Skip to main content

Why Orange France is using Elastic for SIEM

An evaluation and partnership journey

By
Marc-Antoine LeclercqAntoine Le CalvezMarie Sigier
blog-orange-sa_(1).png
Summary
  • Orange France replaced its legacy SIEM with Elastic to secure a long-term, strategic technology partner aligned to evolving security and business needs.
  • The evaluation included 500+ functional, security, and compliance requirements, followed by a rigorous Proof of Concept (POC).
  • Elastic differentiated on flexible deployment (on-prem and hybrid), usability, transparent AI roadmap, and native SOAR integration.
  • Strong technical support and an active internal Elastic user community reinforced strategic alignment and long-term adoption.

When Orange France decided to replace its existing security information and event management (SIEM) solution for its internal needs, it wasn't simply a question of choosing a new tool but of finding a partner for the future. Antoine Le Calvez, an Orange project manager, and Marie Sigier, an engineering manager at SOC Orange France, tell us that the process was marked by rigorous evaluation, frank internal debate, and close attention to technical and strategic needs.

Why change? The driving forces behind a call for tenders

The decision to launch a new call for tenders was not taken lightly. “What triggers a call for tenders is the end of an existing contract, especially after acquisitions and changes in strategy,” explains Le Calvez. Sigier adds that “the players were evolving, including our own strategies, which allowed us to consider alternative solutions that were better suited to Orange France's business."

The main challenges and motivations

  • Seeking innovation and evolution: In a constantly evolving market, Orange France wanted to find a solution capable of keeping pace in both functionality and deployment flexibility.

  • Strategic and market considerations: Changes in the market and supplier strategies like a transition to all-SaaS were not aligned with Orange France's needs, particularly in on-prem deployment. 

  • Technical and operational requirements: There was a need for a resilient, flexible, and scalable platform that was deployable on site, including in isolated environments. 

  • Supplier relationship: Orange France needed a transparent, responsive, and supportive partnership. 

  • Alignment with the group's strategy: Orange France wanted to ensure alignment by pooling solutions and leveraging its internal community of users and expertise.

A rigorous and transparent selection process

The Orange team created an exhaustive requirements matrix, covering functional, non-functional, contractual, security, financial, and even environmental (CSR) criteria. "We consolidated all this in a file with at least 500 requirements," recalls Le Calvez. Each supplier was evaluated not only on its ability to meet these needs but also on its performance relative to competitors with specific weightings.

The process was collaborative and transparent. “What we validated was an entry in the group's catalog to allow other entities to benefit from this project for their internal needs, so a company-wide choice,” explains Sigier.

Technical and operational criteria: From specifications to POC

The requirements were clear: resilience, flexibility, scalability, and the ability to deploy on-prem even in an isolated environment. “We really felt that the product was independent of the underlying layer,” notes Le Calvez, highlighting Elastic's support for virtual machines (VMs) and Kubernetes deployments. The team also considered operational impact, such as virtualization, carbon footprint, and storage optimization.

The proof of concept (POC) phase was demanding and practical. The Orange team appreciated Elastic's openness to feedback and its ability to address the points raised.

On the few topics where we identified areas for improvement, Elastic was able to demonstrate that it was in the roadmap and in development.

Antoine Le Calvez, Project Manager at Orange

Elastic's distinctive advantages

Several factors allowed Elastic to stand out during the POC:

  • Ease of use and flexibility: Elastic Security combines SIEM, endpoint, and cloud security into a single, intuitive interface, reducing tool sprawl while supporting on-prem, cloud, hybrid, and isolated environments. Its open architecture ingests data from any source with automatic import for customized telemetry.

  • Rich and dynamic roadmap: Elastic is known for its continuous innovation with advanced capabilities, such as AI detection (retrieval augmented generation) and automation. "We have seen in the roadmap that Elastic is constantly evolving," explains Sigier.

  • Transparency: Elastic is all about transparency from open detection rules to AI-augmented workflows and easier data anonymization. 

  • User experience and advanced features: With intuitive dashboards, flexible detection logic, API-first approach, federated search, timelines, case management, and graphical visualizations, the platform opened new possibilities. "The team felt free to imagine any type of detection use case," adds Sigier.

  • Integration and ecosystem: Integrations, especially with SOAR, are straightforward. “I was surprised how easy it was to send alerts to SOAR using the Elastic connector,” says Le Calvez. Elastic Security integrates perfectly with existing stacks, thereby meeting Orange's needs.

The human factor: Support and community

The quality of support and partnership was a major asset, especially with Elastic technical resources available throughout the POC. The internal community of Elastic users at Orange is also a strategic asset. "There is enthusiasm; many professionals are fans of Elastic," notes Sigier. This community combined with the ability to partition spaces for different entities has strengthened the alignment with the group's strategy.

Better together

In the end, the decision was based on trust, reputation, technical excellence, and strategic alignment. "We chose Elastic, which distinguished itself in many areas. Our teams are very demanding on the quality of detection and the relevance for our cyber activity," concludes Sigier.

Selecting Elastic as the primary SIEM for Orange’s internal needs reflects the strength of the partnership, transparency, and sustained technical and human commitment.  As the deployment phase begins, both teams look forward to building together on this solid foundation.

About Orange
About Orange Orange is one of the world’s leading telecommunications operators. The Group aims to be the trusted partner for everyday digital life by providing individuals, businesses and communities with reliable connectivity and innovative services. As of the end of 2025, Orange connects 340 million customers (including MasOrange) across 26 countries and generated 40.4 billion euros in revenues.

As a trusted player, Orange leverages the excellence of its very high-speed broadband networks to deploy digital infrastructure in Europe, Africa and the Middle East. The Group is a European leader in fiber, with 100 million connectable households, and convergent offers. In France, Orange connects 34 million customers and was ranked No. 1 by the regulator Arcep for the quality of its mobile network for the 15th consecutive year. In Africa and the Middle East, the Group’s growth engine, Orange serves nearly 180 million customers and promotes digital and financial inclusion through its connected solutions.

Under the Orange Business brand, the Group supports companies in transforming their networks as well as in AI, trusted cloud and cybersecurity. Orange is also a major player in the wholesale market, where it has a leading global telecom infrastructure and significant capabilities for deploying and operating submarine cables. A committed innovator, Orange relies on 700 researchers and holds a portfolio of 11,000 patents.

Orange is listed on Euronext Paris (symbol ORA). More information: www.orange.com. 

Orange and any other Orange product or service names mentioned in this material are trademarks of Orange or Orange Brand Services Limited.

The release and timing of any features or functionality described in this post remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.

Sign up for Elastic Cloud free trial

Spin up a fully loaded deployment on the cloud provider you choose. As the company behind Elasticsearch, we bring our features and support to your Elastic clusters in the cloud.

Start free trial