Independent Security Partner since 2005

Defending your future.
Today.

Security built for a world where attackers use AI. DEFION combines offensive security expertise with AI that continuously detects, validates, and challenges your defenses. You see what’s happening in minutes and act before attackers get in.

Attackers already use AI to increase the speed and scale of cyberattacks. DEFION combines offensive security expertise with AI-driven analysis to help organisations respond with the same level of visibility, validation and speed. Active Defense means threats are hunted proactively, controls are continuously tested and response starts before incidents escalate.

Speak with our experts 24/7 Incident Hotline
Real analysts online in Zoetermeer and Barcelona. Average response under 5 minutes.

DEFION in numbers

20+
Years of experience
100+
Security experts
1,000+
Organizations protected
100,000+
Endpoints monitored
Meet the team

100+ specialists.
Two offices.
One team.

Zoetermeer and Barcelona. Real people, senior expertise. No offshore support, no call-center triage. When you call DEFION, you reach the engineer who can actually help.

Independent since 2005. Still driven by the people who founded it.

Meet the team →Open roles →
The DEFION team together in the mountains during our annual offsite
DEFION engineers collaborating over shared desks
Four DEFION colleagues hanging out in a mountain cabin
Three DEFION colleagues relaxing on a couch after hours
What you get

From tech and compliance
to crisis. One partner.

No juggling five vendors for five problems. One team that covers your entire security posture, from advisory to 24/7 monitoring and crisis response.

Strategic Resilience

Security Assessments & CISO as a Service

Want to demonstrably improve your security posture? We translate best practices and requirements into a concrete action plan that raises your resilience.

View service →
Attack Readiness

Penetration Testing & Technical Security Reviews

Do you know where you're vulnerable? We do what the bad guys do — to prevent attacks, with results in 24 hours instead of 6 weeks.

View service →
Adaptive Threat Detection

24/7 Managed Detection & Response

Detect new threats and attacks in real time? A digital operations centre (SOC) with 24/7 specialists ready to act — even on Sunday at 3 a.m.

View service →
Cyber Crisis Management

Incident Response & Digital Forensics

The alarm goes off. You're under attack. We're ready within minutes for containment, forensics and recovery. 24/7, worldwide.

View service →
Business Continuity & Recovery

Business Continuity Plan & Incident Preparedness

An attack stops your business. But for how long? And what does every hour cost? We make sure you're back up within hours.

View service →
DEFION security experts
Why DEFION

Independent.
AI-accelerated.
20 years proven.

You get advice without a hidden sales agenda. DEFION doesn't sell products, only protection. That means our recommendations are always in your interest.

From boardroom to server room, 24/7 monitoring and AI-accelerated pentesting. One partner for your entire attack surface: IT, OT, and IoT.

About DEFION →
What this means for you

Faster detection.
Less noise.
Better decisions.

You only get alerts that matter. No flood of false positives, no overwhelmed security team. Our technology filters the noise, our experts make the calls.

The result: threats detected in minutes instead of days. And when it counts, there are always people ready who know what to do.

Alert within 4 minutes

No hours or days waiting for an alarm

Only what matters

Your team sees relevant alerts, not thousands

Pentest in 24 hours

First vulnerabilities same day, not after weeks

Experts who decide

No automated guesswork, real human judgment

THREAT INTELLIGENCE

What we see right now. Week 23 — 3 June 2026

Week 23, 2026 · Updated June 3, 2026

Our TI team monitors 40+ sources 24/7. These are the most relevant threats for European organizations — updated June 3, 2026.

Ransomware · CRITICAL · All sectors (EU/Global)

TheGentlemen ransomware deploys BYOVD to kill EDR tools before encryption - 500% surge in NL victims

TheGentlemen ransomware disables EDR via BYOVD before encrypting, with a 500% surge in EU victims. Exploits FortiGate CVE-2024-55591 for initial access. Action: validate EDR and patch FortiGate immediately.

June 3, 2026 · Confidence: High

Read more →
Supply Chain · HIGH · Technology, SaaS, Development (EU/Global)

Supply chain attack: 3,800 GitHub repositories compromised, 84 npm packages backdoored

3,800 GitHub repos compromised and 84 npm packages backdoored. CISA confirms ransomware linkage. Attackers use dev environments as the entry point to production. Action: audit npm dependencies and implement SBOM.

June 3, 2026 · Confidence: High

Read more →
Ransomware · HIGH · Finance, Healthcare, Technology (EU/Global)

Data extortion without encryption: 38% of ransomware attacks now skip encryption entirely

38% of 2026 ransomware attacks exfiltrate data without encrypting, bypassing backup recovery strategies. Qilin and DragonForce lead this shift in EU targets. Action: implement DLP and update IR plans for data extortion.

June 3, 2026 · Confidence: High

Read more →
View all threat intelligence →
Sector Expertise

We speak your language.

Manufacturing
Manufacturing
Government
Government
Financial Services
Financial Services
Critical Infrastructure
Critical Infrastructure
Retail & E-commerce
Retail & E-commerce
Research & Education
Research & Education
Technology & SaaS
Technology & SaaS
Trusted by leading organizations

What our customers say

All customer stories →
Latest news

Newsroom

All news →
Partnership29 Apr 2026

AZ and DEFION Security: Official Supplier for Optimal Data Protection

AZ and DEFION enter into a multi-year strategic partnership as Official Supplier to strengthen the club's digital resilience. DEFION protects the valuable data AZ uses for performance on and off the pitch.

Read more →
Alert29 Apr 2026

CVE-2026-31431 ("Copy Fail"): Critical Linux Privilege Escalation Vulnerability Explained

CVE-2026-31431 ("Copy Fail") is a Linux kernel vulnerability enabling stealthy privilege escalation to root. Learn about the impact, affected systems, and mitigation steps.

Read more →
Partnership3 Mar 2026

SURF Deployment: DEFION and DTX Secure 75+ Education and Research Institutions

DTX and DEFION begin rolling out MDR services for SURF. More than 75 Dutch universities, polytechnics and vocational colleges receive 24/7 protection against cyberattacks.

Read more →

Ready to make your
security AI-proof?

Talk to one of our experts. No obligations, no sales pitch: an honest conversation about your situation.

Get in touch 24/7 Incident Response