Buyer fit
Good fit when
- ✓SMB and mid-market organizations that want hands-off MDR remediation rather than alert triage
- ✓At-Bay cyber insurance policyholders who may qualify for premium credits or coverage enhancements
- ✓MSPs that want to add full-service MDR without building a 24/7 SOC
Watch out when
- ×Large enterprises needing published global SOC locations, formal SLA tables and mature third-party analyst validation
- ×Teams requiring raw log query access or full portability of detection content
- ×Buyers that require published per-user or per-endpoint pricing before engaging sales
Coverage
1 of 6 attack surfaces in the base price — the rest are separately priced.
Platform
Additional capabilities
Incident response
Pricing
What costs extra
- –Exact MDR pricing requires consultation or package estimate
- –Cyber insurance is separate from Stance MDR, though insurance enhancements may depend on qualifying conditions
- –Endpoint, email, identity, cloud and MXDR package scope should be confirmed separately
Cost caveats
- –Insurance premium credits and coverage enhancements are conditional and depend on the buyer's risk profile, policy terms and qualifying conditions.
- –Stance MDR is not required for At-Bay insurance coverage and is not limited to At-Bay policyholders, but the strongest value story is tied to cyber-insurance outcomes.
- –No public contractual SLA or service-credit table was found despite under-15-minute containment claims.
- –Specific EDR/email/cloud technologies and data export options should be confirmed in writing.
Verify pricing directly with the provider.
Team and access
Reputation
At-Bay has strong first-party customer testimonials on MDR pages, but little independent public MDR review signal was found in this pass. The market story is current and differentiated through InsurSec, SentinelOne partnership, claims data, and MSP channel materials, but buyer validation should rely on references until more third-party MDR reviews accumulate.
What customers praise
- ✓Differentiated InsurSec model tying MDR adoption to insurance incentives
- ✓Full-remediation positioning is attractive for lean SMB and mid-market teams
- ✓SentinelOne partnership adds credible endpoint and cloud detection backing
Common complaints
- ×Limited independent public MDR review volume
- ×Insurance-linked value can be hard to compare against conventional MDR pricing
- ×No public price bands, contractual SLA table or detailed response playbooks
No meaningful Reddit signal found in this pass.
Questions to ask
- 1.
What contractual SLA applies to detection, containment, remediation and customer notification?
- 2.
Which response actions can At-Bay execute without customer approval across endpoint, email, identity and cloud?
- 3.
Which EDR/email/cloud technologies are deployed today for Endpoint MDR, Email MDR and MXDR?
- 4.
Where are SOC analysts physically located, and what is the minimum overnight/weekend staffing model?
- 5.
How are premium credits, ransomware retentions, waiting periods and financial fraud sub-limits calculated for our risk profile?
- 6.
Can non-At-Bay policyholders buy the same MDR scope and service levels as At-Bay policyholders?
- 7.
What data, incident history and reports can we export from the MDR Portal if we leave?
- 8.
Can you provide customer references for companies of our size that use endpoint, email, identity and cloud coverage together?
Evidence
Sources reviewed
Main public source used for the provider profile.
Official Stance platform page describing the AI-powered unified security platform, claims-data-driven risk intelligence, MDR coverage and insurance-linked enhancements.
Official July 2025 announcement of At-Bay Stance MXDR for small and mid-market businesses, spanning endpoint, cloud, identity and email with a SentinelOne alliance.
Official MXDR page describing endpoint, email, cloud and identity coverage, full-service remediation, separate custom MDR package options and vendor-reported incident avoidance data.
Official endpoint MDR page describing 24/7 expert monitoring, endpoint containment/remediation and MDR package positioning.
Official email MDR page describing AI-powered email security, dedicated experts and rapid response/remediation for email threats.
Official packages page used for optional MDR purchase terms, estimated MDR cost flow, premium credits, ransomware and financial fraud coverage enhancement wording.
Official trust page confirming SOC 2 Type II, US AWS data processing/storage, encryption, audit logs and incident response procedures.
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public breach warranty is recorded.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Independent research. Verify details directly with the provider before making decisions.
