Senegal managed SOC: an essential but poorly structured service in 2026
A SOC (Security Operations Center) is the team + tools that monitor an organization's cybersecurity in real-time 24/7. Detects attacks, analyzes alerts, contains incidents, restores systems.
For Senegalese SMEs and large companies, building an internal SOC is too expensive (8-25 salaried analysts + tools + premises). Managed SOC outsources this service to a specialized operator.
Senegal managed SOC market 2026: ~8-14 billion FCFA/year. Main players: Sonatel CyberDefense (Sonatel subsidiary), Atos Senegal, IBM Senegal (via partnerships), Orange Cyberdefense Senegalese subsidiaries, plus 6-10 local players.
H2: Modern managed SOC technical architecture
SIEM (Security Information Event Management). Central tool aggregating logs from all sources (firewalls, servers, applications, endpoints) and correlating to detect suspicious patterns. Dominant 2026 tools: Splunk, IBM QRadar, Microsoft Sentinel, Elastic Security.
EDR (Endpoint Detection Response). User workstation behavioral monitoring (PC, servers, mobiles). Detects malware, 0-day attacks. Tools: CrowdStrike Falcon, SentinelOne, Microsoft Defender, Sophos Intercept X.
NDR (Network Detection Response). Network traffic monitoring. Detects attacker lateral movement, command & control communication. Tools: Darktrace, Vectra, ExtraHop.
SOAR (Security Orchestration Automation Response). Incident response automation. Allows analyst team to handle more incidents. Tools: Palo Alto Cortex XSOAR, Splunk Phantom.
Threat Intelligence. Emerging threats information feeds (CTI). Sources: MITRE ATT&CK, Recorded Future, ANSSI alerts.
Vulnerability Management. Continuous vulnerability scanning. Tools: Qualys, Tenable, Rapid7.
A complete modern SOC architecture costs 35-180 million FCFA in annual licenses for an average SME.
H2: Typical managed SOC services
24/7 monitoring. Analyst team (8-25 people for level 2 SOC) continuously monitoring alerts. 3 shifts (8h each).
Detection and alerting. Client notification under SLA (typically < 15 min for critical incidents, < 1h for moderate).
Investigation and confirmation. Analysts confirm true/false positive. Contain incident.
Incident response. Containment and eradication procedures. Client coordination.
Threat hunting. Proactive threat search (vs passive detection).
Monthly reporting. Metrics (alert count, false positives, incidents, MTTR). Dashboard for CISO/management.
Compliance. Helps meet CDP obligations (72h incident notification), BCEAO, ISO 27001.
H2: Senegal managed SOC pricing models
Tier 1 - SME (50-200 employees). Basic monitoring, EDR, light SIEM. 1.5-4.5 million FCFA / month. Suits simple e-commerce, agencies, service SMEs.
Tier 2 - Medium companies (200-1,000 employees). Tier 1 + threat hunting + SOAR + vulnerability management. 4.5-12 million FCFA / month. Suits regional banks, telecoms, retailers.
Tier 3 - Large accounts (> 1,000 employees or critical). Complete 24/7 service with dedicated analyst, premium threat intel, continuous red team, advanced compliance. 12-22 million FCFA / month. Suits major banks, ministries, telecom operators.
Custom - Very large companies. Bespoke by needs. 22-80 million FCFA / month.
Need a professional website?
Kolonell builds websites that attract clients, optimized for the Sénégalese market. Free quote in 2 minutes.
H2: Use cases by sector
Banks (CBAO, Ecobank, SGBS). Tier 2-3 managed SOC mandatory post-BCEAO 2025 regulation. Annual cybersecurity budget 200-800 million FCFA of which 40-60% in SOC.
Telecoms (Sonatel, Free, Wave). SOC often internal (Sonatel CyberDefense) or hybrid (internal + specialized external operators).
E-commerce and marketplaces. Tier 1-2 SOC. Focus payment + client data protection.
Ministries and administration. CSN service (National Cyber Security). Public SOC + private extensions.
International NGOs. Often imposed by international headquarters. Typical tier 1-2.
Large 200-500 employee SMEs. Tier 1-2 by data sensitivity.
H2: Pricing and investments to structure a managed SOC
For a player wanting to launch a managed SOC service in Senegal:
| Item | Upfront | Annual recurring |
|---|---|---|
| Institutional site + client portal | 14,000,000 to 25,000,000 FCFA | 2,500,000 FCFA |
| SOC tool licenses (SIEM, EDR, SOAR, Threat Intel) | 95,000,000 to 180,000,000 FCFA setup | 120,000,000 FCFA |
| Infrastructure (servers, storage, Tier III datacenter) | 65,000,000 to 140,000,000 FCFA | 35,000,000 FCFA |
| 18-32 certified SOC analysts (24/7 rotation) | 3,600,000 FCFA recruitment | 720,000,000 to 1,280,000,000 FCFA salaries |
| 4 managers + 1 SOC director | 1,500,000 FCFA recruitment | 220,000,000 FCFA |
| Team continuous training + certifications | — | 65,000,000 FCFA |
| Compliance (ISO audit, ANSSI, BCEAO) | 18,000,000 FCFA | 22,000,000 FCFA |
Upfront investment: 191-385 million FCFA. Annual recurring: 1.2-1.75 billion FCFA. For 15-30 clients at average 8 million FCFA / month = 1.44-2.88 billion FCFA / year. Net margin 18-28% = 260-810 million FCFA / year.
FAQ
Internal or managed SOC?
Internal SOC: suited > 1,500 employees + high sensitivity (banking, military). High costs (8-25 analysts + tools + premises). Managed SOC: suited < 1,500 employees or organizations without internal expertise. Higher cost/efficiency in 80% of cases.
How long to onboard a SOC client?
4-12 weeks by complexity. Steps: kick-off, pre-onboarding audit, EDR agent + log collection deployment, SIEM use case configuration, client team training, production go-live.
What standard SLA for managed SOC in 2026?
Critical alert detection: < 15 min. Client notification: < 30 min. Confirmation analysis: < 2h. Containment: per plan defined with client. MTTR (Mean Time To Resolve) target: < 24h for critical incidents.
How to differentiate on Senegal managed SOC market?
International players (IBM, Atos, Orange Cyberdefense) dominate large accounts. Possible differentiation: local SME positioning (adapted pricing, language, proximity), sector specialization (banking vs health vs e-commerce), additional services (audit integration, training, compliance).
Which roles to recruit for a SOC?
L1 SOC (24/7 monitoring + first triage analyst): 40-60% of team. L2 SOC (investigation, escalation): 25-35%. L3 SOC (incident response, threat hunting): 10-20%. Plus: threat intelligence analysts, security engineers, SOC manager.
Let's talk about your case
If you need a managed SOC for your organization in Senegal, or want to launch a SOC service, we can design the architecture and structure the offering. WhatsApp +221 77 596 93 33.
Mohamed Bah
Fondateur, Kolonell
Passionate about digital and entrepreneurship in Africa, Mohamed has been helping Sénégalese businesses with their digital transformation since 2020. Founder of Kolonell, he believes every SME deserves a professional and accessible online présence.
