SOC

What a SOC is

A SOC (Security Operations Center) is the human and technical organisation that watches your IT estate for security signals around the clock. It typically combines:

• detection tools — EDR / XDR, SIEM, cloud security posture, network sensors;
• security analysts who triage alerts in real time;
• procedures for qualification, containment, escalation and crisis response.

A managed SOC delivers all this as a contracted service — useful for organisations that need 24/7 coverage but cannot reasonably hire and retain three rotating teams of senior security engineers.

3×8 vs follow-the-sun

Two main staffing models exist. A 3×8 SOC rotates three local teams through three eight-hour shifts in the same location and language. A follow-the-sun SOC routes alerts across geographies (e.g. Manila, Casablanca, Paris) so each team only works office hours locally.

The 3×8 model preserves continuity of context, language and culture with the client. The follow-the-sun model is cheaper but introduces handover friction at every shift change. See our article on the trap of follow-the-sun SOCs.

SOC at Hexceos

Our managed SOC operates in 3×8 from France and Quebec with fully internalised teams. Average measured MTTR in 2025: 11 minutes on 187 qualified incidents.