At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Alert-only
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 3 SOC regions
- IR retainer
- Separate
- Customers (public)
- 350+ protected customers, with 1,000+ enterprise clients stated company-wide
- SOC analysts
- Cipher says it has more than 200 cybersecurity professionals. Specific SOC analyst count is not published.
- Onboarding
- Cipher advertises 20 days for full service activation, but buyers should confirm scope and contract timing.
Best for
Ideal for
- Mid-market and enterprise buyers that want a managed service layered over existing security tools
- Organizations that value Prosegur backing, local support and a six-SOC delivery footprint
- Teams that want central portal visibility, threat hunting, alert triage and AI-assisted analyst support
Not ideal for
- Buyers that need public MDR pricing before sales
- Teams that require published named EDR, SIEM or SOAR integrations before a call
- Organizations that need public default containment actions, contractual response SLAs or independently validated MTTD and MTTR figures
Coverage
Endpoint
Limited
Cloud
Limited
Identity
Not offered
SaaS
Not offered
Network
Limited
OT / IoT
Not offered
Compatible tools
EDR
Cloud
Additional capabilities
Incident response
- Monitoring
- 24/7 · Cipher says it operates a 24/7/365 modern SOC, 24/7 xMDR service and a network of six Cybersecurity Operation Centers. Its public pages list cybersecurity-professional presence in the USA, Brazil, Spain, Portugal and Paraguay, but exact SOC addresses, shift model and analyst-to-customer ratio are not published
- First response
- Alert only — provider notifies your team with recommended actions
- Containment
- None documented
- Response SLA
- Not disclosed · Cipher publishes 24/7 protection, 24/7/365 modern SOC delivery, a 15-minute response-time claim, proactive response, incident response and threat neutralization language for xMDR.
- IR included
- No — separate retainer
Detection quality
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- Cipher says Smart Alert uses past feedback for cross-correlation and grouping, with more than 75% noise reduction. It does not publish a full false-positive methodology or tuning cadence.
Threat hunting
- Included
- Yes — in base service
- Approach
- proactive
- Frequency
- Continuous threat hunting is vendor-stated. Exact cadence not published.
Pricing
Custom quote. Cipher does not publish xMDR package pricing.. Custom or xmdr services or xmdr platform contracts.
- Indicative price
- Not published
What costs extra
- -Exact xMDR pricing requires a Cipher quote
- -xMDR Platform and xMDR Services scope should be confirmed in the order form
- -PCI DSS services, penetration testing, vulnerability assessment and cyber risk work may be separate from MDR
- -Integration effort may vary by existing EDR, IPS/IDS and cloud environment
Cost caveats
- -Cipher says xMDR works with the existing technology stack, so buyers should confirm which tools are included in the quote and what integration work is extra.
- -Public pages do not publish response SLAs, contract minimums or service-credit language.
- -The site names EDR and IPS/IDS integration but does not publish named vendor integrations.
- -Response wording is broad, so buyers should document pre-approved actions before go-live.
Pricing compiled from public sources. Verify directly with the provider.
The team
- Analysts
- Direct employees · Cipher says it has more than 200 cybersecurity professionals. Specific SOC analyst count is not published.
- Certifications
- ISO 27001ISO 22301ISO 20000ISO 9001SOC ISOC IIPCI QSAPCI ASVCRESTTF-CSIRT
- Channels
- Portal
- Data access
- Dashboard Access
- Portal
- Cipher says the xMDR portal shows current profile, digital adversaries, available rules, use cases, investigations, reports and KPIs. Public pages do not show raw query access or full case workflow.
- Account manager
- Shared / pooled
Reputation
No meaningful MDR-specific buyer-review signal was found in major English-language review communities during this pass. The public buyer case rests on Cipher's Prosegur ownership, xMDR Platform, 24/7 SOC claim, six-SOC footprint, portal access and existing-stack positioning. Buyers should validate pricing, response authority, named integrations and SOC delivery details directly.
Reddit (r/sysadmin, r/msp)
No meaningful Reddit signal found for Cipher xMDR specifically.
Questions to ask
7 questions to ask Cipher▾
- 1.
Which tools in our current stack can Cipher integrate without extra work?
- 2.
Which EDR, SIEM, cloud and ticketing platforms are supported by name?
- 3.
Which response actions can Cipher take directly, and which require our approval?
- 4.
Which SOCs support our contract, and where are they located?
- 5.
What contractual SLA applies to high-severity triage, escalation and containment?
- 6.
What xMDR Platform data, reports, rules, cases and KPIs can we export if we leave?
- 7.
Are PCI DSS services, penetration testing and vulnerability assessment included in the MDR quote?
Evidence
Sources reviewed
Public-data caveats
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response authority may depend on pre-approval and contract scope.
- -MDR analyst headcount or analyst-to-customer ratio is not public.