Cybersecurity & Intelligence Operations Center

Cyber Security & Intelligence Operations Center: Securing the digital transformation

No one can dispute the benefits brought to the digital economy by cloud computing in all its forms. However, by opening up the enterprise more than ever to the outside world, cloud technologies and services may expose it to unprecedented or significantly larger-scale security challenges. Proximus NXT’s Cyber Security & Intelligence Operations Center (CSIOC) enables the implementation of appropriate monitoring and response capabilities adapted to this new reality, as well as governance and processes allowing for rapid and effective reaction in case of alerts. Security is at the core of Proximus NXT’s strategy, as confirmed by the recent ISO 27001 certification of its cybersecurity services. Olivier Trientz, Senior Sales Consultant CyberSecurity & SOC Services, and Frédéric Hauss, Head of CSIOC operations, explain its dynamics.

What lies behind these acronyms?

Olivier Trientz: The NOC – Network Operations Center – provides monitoring to ensure the availability of the network, systems, and communications. Its main function is to guarantee uninterrupted network service. With the SOC – Security Operations Center – we enter the domain of detecting malicious behavior.

Frédéric Hauss: More formally, if we consider that information system security rests on four pillars—confidentiality, integrity, availability, and traceability—the NOC ensures availability, while the SOC addresses all four aspects. In any case, the NOC and SOC complement each other and work in tandem to ensure ICT operations and security.

As for the CSIOC, it is a SOC to which a “Cyber” dimension has been added, highlighting that in today’s cloud era, the SOC is no longer limited to the company’s perimeter. Responsibility for its security thus lies with the cloud service provider, as is the case for Proximus NXT.

The addition of the “I” for Intelligence anticipates the next evolution.

What do they have in common?

F.H.: Behind machines, there are people. SOCs and their variations are прежде all about specialists. Even though these services rely on many security solutions, they are primarily composed of high-level experts capable of analyzing vast amounts of data to identify unusual behavior, and—when deemed malicious—of creating new detection scenarios along with theoretical remediation plans that are later adapted to the client’s real situation.

O.T.: The primary goal is to ensure business continuity and organizational survival in the event of an incident. The key is to reduce the time between an attack and its detection, to allow valuable time to deploy appropriate response and remediation measures.

This race against time requires strong preparation, but also precise monitoring of security indicators from a global SOC, which becomes the control tower of the company’s entire security.

What forms do security breaches currently take?

O.T.: In our experience, 80% of security breaches today originate from within the organization—either through external visitors or contractors, through mistakes or negligence (for example, when a developer runs a network scanning tool without authorization), or through malicious intent. These accidental or intentional breaches can result in data leaks or malware introduction.

F.H.: The most impactful attacks indeed originate inside organizations. From the outside, they are most often fraud and extortion attempts, such as ransomware variants.

These external attacks are now highly targeted, sometimes even aimed at a single organization. They may include DDoS attacks using botnets of compromised machines, or malware-free attacks such as phishing.

On what basis was the CSIOC created?

F.H.: The CSIOC was created out of the need to adapt cloud protection to new cyber threats and increasing vulnerabilities due to the constantly growing number of devices to secure. To improve proactivity and responsiveness, we decided to centralize under a single umbrella various skills, expertise, and information sources previously spread across the company.

This is where the “I” in CSIOC—Intelligence—makes sense, as it reflects our proactive approach to threats through continuous monitoring of the cybercrime landscape. We constantly adapt our detection scenarios based on this evolution and, most importantly, to our clients’ activities. This client-specific adaptation is a key differentiator of our approach.

O.T.: Companies that come to us have already moved beyond the question of whether to build an internal SOC. This requires significant investments in both hardware and software, as well as 24/7 expert resources and organization. Clients therefore recognize the need to rely on an external provider to secure their infrastructure and data, allowing them to focus on their core business.

Proximus NXT has the necessary capabilities to meet this demand, including expert teams and either shared or dedicated infrastructure depending on client needs. This is what makes our offering attractive: we can provide infrastructure hosted in Tier IV data centers as well as highly skilled specialists to ensure high availability of information systems.

What types of companies do your services target?

O.T.: Our services are aimed at organizations of all sizes and sectors: insurance, finance, retail, services, and industry.

Our first engagements came from industrial companies seeking protection against production downtime, industrial espionage, and theft of trade secrets.

In the financial sector, regulators are continuously increasing security requirements. All banks, regardless of size, must comply with regulations such as PSF, SWIFT, or GDPR. Proximus NXT’s scalable offering allows solutions to be tailored to the institution’s profile and risk exposure. We generally recommend starting with perimeter monitoring to secure communications between the infrastructure and the outside world, then focusing on critical applications.

What is your concrete approach to implementing a security solution?

F.H.: Each engagement begins with identifying risk scenarios, analyzing network communications, and reviewing infrastructure architecture. The goal is to establish a “baseline” of network and business behavior, allowing us to detect anomalies. Over time, we develop deep knowledge of the client’s environment, enabling us to identify any unusual behavior such as unexpected international communications or machine-to-machine interactions. Each event is analyzed to distinguish normal from abnormal behavior—this is a hallmark of CSIOC.

O.T.: Proactivity is essential at Proximus NXT even before any anomaly detection. This requires understanding client activities and communication flows, maintaining constant interaction with them, and supporting infrastructure evolution to ensure proper response when alerts occur.

What skills are required beyond technical expertise?

F.H.: The most important quality we look for is strong communication skills to ensure team interaction. Our staff must also be able to handle stressful situations: at Proximus NXT, we commit to responding to incidents within 30 minutes.

We define three levels of expertise:

• Level 1: rapid triage of alerts, stress resistance, analytical accuracy, communication skills, and knowing when to escalate.
• Level 2: in-depth analysis of incidents, determining root causes, communicating with clients, and helping mitigate impacts.
• Level 3: forensics experts (CSIRT team) identifying the root cause behind the root cause.

A team of around ten people ensures 24/7 coverage across all three levels.

O.T.: As an integrator, Proximus NXT also has experienced network and security engineers with strong field experience and certifications. They can intervene at any time to apply security measures such as firewall rules or patches.

F.H.: We also provide value-added services such as vulnerability assessments, penetration testing, red teaming, threat hunting, and phishing campaigns focused on the human factor.

We also use threat intelligence techniques such as controlled deception environments to attract attackers and study their methods in order to better protect our clients.

Does multicloud complexity increase security risks?

O.T.: Yes, multicloud increases complexity, which makes security harder to control. Public cloud providers invest heavily in securing their platforms, but they do not manage governance, hygiene, or operational security processes. This is where Proximus NXT plays a key role as a managed services and integration partner.

F.H.: Many security managers are concerned about losing end-to-end visibility in multicloud environments. Trusted partners like Proximus NXT are therefore essential. Our close relationships with major cloud providers also give us an advantage in securing clients transitioning to these infrastructures.