

Blackpoint Cyber MDR
MSP-channel-only MDR founded by former NSA operatives, selling exclusively through managed service providers. Blackpoint's SNAP-Defense platform uses a patented Live Network Map to detect lateral movement and tradecraft patterns, and the SOC acts autonomously without waiting for partner approval. Backed by $190M Series C from Bain Capital (2023). Now led by CEO Gagan Singh (ex-McAfee/Norton) with founder Jon Murchison as Executive Chairman.
Buyer fit
Good fit when
- ✓MSPs seeking a purpose-built MDR platform with autonomous SOC response for their SMB clients
- ✓SMBs (via MSP partners) wanting fast incident containment without managing security in-house
- ✓Microsoft 365 environments needing endpoint, cloud and identity coverage through one provider
Watch out when
- ×Enterprises buying MDR directly, not through an MSP channel. Blackpoint does not sell direct.
- ×Organizations needing granular control over SOC approval workflows or custom playbooks
- ×Linux-heavy environments or teams wanting multi-vendor SIEM data correlation
Coverage
Platform
Additional capabilities
Incident response
Pricing
What costs extra
- –LogIC logging and compliance (separate product)
- –Cloud MDR for M365, Google Workspace and identity (separate product from endpoint MDR)
- –CompassOne Standard tier adds application control, vulnerability management and cloud posture over Essentials
- –Blackpoint RISK cyber liability insurance (separate product, not included with MDR)
Cost caveats
- –Pricing not publicly listed, requires custom quote through MSP
- –All payments non-cancellable and non-refundable per reseller agreement
- –Volume pricing (50+ endpoints) requires 1-year commitment
- –LogIC logging/compliance and Cloud MDR are separate purchases
- –Cannot buy direct. Must go through an MSP partner.
- –CompassOne Standard vs Essentials tier split means some features cost extra
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
G2 4.7/5 (257 reviews) and Grid Leader with 23 badges (Spring 2025). PeerSpot 9.0/10. MSPs praise the autonomous response model, easy deployment and channel-first approach. Recurring complaints about portal usability, limited SOC transparency and no Linux support. Glassdoor 3.6/5 flags analyst burnout concerns.
What customers praise
- ✓Autonomous SOC response: acts on threats without waiting for approval, contributing to 7-16 min MTTR (self-reported)
- ✓Easy, rapid deployment with month-to-month flexibility and MSP-native business model
- ✓Effective alert filtering where partners only see legitimate threats, reducing alert fatigue
Common complaints
- ×Portal dashboard gets cluttered and transparency into SOC investigation details is limited
- ×No Linux agent support (Windows/macOS only) and limited multi-vendor data correlation
- ×Glassdoor reviews (3.6/5, 2025-2026) flag analyst burnout and leadership concerns
Well-regarded on r/msp. Praised for actioning threats rather than just alerting. MSPs like the 6-month free Community Protection Program. Criticism: limited third-party tool correlation, portal usability.
Questions to ask
- 1.
What is the exact per-endpoint pricing for our MSP's environment size, and how do volume discounts scale?
- 2.
What specific actions does your SOC take autonomously, and can we configure any approval gates?
- 3.
How does SNAP-Defense integrate with our existing EDR (CrowdStrike/SentinelOne/Defender)? Does it replace or layer on top?
- 4.
What visibility do we have into SOC actions and investigation details through the portal?
- 5.
What is included in the base MDR vs. what requires LogIC, Cloud MDR or CompassOne add-ons?
- 6.
How does Linux endpoint coverage compare to Windows/macOS?
- 7.
What data do we retain access to if we terminate the relationship?
- 8.
What is your SOC staffing model? Do you have follow-the-sun coverage or US-only shifts?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public breach warranty is recorded.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.