Buyer fit
Good fit when
- ✓Growing businesses with 50-500 employees that have IT staff but no internal SOC
- ✓MSPs that want a white-label U.S.-based SOC and managed cybersecurity platform
- ✓Private equity, defense, healthcare, financial services and SaaS buyers that need MDR tied to compliance reporting
Watch out when
- ×Buyers requiring public pricing before engaging sales
- ×Organizations that need independently benchmarked MTTD, MTTR or false-positive data
- ×Teams that want endpoint-only MDR, published non-U.S. SOC locations or local-language coverage
Coverage
5 of 6 attack surfaces in the base price — the rest are separately priced.
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Exact MDR/XDR pricing requires a custom quote
- –Additional or supplemental services may be charged separately under the customer service agreement
- –Forensic analysis, some threat hunting and offensive tool work may require separate contracting
- –Hardware, software, network upgrades and replacement parts are outside the standard service agreement
Cost caveats
- –The website says managed cybersecurity includes proactive services, while the public service agreement excludes some advanced work unless separately contracted.
- –No public MDR-specific SLA table was found.
- –The public agreement references annual, 24-month and 36-month terms, with renewal terms and add-on ordering handled through the sales order.
- –Remote access, collectors, virtual machines or servers may be required to deliver service, and some access methods can add charges.
Verify pricing directly with the provider.
Team and access
Reputation
Cyberleaf has a clear current vendor story, public customer language and partner positioning, but little independent MDR review volume was found in this pass. The strongest evidence is vendor-controlled, so buyer validation should lean on references, a proof of value and careful review of the sales order.
What customers praise
- ✓Clear U.S.-based SOC positioning for buyers with domestic staffing requirements
- ✓Works with existing tools while adding managed SIEM, SOAR, compliance reporting and proactive services
- ✓MSP white-label model gives channel partners a SOC without hiring analysts
Common complaints
- ×No public price bands or minimums
- ×No public MDR-specific SLA table or independent detection benchmark
- ×Marketing pages and the public service agreement use different language around what advanced services are included
No meaningful Cyberleaf-specific Reddit signal found in this pass.
Questions to ask
- 1.
Which response actions can Cyberleaf take without customer approval, and how are approval rules configured?
- 2.
What MDR-specific SLA applies to high-severity triage, containment and customer notification?
- 3.
Which threat-hunting activities are included in our sales order, and which are separate technical services?
- 4.
Is forensic investigation included in the MDR subscription or billed under a separate incident response scope?
- 5.
Which EDR, firewall, cloud, identity and SaaS tools can Cyberleaf integrate with directly in our environment?
- 6.
What data retention, raw log export and case export options are available if we leave?
- 7.
Where are the U.S. SOC analysts located, and what is the overnight and weekend staffing model?
- 8.
Can Cyberleaf provide recent escalation-volume, false-positive and containment metrics for customers like us?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Further reading
Independent research. Verify details directly with the provider before making decisions.
