive noise.

Related case studies

How does Monaco Cyber Sécurité ensure data residency compliance with Sekoia?

read story

Showcasing our MSSP expertise with CTI and Sekoia SOC Platform

read story

A shared vision for 360° safety and increased maturity

read story

Cybersecurity for SMBs: Sekoia powers SOC by Tibco

read story