

DeepSeas MDR+
Technology-agnostic MDR built on the DeepSeas Platform, integrating with your existing security stack for 24x7 detection and response across IT, cloud, mobile, and OT environments. Formed in 2022 from the merger of Security On-Demand (founded 2001) and Booz Allen Hamilton's commercial Managed Threat Services unit. Ranked #1 service-based MDR provider in the 2024 Frost Radar, with a focus on mid-market and enterprise organizations that need IT and OT coverage under one service.
Buyer fit
Good fit when
- ✓Mid-market and enterprise organizations with OT/ICS environments needing unified IT and OT threat monitoring
- ✓Organizations wanting technology-agnostic MDR that works with existing security tool investments
- ✓Companies in critical infrastructure, manufacturing, or energy sectors requiring specialized OT cybersecurity
Watch out when
- ×Organizations wanting fully autonomous remediation without pre-approved runbooks
- ×Buyers requiring transparent, published pricing and breach warranty coverage
- ×Teams wanting extensive practitioner reviews and community validation before purchase
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Offensive Security Testing (separate service)
- –CyberFusion SOC (dedicated SOC infrastructure, separate offering)
- –Strategic Security Advisory (CISO-level guidance)
- –Digital Forensics and Incident Response (handled through DFIR partners, not included)
- –GRC and compliance services (separate)
Cost caveats
- –Pricing is opaque, no public pricing or seat minimums disclosed
- –Incident response (DFIR) is handled through external partners, not included in MDR
- –OT/ICS coverage may require Nozomi Networks licensing and separate scoping
- –CyberFusion SOC (dedicated infrastructure) is a separate, premium offering beyond base MDR+
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
Ranked #1 service-based MDR in the 2024 Frost Radar and listed in Gartner's top 40 MDR providers. Praised for OT/ICS coverage and working with existing tools. Very limited practitioner reviews on G2, PeerSpot, or Reddit. Most validation comes from analyst reports rather than user feedback.
What customers praise
- ✓OT/ICS coverage via Nozomi Networks partnership, rare in MDR market
- ✓Technology-agnostic, works with existing security investments
- ✓Lineage from Security On-Demand (2001) and Booz Allen Hamilton MTS unit
Common complaints
- ×No public pricing, requires custom quotes for everything
- ×Almost no practitioner reviews on G2, Reddit, or community forums
- ×Incident response handled through external DFIR partners, not in-house
No meaningful Reddit discussion found as of March 2026. Not mentioned in r/msp, r/cybersecurity, or r/sysadmin.
Questions to ask
- 1.
What is the per-endpoint or per-asset pricing for our environment, and are there minimum seat requirements?
- 2.
Which response actions can your SOC take autonomously vs. which require our approval? Can we see a sample MDR runbook before signing?
- 3.
How does the VISION portal compare to full-query platforms like Expel Workbench? Can we export all detection data if we leave?
- 4.
Incident response goes through external DFIR partners. How does that handoff work during a major incident, and what does it cost?
- 5.
For OT/ICS coverage, do we need to license Nozomi Networks separately, or is it bundled into MDR+ pricing?
- 6.
You claim MTTD in minutes but publish no specific numbers. What MTTD and MTTR can you commit to in writing?
- 7.
What is the data retention period, and how do you handle secure data disposal when our contract ends?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.