How we research, score and verify MDR providers
MDR Providers.io is an independent directory of Managed Detection and Response providers. We surface facts so buyers can decide.
TL;DR
/01How we collect data
Every provider profile is built from publicly available sources:
- Vendor documentation: product pages, datasheets, integration guides, pricing pages.
- Third-party evaluations: MITRE Engenuity ATT&CK evaluations, Gartner Peer Insights, Forrester Wave.
- User reviews from PeerSpot, G2, Reddit (r/msp, r/cybersecurity), and TrustRadius.
- Practitioner blogs and guides, including CISO evaluation frameworks and vendor switching stories.
- Careers pages and LinkedIn for SOC team composition signals.
/02We don't rank providers
We deliberately avoid ranking MDR providers. “Best MDR” depends entirely on your stack, your team size, your budget, and your compliance requirements. Instead, we surface structured, comparable facts and let you filter by what matters to your organization.
/03Community sentiment
We aggregate community sentiment from multiple platforms:
- Reddit (r/msp, r/cybersecurity, and related subreddits): we look for recurring themes across multiple threads, not isolated opinions.
- PeerSpot and G2: we focus on low-star reviews to surface post-purchase regrets and common complaints.
- Gartner Peer Insights: verified practitioner reviews with organizational context.
Sentiment labels (Very Positive, Positive, Mixed, Negative) reflect aggregated themes, not star rating averages. A provider rated “Mixed” may have passionate advocates and vocal critics. That context matters more than a number.
/04The "not published" signal
When a field shows “Not published,” that is itself a data point. A provider that doesn’t publish MTTD/MTTR, disclose analyst-to-customer ratios, or share pricing ranges is making a choice about transparency. We show this absence rather than hiding it.
/05Editorial policy
Vendors cannot pay to be included in the directory or to change profile facts. Sponsored placements are clearly labeled and do not affect how data is presented, how filtering works, or which providers appear in editorial picks.
/06How we handle "questions to ask"
Each provider profile includes provider-specific evaluation questions. These are synthesized from:
- Common blind spots identified in user reviews and complaints.
- Areas where the provider’s public documentation is vague or incomplete.
- Known friction points from vendor switching stories.
- Due diligence gaps that CISO evaluation guides highlight.
/07Update cadence
Provider data is reviewed and updated regularly. The “Last Updated” date on each profile reflects the most recent verification pass. If you notice incorrect or outdated information, we welcome corrections.
/08For MDR providers
If you’re an MDR provider and want to update your listing with accurate data, we welcome it. Corrections based on verifiable public information are prioritized. We do not accept requests to remove negative sentiment themes or hide limitations. Transparency is core to our value proposition.