Keeping your data secure

Privacy and security

Security is a priority for Sekoia. We are committed to ensuring confidentiality and integrity of your information and to maintaining the highest level of availability in our SOC platform.

Foundation of trust

A resilient solution

Sekoia is a EU-funded, robust security platform built on agnostic technological suppliers. Resilience is built in our technological choices and our supply chain. Deployments are international, to allow you to choose your data location serenely.

Global compliance, local peace of mind

The Sekoia product suite is compliant with international regulations like NIS2, DORA, GDPR or the CRA. Our architecture is designed to respect local data residency requirements without sacrificing global performance.

Trust badges

Sekoia is compliant with international security standards like ISO27001, SOC2 and PCI-DSS. Visit our trust center to access these documents and certifications, as well as our Security Whitepaper that details many security controls enforced in the product.

Visit Trust Center

Secure infrastructure

Data encryption

All customer data is transferred securely using TLS v1.2 and above. At rest, data is encrypted using state-of-the-art encryption like AES256.

Data storage

All our data is stored by certified hosting providers in various geographical locations (see our regions). These providers handle the physical security of their facilities and tightly control access.

Reliability

Backups are performed daily and stored off-site. Restoration tests are performed regularly. We monitor uptime and have 24/7 human coverage. Check our current uptime at status.sekoia.com.

Sekoia platform – Hunt module interface showing threat hunting workflow, step 1

Secure platform

Authentication icon

Authentication

We provide the ability to enable two-factor (2FA) authentication to your Sekoia account and/or Single-Sign-On. Account passwords are hashed and salted and cannot be retrieved.

Vulnerability management icon

Vulnerability management

We proactively address vulnerabilities in Sekoia’s code through automated tools, peer-review, and regular tests. Web access is proxied behind a Web Application Firewall which detects and blocks unwanted traffic.

Observability icon

Observability

Any action performed on the platform by your SOC operators and administrators is logged to comply with audit trail requirements or trigger custom detection rules to ensure the security of your environment.

Organizational measures

Internal security standards

Our security controls include leveraging two-factor authentication with U2F tokens, a zero-trust architecture, RBAC and least-privilege in the organization, endpoint management, encryption, and a comprehensive logging policy.

We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and new hacking techniques.

Employees working with customer data (such as support or engineering teams) undergo background checks prior to employment.

Sekoia platform – MITRE ATT&CK heatmap showing detection coverage across tactics and techniques

Observability

We have a dedicated internal Computer Emergency Response Team (CERT) that constantly monitors our environment for security events. This team also handles penetration testing, social engineering exercises, and awareness sessions.

Read our RFC2350

Sekoia platform – Respond module interface showing incident response workflow, step 2

Compliance and documentation

We comply with international norms such as ISO 27001 and PCI-DSS, the reference standard in the card payment industry.

Discover our security and compliance program, browse our security White Paper, and check our security controls in real time at trust.sekoia.com.

Sekoia platform – Investigate module interface showing threat investigation view, step 3

Privacy

Data privacy

We have a strict policy to respect the privacy of our customer data. We regularly review and update our policies and processes to follow reglementary changes or evolutions in our product.

We use a privacy policy that is enforced on all our websites. We do not compromise on your privacy. Read our full privacy policy.

We use a cookie policy that is enforced on all our websites. We make sure we display Internet content accordlingly with user consent.

Read our full cookie policy

EU General Data Protection Regulation (GDPR)

We ensure compliance with the General Data Protection Regulation (GDPR). In the event that Personal Data is transferred outside the European Union, we undertake to implement the measures required by the Personal Data Regulation including security measures, adequate transfer mechanism etc.

Privacy in the product

Our legal and privacy teams work with our technical leads across the organization to make sure our products and features comply with applicable data protection laws. Our terms of use can be found here.

Processing activities

Sekoia selects its subcontractors with the utmost care and conducts business with subcontractors that provide sufficient security guarantees. For more information on the subcontractors involved in the provision of Sekoia.io solutions, please visit our Trust Center at trust.sekoia.com.

Our Data Processing Agreement is encapsulated in our customer contracts but can also be recovered directly from our Trust Center.