

CyberMaxx
Healthcare-focused MDR provider using a Zero-Latency Response model where threat responders staffed 24x7x365 conduct incident triage, isolation, and containment. Three-tier MaxxMDR service (Core, Advanced, Elite) works with CrowdStrike, SentinelOne, and Microsoft Defender. Acquired CipherTechs (2023) and Cybersafe Solutions plus onShore Security (Jan 2025), claiming top 15 MDR provider status by revenue. Founded 2002, ~216 employees across US, Philippines, and Ireland.
Buyer fit
Good fit when
- ✓Healthcare organizations needing HIPAA-aligned MDR with genuine vertical expertise
- ✓Mid-market companies with existing CrowdStrike, SentinelOne, or Microsoft Defender who want a managed layer on top
- ✓Organizations in regulated industries (healthcare, financial services, SLED) who value immediate containment over guided response
- ✓Buyers who prefer a smaller, specialized MDR provider over a large-scale platform play
Watch out when
- ×Buyers who need published MTTD/MTTR metrics or MITRE-validated detection to satisfy internal stakeholders
- ×Organizations wanting incident response included in base MDR pricing without a separate retainer
- ×Companies needing OT/ICS coverage, breach warranty protection, or identity threat detection
- ×Teams that need strong community validation. CyberMaxx has minimal Reddit/G2 presence compared to Expel, CrowdStrike, or Arctic Wolf.
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Threat hunting (separate Cyber Resiliency Service, not included in base MDR)
- –DFIR services (separate retainer, discounted rates for MaxxMDR customers)
- –Network Detection and Response (MaxxIDS add-on)
- –Managed SIEM (included in Elite tier, not in Core or Advanced)
- –CTEM, deception technology, dark web monitoring (Elite tier features)
- –Cyber Resiliency Bundle (penetration testing, separate add-on)
Cost caveats
- –Incident response is NOT included. DFIR is a separate retainer. Ask for the actual retainer cost during a sales call.
- –Threat hunting is a separate Cyber Resiliency Service, not included in base MaxxMDR despite being mentioned on the MDR landing page.
- –EDR platform licenses (CrowdStrike, SentinelOne, or Microsoft Defender) are required and not included in the MDR price.
- –Core tier only covers endpoints OR cloud email, not both. Advanced required for combined coverage.
- –Three acquisitions in two years. Ask how consolidated the tooling and SOC operations actually are today.
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Reputation
Gartner Peer Insights 4.7/5 (15 reviews in MDR category). MSSP Alert Top 250 provider (Top 50 in 2023). Small review sample compared to peers like Arctic Wolf (451+ reviews) or Expel (142 reviews). Praised for customer support and healthcare expertise. Almost no Reddit or G2 discussion. Three acquisitions in two years (CipherTechs 2023, Cybersafe and onShore Security Jan 2025) suggest rapid growth but integration risk is real.
What customers praise
- ✓Strong customer support based on Gartner reviews
- ✓Healthcare vertical expertise with HIPAA-aligned services
- ✓Works with existing CrowdStrike, SentinelOne, or Microsoft Defender deployments
Common complaints
- ×No published MTTD/MTTR metrics, no MITRE evaluation participation
- ×Incident response is a separate DFIR retainer, not included in base MDR
- ×Very limited public pricing information, no published minimums
Effectively invisible on Reddit. Not mentioned in r/msp or r/cybersecurity discussions. Difficult to gauge practitioner sentiment outside of Gartner reviews.
Questions to ask
- 1.
What are your actual MTTD and MTTR metrics? Why have you not published them or participated in MITRE evaluations?
- 2.
What is the exact cost difference between Core, Advanced, and Elite tiers for our environment size?
- 3.
What does the DFIR retainer cost, and what are the discounted rates for MaxxMDR customers during an active incident?
- 4.
Walk us through a real Zero-Latency Response incident. What specific containment actions did your team take, and how fast?
- 5.
You acquired three companies in two years. Are all SOC teams consolidated onto a single platform now, or are there still parallel systems?
- 6.
Your MDR page mentions threat hunting as included, but it is listed as a separate Cyber Resiliency Service. Which is it for our tier?
- 7.
What happens to our detection data and investigation history if we leave? What is the data retention period for managed vs. co-managed SIEM?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.