Managed EDR/XDR with automation

Detection that acts, not just alerts

Detection and response on your endpoints and servers (EDR/XDR), with automation: isolating a machine, blocking an indicator, killing a process — triggered automatically, in under a minute. Beyond a simple antivirus, we correlate several sources (endpoints, identity, network, SaaS) to see the whole attack. Managed, sovereign, billed per seat.

We’re clear on scope: automation acts; 24/7 human watch is our SOC/MDR service.

Who it’s for

• SMBs that have outgrown basic antivirus — you want behavioural detection and automatic response, not just signatures.
• Teams with a mixed estate — endpoints, servers and SaaS to correlate in one view rather than in silos.
• IT-support clients moving up — you add an advanced security layer on the same contract and the same invoice.

What’s managed

Responsibilities are split clearly and in writing:

• We manage: deployment and tuning of the EDR agent (Windows, macOS, Linux).
• We manage: XDR correlation (endpoints, M365/Entra identity, network, SaaS).
• We manage: automation playbooks (auto-isolate, block indicator, notify), threat-intelligence feeds and the monthly detection report.
• Shared / You: risk acceptance and allow-list sign-off.

Features included

• Multi-OS EDR agent (Windows, macOS, Linux), lightweight rollout via RMM
• Behavioural detection, not just signatures
• Multi-source XDR correlation (endpoints, identity, network, SaaS by tier)
• Automated response: auto-isolate, block indicator, kill process
• Guided remediation, then auto-remediation on the Signature tier
• Custom playbooks (n8n) on the Signature tier
• Log retention from 30 days to 1 year by tier
• Monthly detection report, up to proactive threat hunting on Signature

The Essential, Pro and Signature tiers, billed per seat (a server counts as one seat), with their published prices, are detailed in the table below.

Security included

The EDR detects suspicious behaviour on each machine; the XDR layer correlates it across sources to tell a real incident from a false positive. When an indicator is confirmed, automation contains the threat in under a minute — isolate, block, kill process. Everything is self-hosted in the EU; tuning and allow-lists keep false positives down, starting in dry-run mode.

Frequently asked questions

How is EDR different from antivirus? Antivirus recognises known threats by signature. EDR watches process behaviour and catches the unknown too, then lets you investigate and respond.

And EDR versus XDR? EDR covers endpoints. XDR correlates several sources — endpoints, identity, network, SaaS — to reconstruct an attack that crosses multiple surfaces.

Doesn’t auto-isolate cause false positives? We start in dry-run mode, tune thresholds and maintain allow-lists before enabling automated response. False positives are managed, not endured.

Where is my data? On our self-hosted infrastructure in the European Union. No data leaves the EU.

Do I also need a SOC? Automation acts on its own for known cases. For 24/7 human monitoring and analyst-led incident response, see our SOC/MDR service.

Go further

Add the 24/7 human layer with our SOC/MDR, hand your devices to IT support, or reduce the surface with server hardening — one contract, one invoice, one SLA.