Sapphire vs Total Assure
Sapphire and Total Assure are both Services firms that work with your existing tools. Sapphire targets SMB, Mid-market, and Enterprise organizations, while Total Assure serves SMB and Mid-market. Sapphire includes 4 attack surfaces in base pricing (Endpoint, Cloud, SaaS, Network), compared to 3 for Total Assure (Endpoint, Cloud, Network).
Buyer brief
Sapphire and Total Assure are both Services firms that work with your existing tools. Sapphire targets SMB, Mid-market, and Enterprise organizations, while Total Assure serves SMB and Mid-market. Sapphire includes 4 attack surfaces in base pricing (Endpoint, Cloud, SaaS, Network), compared to 3 for Total Assure (Endpoint, Cloud, Network).
Sapphire offers broader coverage (4 surfaces vs. 3). Total Assure may suit teams that need depth over breadth.
At a glance
| FIELD |  |  |
|---|---|---|
| Best fit | UK organisations that want MDR from a UK-owned provider with a UK-based CREST-accredited SOC | SMBs that want an outsourced security team with U.S.-based 24/7 SOC coverage |
| Price | Custom quote | Custom quote |
| Response authority | 1/6 actions · Configurable | 6/6 actions · Configurable |
| Stack | Works with existing stack | Own agent required |
| Data access | Dashboards | Dashboards |
| Warranty | None listed | None listed |
- Best fit
- UK organisations that want MDR from a UK-owned provider with a UK-based CREST-accredited SOC
- Price
- Custom quote
- Response authority
- 1/6 actions · Configurable
- Stack
- Works with existing stack
- Data access
- Dashboards
- Warranty
- None listed
- Best fit
- SMBs that want an outsourced security team with U.S.-based 24/7 SOC coverage
- Price
- Custom quote
- Response authority
- 6/6 actions · Configurable
- Stack
- Own agent required
- Data access
- Dashboards
- Warranty
- None listed
›› Detailed comparison
| FIELD | SapphireTECH-AGNOSTIC | Total AssureTECH-AGNOSTIC |
|---|---|---|
| ›› Fit | ||
| Target size | SMB, Mid-market, Enterprise | SMB, Mid-market |
| Sentiment | Mixed | Mixed |
| ›› Your stack | ||
| Approach | Works with your tools | Works with your tools |
| EDR integrations | EDR toolsMicrosoft technologies | SentinelOne |
| SIEM integrations | ExabeamSIEM tools | Splunk |
| Coverage | EPEndpoint: CoveredCloudCloud: CoveredIDIdentity: LimitedSaaSSaaS: CoveredNetNetwork: CoveredOTOT/IoT: Optional add-on | EPEndpoint: CoveredCloudCloud: CoveredIDIdentity: LimitedSaaSSaaS: LimitedNetNetwork: CoveredOTOT/IoT: Not covered |
| ›› Response | ||
| Response type | Active Remediation | Active Remediation |
| Approval policy | Configurable | Configurable |
| Response actions | Custom playbooks | IsolateKill processContainDisable accountsQuarantineCustom playbooks |
| IR included | ✓ Included | Separate |
| ›› Cost | ||
| Price range | Not published | Custom flat-rate pricing. No public dollar amount found. |
| Minimum seats | None | None |
| Breach warranty | – | – |
| ›› More details | ||
| Requires own agent | No | Yes |
| Endpoints | ✓ Included | ✓ Included |
| Cloud workloads | ✓ Included | ✓ Included |
| Identity | ~ Limited | ~ Limited |
| SaaS apps | ✓ Included | ~ Limited |
| Network | ✓ Included | ✓ Included |
| OT/ICS | + Optional | Not offered |
| Threat hunting | ✓ Included | ✓ Included |
| Response SLA | Not disclosed | Not disclosed |
| 24/7 coverage | ✓ | ✓ |
| Pricing model | Custom quote. Sapphire does not publish MDR package pricing. | Flat-rate monthly pricing is claimed publicly, with no per-user fees and no hidden charges. Total Assure does not publish actual monthly price bands, minimums or what changes the flat rate as employees and infrastructure scale. |
| Hidden cost warnings | Public pages do not publish response SLAs or exact response-authority rules.. MDR, MXDR and OT SOC scope can differ materially, so buyers should define monitored surfaces in the order form.. The page publishes vendor-reported comparative metrics without independent methodology.. IR hours are included as standard, but buyers should confirm number of hours, coverage triggers and overage rates. | Confirm exactly which services are inside the flat monthly MDR rate, especially email security, vulnerability management, digital forensics and recovery.. Confirm whether Splunk, SentinelOne, Avanan, Tenable or other third-party tool costs are included or passed through.. The site claims no per-user surprises, but buyers should ask how the flat rate changes as employees, endpoints, cloud workloads and log volume grow.. No public contractual MDR SLA table, service-credit language or breach warranty was found. |
