

ConnectWise MDR
MSP-channel MDR built on the ConnectWise Asio platform. Sold exclusively through MSP partners, not directly to end customers. Supports multiple EDR engines (Bitdefender, SentinelOne, Microsoft Defender) so MSPs can standardize or mix across their client base. Formerly Perch Security SIEM, acquired 2020.
Buyer fit
Good fit when
- ✓MSPs already in the ConnectWise ecosystem (PSA, RMM) who want MDR without a separate vendor relationship
- ✓MSPs serving SMB clients who need turnkey MDR without building their own SOC
- ✓MSPs that want to offer multiple EDR options (Bitdefender, SentinelOne, Microsoft Defender) across their client base
Watch out when
- ×Direct enterprise buyers, ConnectWise MDR is sold through MSP partners only
- ×Buyers who need analyst-validated MDR recognized by Gartner, Forrester, or MITRE
- ×Organizations that need reliable long-term log retention for compliance audits
Coverage
Platform
Incident response
Pricing
What costs extra
- –Incident response (separate ConnectWise service)
- –ConnectWise SIEM (may be separately priced)
- –BCDR add-on (ConnectWise Cloud Backup)
Cost caveats
- –Pricing requires sales engagement, no self-serve
- –Ecosystem lock-in through ConnectWise RMM and PSA bundling
- –12-36 month agreements typical
- –Data export is difficult when switching providers
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Reputation
ConnectWise SIEM has Capterra 4.6/5 from ~50 reviews. ConnectWise MDR has almost no independent reviews. PeerSpot ranks it #57 in MDR with 0.4% mindshare and zero collected reviews. Not included in Gartner or Forrester MDR evaluations.
What customers praise
- ✓Multi-EDR flexibility lets MSPs choose per client
- ✓Tight ecosystem integration with ConnectWise PSA and RMM
- ✓Proactive threat hunting focused on MSP-specific attacks
Common complaints
- ×SIEM described as not delivering on its promise, with an outdated UI
- ×Log retention flagged as problematic for audit compliance
- ×No independent analyst recognition (Gartner, Forrester, MITRE)
Almost no Reddit discussion about ConnectWise MDR specifically. Most threads discuss ConnectWise SIEM (Perch) and general platform frustrations. MSP community sentiment is mixed: appreciated for ecosystem integration, criticized for SIEM maturity.
Questions to ask
- 1.
What is the per-endpoint MDR price at our volume, and are there minimum seat requirements?
- 2.
What SIEM log retention do you provide, and does it meet SOC 2 or HIPAA audit requirements?
- 3.
What response actions does the SOC take automatically vs. requiring our approval?
- 4.
What is included in base MDR vs. the separate incident response service?
- 5.
What data can we export if we leave, and what does migration look like?
Evidence
Sources reviewed
Public-data caveats
- –SLA caveat: 15-minute initial threat assessment SLA announced at IT Nation Connect 2025 for Q1 2026 agentic MDR triage. Also claims under 14 minutes average ransomware response time (vendor-published).
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.