TPG & Senthorus
HomeNews & EventsSuccess StoriesPowering Transit Security

Powering Transit Security: How Senthorus Helped tpg Protect Geneva’s Critical Infrastructure

Transports Publics Genevois (tpg)

Logo TPG

Overview

Transports Publics Genevois (tpg) is among Switzerland’s largest public transportation operators, managing the daily movement of over 600,000 passengers across Geneva and neighboring France. With a fleet exceeding 450 vehicles, including trams, buses, electric buses, and trolleybuses, tpg’s infrastructure is integrally linked to Geneva’s public services. Thus, cybersecurity is essential not only for operational continuity but also for public safety and the State’s reputation.

In 2023, tpg initiated a confidential, high-stakes search for a trusted partner to replace its SOC with a fully managed, 24/7 Security Operations Center capable of protecting their diverse IT and OT environments. Out of eight carefully selected vendors, Senthorus emerged as the standout choice.

 

Senthorus, the managed security services provider, played a pivotal role in establishing the 24/7 SOC for tpg. Leveraging ELCA’s 55+-year history and its workforce of 2,300 professionals across Europe, Senthorus combined a strong local presence with global cybersecurity expertise, satisfying the stringent requirements of public sector security. This combination of local trust and international standards made Senthorus the ideal partner for tpg’s SOC transformation.

Senthorus TPG

Challenges

Complex IT/OT Environment
tpg’s environment integrates numerous traditional IT and specialized OT systems managing vehicle telemetry, operational control, and infrastructure monitoring. This architectural complexity introduced significant challenges in centralizing detection, ensuring consistent threat visibility, and securing communications across siloed platforms.

The Senthorus Solution

Senthorus delivered a flexible, future-ready SOC tailored specifically to tpg’s requirements, security maturity, and regulatory framework:

 

  • Cloud Adoption with Regulatory Alignment
    Senthorus guided TPG through the business case and security benefits of cloud adoption, providing regulatory briefings, cost modeling, and security workshops to facilitate the use of cloud security solutions such as SIEM and XDR. This adoption is based on the TPG tenant, considered an extension of their datacenter, and leverages the Senthorus Swiss backend hosted at ELCA to ensure data sovereignty and compliance with Swiss regulatory standards.
  • Unified IT Coverage
    By deploying Azure Monitor Agent (AMA) and Azure Resource Connector (ARC), telemetry from across the IT environment was centralized, enabling consolidated monitoring, event correlation, and accelerated coordinated responses.
  • Custom Detection Rules
    Beyond utilizing over 900 detection rules, 356 of which were actively deployed. Senthorus developed tailored security content aligned specifically with tpg’s unique infrastructure. This approach enhanced detection precision, minimized false positives, and ensured contextual alerts.
  • Expert-Led Enablement & Onboarding Support
    Senthorus experts delivered comprehensive training to tpg’s teams, supported the deployment and configuration of Extended Detection and Response (XDR) capabilities, and provided hands-on assistance throughout the SIEM onboarding process. 

 

Additionally, Senthorus collaborated with tpg to improve tpg  security standards by laying a robust foundation for effective detection, event correlation, and incident response. This collaborative approach ensured a seamless and impactful operational transition.

 

 

"From the outset, the setup process was smooth, structured, and executed with minimal disruption to our operations. Senthorus demonstrated deep technical expertise, clear communication, and dedication to our specific security requirements." 

 

Cyber Security Program Director, tpg

Business Impact

Transitioning from an 8x5 SOC model to a fully managed, 24/7 Security Operations Center, tpg significantly enhanced its threat visibility and response capabilities. The coverage increased dramatically, from 24% to 100%, ensuring continuous monitoring and quicker incident response. Remarkably, 30% of alerts were managed in real-time, and 27.5% of all alerts were triaged and resolved outside regular business hours, highlighting the critical value of round-the-clock monitoring in minimizing vulnerabilities during nights, weekends, and holidays.

 

This strategic output notably strengthened tpg’s cyber resilience and provided operational peace of mind.

Key Metrics

  • SOC Coverage: Expanded from 24% to 100%
  • Mean Time to Acknowledge (MTTA): 3.4 minutes
  • Mean Time to Resolve (MTTR): 37 minutes
  • Detection Rules: Over 900 available, 356 actively deployed
  • Data Sources and Assets: Over 20 data sources and more than 1,500 onboarded assets
  • Detection and Response: 24/7 real-time triage and remediation across tpg’s IT environment
  • After-Hours Coverage: 27.5% of alerts resolved outside business hours, emphasizing the importance of continuous monitoring
  • Telemetry Centralization: Complete integration through AMA & ARC

"Since implementation, the SOC/MSSP services have significantly improved our threat visibility, response times, and overall cyber resilience. The 24/7 monitoring, proactive threat hunting, and incident management have exceeded our expectations."
 

Cyber Security Program Director, tpg