

CyberCX Managed MXDR
Microsoft-focused managed SOC built on Defender XDR and Azure Sentinel, operating 9 CREST Level 2 accredited SOCs across Australia, New Zealand, and the UK. Formed in 2019 from the merger of 12 Australian cybersecurity firms, CyberCX employs roughly 1,400 security professionals. The SOC detects and investigates threats but remediation requires customer approval. Splunk is used alongside Sentinel for threat hunting, with 300+ correlation use cases. Acquired by Accenture in February 2026 for a reported AUD 1 billion (~USD 650M).
Buyer fit
Good fit when
- ✓ANZ mid-market to enterprise organizations that need local data sovereignty and regional SOC coverage
- ✓Organizations already committed to the Microsoft security ecosystem wanting managed Defender XDR and Sentinel
- ✓Public sector and critical infrastructure buyers needing CREST-accredited SOC with Australian-based analysts
- ✓Companies that want managed SOC with included DFIR capability from a team handling 250+ incidents per year
Watch out when
- ×Organizations outside ANZ or UK that need global SOC coverage across North America, LATAM, or broader APAC
- ×Companies running non-Microsoft security stacks. CyberCX has limited documented support for third-party EDR or SIEM
- ×Buyers who want the MDR provider to take autonomous remediation actions. CyberCX requires customer approval for all response
- ×Organizations that need published detection metrics or transparent pricing before engaging sales
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Vulnerability assessment and penetration testing (separate service)
- –Security awareness training via CyberCX Academy (separate)
- –OT/SCADA penetration testing (separate service)
- –Custom detection engineering beyond standard analytics
- –Additional Microsoft security modules (Defender for Cloud, Identity Protection)
Cost caveats
- –Microsoft Defender XDR and Azure Sentinel licenses are customer-purchased prerequisites, not included in the managed SOC fee
- –Microsoft security stack must be built, tuned, and configured to CyberCX standards before monitoring can begin, adding weeks to months of onboarding
- –No public pricing. Requires direct sales engagement to get any cost estimate
- –Accenture acquisition (closed Feb 2026) may change service models, pricing structures, or contract terms during integration
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
CREST Level 2 accredited with strong ANZ presence, but almost no independent reviews on G2, PeerSpot, or Gartner Peer Insights. Known regionally for Microsoft expertise and DFIR capability (250+ breaches/year). The Accenture acquisition creates uncertainty around service continuity. Minimal discussion on Reddit or practitioner forums compared to global MDR providers.
What customers praise
- ✓Local SOC presence in ANZ with data sovereignty for Australian organizations
- ✓Deep Microsoft security expertise with Advanced Specialization certifications in threat protection, identity, and cloud security
- ✓CREST Level 2 SOC accreditation provides independent process validation across all 9 SOCs
- ✓Significant DFIR experience with 250+ breaches handled per year
Common complaints
- ×No published pricing, detection metrics, or analyst staffing numbers
- ×Microsoft platform dependency. Not viable for organizations running non-Microsoft security stacks
- ×Accenture acquisition (Feb 2026) raises questions about brand continuity, pricing changes, and integration timeline
- ×Almost no public customer reviews available on any review platform
Questions to ask
- 1.
What is the all-in monthly cost, including Microsoft Defender XDR and Sentinel licenses, for an environment our size?
- 2.
Your SOC requires customer approval for all remediation. What is the typical time from detection to containment recommendation, and how are after-hours escalations handled?
- 3.
What internal MTTD and MTTR benchmarks can you share, even if they are not publicly published?
- 4.
How will the Accenture acquisition affect our contract terms, pricing, and the team assigned to our account over the next 12-24 months?
- 5.
Which of your 9 SOCs will monitor our environment, and what happens during regional off-hours?
- 6.
What happens to the custom Sentinel detection analytics you build for us if we move to a different MSSP?
- 7.
How do you handle environments that include non-Microsoft EDR tools or third-party SIEM alongside Sentinel?
- 8.
What percentage of your 1,400 professionals are dedicated SOC analysts vs. consulting, DFIR, and pen testing?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response workflows are described, but exact standard containment actions are not public.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.