| Data portability | Partial | Partial |
| Contract terms | Custom | Monthly, Custom |
| Channels | PortalEmailPhone | EmailPortalPhone |
| Data access | Dashboards | Dashboards |
| Dedicated analyst | – | – |
| SOC regions | Europe | North America |
| Onboarding | Sapphire references onboarding and implementation that can be shorter than expected, but no standard public MDR onboarding timeline was found. | Typical deployment reaches full 24/7 SOC protection by day 30 after discovery, deployment, configuration, tuning and baselining. |
| Industry focus | Public SectorDefenceFinancial ServicesProfessional ServicesIndustrialsManufacturingOperational TechnologyHealthcare | HealthcareFinancial ServicesManufacturingProfessional ServicesEducationDefense Industrial Base |
| MTTD | Not published | Not published |
| MTTR | Not published | Not published |
| Community view | Sapphire has limited MDR-specific community review volume. The public buyer case is strongest for UK ownership, UK-based SOC delivery, CREST SOC accreditation and IT/OT services depth. Buyers should validate response authority, price, metrics and the exact split between MDR, MXDR, OT SOC and incident-response work. | Public buyer-review signal is thin. G2 shows 5.0/5 from one review, says there are not enough reviews to provide buying insight, and categorizes the review under managed security services and vulnerability assessment rather than MDR specifically. |
| Compliance | ISO 27001NISTHIPAADORACyber Essentials PlusCRESTGDPRPCI DSS | SOC 2 Type IIHIPAAISO 27001CMMCNIST |
| Certifications | CREST SOCCREST Penetration TestingCyber Essentials PlusISO 27001 | SOC 2 Type IIISO 27001 |
| Founded | 1996 | 2023 |
| Data retention | Not published as a standard MDR retention period. | Not published |
| API available | – | – |
| Website | Visit → | Visit → |
›› FAQ
What is the main difference between Sapphire and Total Assure?
Sapphire is a Services firm that is technology-agnostic (works with your existing tools). Total Assure is a Services firm that is technology-agnostic (works with your existing tools). Sapphire covers 4 attack surfaces in base pricing vs. 3 for Total Assure.
How do Sapphire and Total Assure differ in response capabilities?
Sapphire supports 1 autonomous actions (custom playbooks) and approval is configurable. Total Assure supports 6 autonomous actions (account disable, custom playbooks, endpoint isolation, file quarantine, network containment, process termination) and approval is configurable. Incident response is included with Sapphire and not included with Total Assure.
How does Sapphire pricing compare to Total Assure?
Sapphire pricing: Not published. Total Assure pricing: Custom flat-rate pricing. No public dollar amount found.. Watch for with Sapphire: Public pages do not publish response SLAs or exact response-authority rules.; MDR, MXDR and OT SOC scope can differ materially, so buyers should define monitored surfaces in the order form.. Watch for with Total Assure: Confirm exactly which services are inside the flat monthly MDR rate, especially email security, vulnerability management, digital forensics and recovery.; Confirm whether Splunk, SentinelOne, Avanan, Tenable or other third-party tool costs are included or passed through..
Should I choose Sapphire or Total Assure?
Choose Sapphire if: uK organisations that want MDR from a UK-owned provider with a UK-based CREST-accredited SOC. Choose Total Assure if: sMBs that want an outsourced security team with U.S.-based 24/7 SOC coverage. Sapphire is not ideal for buyers that need public MDR pricing or contractual response SLAs before sales engagement. Total Assure is not ideal for enterprises needing published MDR benchmarks and formal public SLA terms before engaging sales.
Daylight Security
AI-native MDR for buyers comparing active remediation across endpoint, cloud, identity, and SaaS. Daylight works with existing EDR/SIEM stacks and uses ChatOps-native collaboration, so it can be a useful third reference point in this comparison.