

Bridewell MDR
Microsoft-native MDR provider specializing in Critical National Infrastructure (CNI) protection across energy, transport, utilities, and government sectors. Built on Microsoft Sentinel and Defender XDR with deep OT/ICS expertise. Merged with I-Tracing in May 2025 under common ownership to form a ~1,000-person European cybersecurity services group. Holds more NCSC assured services (7) than any other UK provider. CREST-accredited SOC with security-cleared analysts.
Buyer fit
Good fit when
- ✓UK and European Critical National Infrastructure organizations (energy, transport, utilities, government) needing NCSC/CREST-assured MDR
- ✓Organizations with Microsoft 365 and Azure footprints wanting native Sentinel/Defender XDR managed services
- ✓Regulated entities requiring security-cleared analysts and compliance with ISA/IEC 62443, NCSC frameworks, and UK government standards
Watch out when
- ×Organizations requiring multi-vendor, platform-agnostic MDR beyond the Microsoft ecosystem
- ×North American companies wanting established US-based SOC presence (UK/Europe-focused historically)
- ×Budget-conscious buyers needing transparent pricing, published metrics, or breach warranty backing
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –24/7 Incident Response (separate service, not included in base MDR)
- –OT/ICS security consulting and monitoring (specialist engagement)
- –Penetration testing (NCSC CHECK-approved)
- –Cyber security consultancy (NCSC assured)
- –Risk assessments and audits
- –Microsoft Funded Engagement programs (discounted/subsidized services)
- –Vulnerability management services
Cost caveats
- –Incident response is NOT included in base MDR, it is a separate 24/7 service
- –Requires Microsoft Sentinel and Defender XDR licensing (customer cost)
- –OT/ICS coverage requires specialist engagement beyond standard MDR
- –UK/Europe focus, US expansion underway but limited North American SOC presence historically
- –I-Tracing merger (May 2025) introduces integration risks during transition period
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
Limited public reviews due to CNI/government client base where testimonials are restricted. Published case studies from Northern Gas Networks and Manchester Airport Group praise technical depth and organized delivery. No G2/Gartner Peer Insights presence and zero Reddit mentions suggest limited visibility outside UK CNI and public sector markets. Hard to assess independently.
What customers praise
- ✓Deep technical expertise in CNI, OT/ICS, and regulated environments. Case study clients recommend Bridewell to peers.
- ✓Most NCSC assured services of any UK provider (7 services), CREST SOC and CSIR accredited, security-cleared analysts for government work
- ✓Sentinel deployment in customer's own tenant with detection rules treated as customer IP. Verified Microsoft MXDR partner.
Common complaints
- ×No publicly disclosed pricing, metrics, or breach warranty makes evaluation difficult compared to transparent competitors
- ×Microsoft platform lock-in limits flexibility for organizations with multi-vendor stacks
- ×Merged with I-Tracing (May 2025) under common ownership, creating uncertainty around service continuity during integration
No Reddit discussions found. Brand awareness appears limited outside UK CNI and government sectors.
Questions to ask
- 1.
24/7 incident response is a separate service. What is the additional cost, and does it integrate with the MDR service or operate independently?
- 2.
What specific response actions will your analysts take autonomously in our Microsoft environment, and which require our approval?
- 3.
How has the I-Tracing merger (May 2025) changed service delivery, analyst teams, and account management? Are UK SOC analysts the same team?
- 4.
What is the exact pricing for our Microsoft footprint (Sentinel data ingestion, Defender licensing, and MDR services)?
- 5.
Do you offer a North American SOC presence, or will our environment be monitored exclusively from the UK?
- 6.
What happens to our Sentinel workspace, detection rules, and custom configurations if we decide to transition to another MDR provider or bring SOC in-house?
- 7.
For OT/ICS environments, what is the pricing model and analyst expertise for operational technology monitoring beyond standard IT MDR?
- 8.
Can you provide references from non-CNI commercial organizations outside the UK government and utilities sectors?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.