Secure your network,

A Network Detection & Response solution & to identify cyber intrusions at the earliest stage and disable attackers.

Try it free of charge
Custocy software interface
Light / Dark mode
Anticipate _
Anticipate Detect Analyse React

Custocy is an NDR solution that provides unparalleled protection against future attacks.

It incorporates artificial intelligence to provide full visibility of your IT network through an intuitive interface. It provides real-time alerts to your security team of malicious behaviour, allowing them to proactively identify risks before an attack occurs.

Reduced cognitive load

Arm your team with a solution that makes their job easier. With our unique technology, we guarantee 88 times less false positives. Your cyber analysts are no longer subjected to an avalanche of alerts.

Optimised security

Make sure you reliably detect threats that other tools cannot. The Custocy Cyber Platform is a complementary security brick that can be used through its intuitive interface or integrated with the existing ecosystem (SIEM, EDR, XDR, etc.) without any prerequisites.

Increased network visibility

Stay ahead of the game by visualising and analysing malicious activity on your company's network: lateral movements, privilege escalation, command and control, detection of vulnerable assets...

Download the datasheet
Custocy video

Custocy at a glance

  • Network monitoring based on new Artificial Intelligence technology
  • Advanced Persistent Threat Detection
  • Detection of unknown attacks (Zero-Day)
  • 88 times less false positives
  • Integrated response with MITRE D3FEND
  • Advanced explainability of our AIs
30-day trial free of charge

Proactively reduce your vulnerabilities

Real-time detection by AI

Custocy leverages the power of its new collective intelligence technology solution, which brings together multiple AIs working at multiple time scales, to detect threats. Our AI blends advanced behavioural analysis and weak attack signal characterisation to reduce false alarms and detect threats even on encrypted data.

Threat Prioritisation

Custocy combines new AI technology with multiple sources of Threat Intelligence and projection into standards such as ENISA and the MITRE ATT&CK to track the progression of threats in real-time. An analyst can then see the course of an attack to find points of vulnerability and act BEFORE impact.

Targeted Response

With the integration of MITRE D3FEND, an analyst will know how to respond most effectively to an ongoing threat, how to investigate complex attack campaigns, and how to guard against future attacks.

Highly explainable AIs

The explainability of our AI models is an important research focus for us, no more “black boxes”. Our AIs explain how they make their decisions and we reveal exactly how they work, without compromising on performance.

Real-time detection by AI
Threat Prioritisation
Targeted Response
Highly explainable AIs

Explore our NDR solution

Download the datasheet


The Metalearner is an AI-based technology designed and developed in the Custocy laboratory. The procedures used during an attack can last from a few seconds (a malicious file upload) to several weeks (data exfiltration).

Our innovative approach has been to create a community of IAs who inspect the network at different time scales and who regularly consult each other to agree on the severity of a threat. The Metalearner orchestrates all these AIs to give the final decision to the cyber analyst by categorising the predictions in the Custocy interface with a threat score.

Our tests on real attacks show that aggregating multiple AIs is more accurate and generates 88 times fewer false positives than an approach that only considers a single time scale.


Custocy can be deployed without risk, alone or in conjunction with your existing SOC tools. A network expert and a data analyst are dedicated to guide you.


Our NETSENS probe is installed on-site, within your infrastructure. It collects and analyses network data on your site. It then connects to the AWS cloud via security access and only sends statistical data or alerts provided by the probe for AI analysis.

Our AI master, the Metalearner, hosted on AWS, receives thousands of events, prioritises them and feeds them back into the Custocy interface with a threat score.

The cyber analyst sees the most important threats appear in real-time. Their priority is colour coded making security management easier.

Custocy's software technology : metalearner Deployment Custocy software Architecture Custocy software