Managed SOC & MDR (incident response)

Humans on watch, not just alerts

Human-watched security, 24/7, with incident response. When something happens, analysts detect, investigate, contain and walk you through to recovery — then hand you a post-mortem. This isn’t an alert board you have to triage alone at 3 a.m.: it’s a team that takes the wheel.

Our methodology is built on real in-house incident-response and forensics practice, with tooling self-hosted in Europe.

Who it’s for

• SMBs with obligations — cyber insurance requiring MDR, large-account clients, a regulated sector: you have to prove continuous monitoring.
• Teams that already have EDR/XDR — you have detection, you’re missing the 24/7 human layer to investigate and decide.
• Organisations with no in-house SOC — you can’t hire an analyst team of your own, but you need one.

What’s managed

Responsibilities are split clearly and in writing:

• We manage: 24/7 monitoring (SIEM + the EDR/XDR), human triage and investigation.
• We manage: incident containment and response, forensics (DFIR) and threat hunting.
• We manage: incident reporting, post-mortem and the incident-response retainer.
• Shared / You: executive decisions during an incident, legal and comms — which we advise you on.

Features included

• 24/7 monitoring on the Pro and Signature tiers (extended hours on Essential)
• Human triage, up to a named analyst on Signature
• Incident investigation, in-depth (DFIR) on Signature
• Active containment and response, on-site if needed on Signature
• Proactive threat hunting, from quarterly to continuous by tier
• Incident-response hours included each year (retainer)
• Monthly report + post-mortem, quarterly executive review on Signature
• Tabletop exercise annually or twice a year by tier

This offering requires an EDR/XDR data source (our dedicated service or equivalent) — we say so up front. The Essential, Pro and Signature tiers, priced per organisation, with their published prices and the per-severity SLA, are detailed in the table below.

Security included

The SOC brings together telemetry from your EDR/XDR and your SIEM, and analysts watch it continuously. If an incident occurs, the runbook starts: acknowledge, triage, contain, then forensic investigation and post-mortem. Response times are contractual and credited if missed. Everything is self-hosted in the EU.

Frequently asked questions

How is a SOC different from an EDR? The EDR detects and responds automatically to known cases. The SOC adds 24/7 humans who investigate, decide and lead the response on complex cases.

Do I need an EDR already? Yes, an EDR/XDR data source is required — or we deploy one via our dedicated service. We validate this at the start of the engagement.

What happens during an incident? The runbook fires: acknowledge within the SLA, triage, contain, investigate, then post-mortem. You’re kept informed in plain language at every step.

Is forensics included? Yes, DFIR investigation is part of incident response, with retainer hours included each year by tier.

What happens after the incident? A documented post-mortem and hardening recommendations, so the same breach doesn’t reopen.

Go further

SOC/MDR builds on EDR/XDR with automation; complete it with security administration and server hardening — one contract, one invoice, one SLA.