Aller au contenu
FRENFR-CAEN-CA
Contact
Service

24/7 managed SOC — human team in 3×8, fully internalised

A SOC that picks up, qualifies, contains — by humans who know you, day and night.

01 · Pillar

Three human teams in 3×8

No script-only monitoring. Six to eight security engineers per team, all on Hexceos payroll, rotating 3×8 to cover 24/7. No quiet hours, no externalised "first level".

02 · Pillar

Internalised, France-based

No outsourcing, no offshore. The engineers who qualify your alerts at 3 a.m. brief you at the board meeting. All security-cleared and ANSSI-trained.

03 · Pillar

Proprietary stack

Hexceos Sentinel (EDR/XDR), integrated SIEM, in-house SOAR platform. All telemetry stays inside our French datacenter. No data leaves the EU.

04 · Pillar

Proactive threat hunting

Proactive threat hunting across 90 days of historised telemetry (1 year on request). Pre-written hunting queries for common TTPs, MITRE ATT&CK community contributions.

05 · Pillar

Crisis cell and CSIRT

Activation in under one hour, 24/7. Forensics, containment, rebuild, regulatory communication CNIL, ANSSI, sector authorities.

A human SOC, not just a console

Most “managed SOCs” on the market are in fact a hosted SIEM console and a phone-only on-call. Ours is a human organisation: 18 to 24 engineers, internalised, in France, on Hexceos payroll, rotating 3×8 to cover your alerts without interruption.

It costs more to run. It is also why we report an 11-minute average MTTR across 187 qualified incidents in 2025.

What we cover

  • Detection — EDR/XDR (Hexceos Sentinel or your existing stack), SIEM, cloud, identity, network telemetry.
  • Qualification — human, on all critical alerts.
  • Response — automated for containment (endpoint isolation, account disable), human for strategic decisions.
  • Threat hunting — 90 days of telemetry minimum, 1 year on request.
  • Crisis cell — activated in under one hour, 24/7.

Service commitments

  • 18 to 24 internalised security engineers.
  • 3×8 without interruption, based in France.
  • 2025 average MTTR — 11 minutes.
  • Security clearance for the relevant missions.
  • Telemetry data hosted in our sovereign datacenter.
FAQ

Questions
we get asked.

Why 3×8 rather than follow-the-sun?
Follow-the-sun outsources monitoring to different teams depending on the timezone — meaning heterogeneous skills, languages and contexts. Our 3×8 keeps the same French team, with the same knowledge of your IT estate, 24 hours a day. It costs more to run, but it is what separates an 11-minute MTTR from a one-hour MTTR.
What MTTR do you commit to contractually?
Measured MTTR in 2025 — 11 minutes across 187 qualified incidents. Our contractual commitments depend on the scope, but we typically commit to a contractual MTTR below 30 minutes for critical incidents, 24/7.
Do you operate on top of another EDR?
Yes. Our SOC can operate on telemetry from CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Sophos, etc. Hexceos Sentinel remains our preferred stack, but we adapt the SOC to your existing tooling when replacement is not relevant.
How do alerts reach my team?
Three default channels — ticket in your ITSM (Jira, ServiceNow, Zendesk), Slack/Teams notification for high-criticality, and phone call for critical incidents. Customisable in the contract.
Let's talk

30 minutes,
no commitment.

A senior engineer, your situation as it is, concrete answers.

Request a call Cybersecurity audit