

Cyberoo
Italian MDR provider, publicly listed on Euronext Growth Milan. Cypeer is a technology-agnostic platform that integrates with existing EDR, SIEM, cloud, firewall, and email tools for unified threat detection. 24/7 I-SOC team operates from Reggio Emilia with expanding presence in Spain, Portugal, and Poland. Offers automated remediation via Cypeer Keera and guided response modes. Only Italian company named as a Gartner Representative Vendor for MDR (2021, 2023, 2024). Primary focus is European mid-market.
Buyer fit
Good fit when
- ✓European mid-market companies wanting a GDPR-native provider with local SOC coverage
- ✓Italian businesses needing Italian-language support and in-country SOC operations
- ✓Organizations with existing security tools wanting MDR that integrates rather than replaces their stack
Watch out when
- ×Global enterprises needing follow-the-sun SOC coverage outside Europe
- ×Buyers who need published detection metrics or MITRE-validated performance data
- ×Companies that require transparent pricing to compare MDR providers without a sales call
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Log Management Module (compliance-focused log tracking)
- –Additional technology integrations beyond standard scope
- –Custom threat intelligence feeds
Cost caveats
- –No public pricing. You cannot compare costs without a sales call.
- –Cypeer Agent X deployment required on endpoints, adding rollout overhead to onboarding.
- –International expansion is recent (Spain 2024, Poland via partners). Support quality outside Italy may vary.
- –Detection rules and threat intel are proprietary. If you leave, none of it transfers.
- –IR is described as included, but scope is not documented. Clarify whether it covers full DFIR or just triage and escalation.
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
Gartner Peer Insights 4.6/5 (25 reviews). Named Gartner Representative Vendor for MDR in 2021, 2023, and 2024, the only Italian company among 40 vendors in the 2024 guide. Strong reputation in Italian mid-market. Very limited English-language community discussion, likely due to European-centric customer base.
What customers praise
- ✓Technology-agnostic. Works with existing EDR, SIEM, and firewall investments.
- ✓Threat hunting and IR included in base MDR, not add-ons.
- ✓Gartner-recognized three years running for an Italian SME-scale provider
Common complaints
- ×No published MTTD/MTTR metrics and no MITRE evaluation participation
- ×~105 total employees. Small team relative to US-based MDR leaders.
- ×Zero public pricing. Requires sales engagement for any cost comparison.
Essentially no Reddit discussion. Cyberoo's customer base is European mid-market, so English-language practitioner communities have almost no signal on them.
Questions to ask
- 1.
What is the exact per-endpoint pricing, and what falls outside the base Cypeer MDR service?
- 2.
With ~105 total employees, how many are dedicated SOC analysts on shift at any given time?
- 3.
You don't publish MTTD or MTTR. Can you share internal metrics or results from any third-party detection validation?
- 4.
What is the data retention period, and what is the export process if we leave?
- 5.
Your Spain and Poland SOC presence is new. What Tier 1 vs. Tier 2 capabilities exist in each region today?
- 6.
Can you provide written SLA commitments for response time and escalation, not just best-effort targets?
- 7.
What specific automated response actions does Cypeer Keera take? Can it isolate endpoints directly, or does it depend on the customer's EDR API?
- 8.
What does included IR actually cover? Is it full DFIR, or triage and escalation guidance for major incidents?
- 9.
What OT/ICS protocols and environments does Cypeer actually monitor, and do you have a named OT technology partner?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.