At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Guided response
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 1 SOC region
- Surfaces
- Endpoint
- IR retainer
- Separate
- Customers (public)
- Not published
- SOC analysts
- Not published
- Onboarding
- Defendable publishes an MDR onboarding flow covering identification, planning, platform establishment and execution. It does not publish a standard onboarding duration.
Best for
Ideal for
- Norwegian and Nordic buyers that want MDR operated from Oslo and Gjovik
- Microsoft-heavy teams using Microsoft 365, Sentinel, Defender or Log Analytics
- Organizations that want MDR tied to threat hunting and incident-response escalation
Not ideal for
- Buyers that need public MDR pricing or contractual SLA terms before sales
- Teams that require named autonomous endpoint or identity response actions in public docs
- Organizations that want a global follow-the-sun SOC footprint published on the provider site
Coverage
Endpoint
Included
Cloud
Limited
Identity
Limited
SaaS
Limited
Network
Limited
OT / IoT
Not offered
Compatible tools
EDR
SIEM
Cloud
Additional capabilities
Incident response
- Monitoring
- 24/7 · Defendable publishes 24/7, 365-day SOC monitoring from Oslo and Gjovik. Exact shift model and analyst-to-customer ratio are not published
- First response
- Alert only — provider notifies your team with recommended actions · Custom playbooks supported
- Containment
- None documented
- Notification
- Phone · Email
- Response SLA
- Not disclosed · Defendable publishes 24/7 MDR monitoring, 24/7 Cyber Defense Center contact details and incident-response retainer SLA language.
- IR included
- No — separate retainer
Detection quality
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- Defendable says onboarding includes calibrating detection mechanisms for the true-positive and false-positive balance. It does not publish a false-positive rate or formal methodology.
Threat hunting
- Included
- Yes — in base service
- Approach
- proactive
- Frequency
- Performed in parallel with SIEM and SOAR operations. Exact cadence not published.
Pricing
Custom quote. Defendable does not publish MDR package pricing.. Custom or incident response retainer contracts.
- Indicative price
- Not published
What costs extra
- -Exact MDR pricing requires a Defendable quote
- -Microsoft Sentinel, Microsoft Defender, Microsoft Log Analytics and Microsoft 365 licensing can affect total cost
- -Defendable-hosted log management may affect storage cost
- -Incident Response Retainer, security advisory and security testing may be separate from MDR scope
Cost caveats
- -Public pages do not publish MDR pricing, contract minimums or service-credit language.
- -Response authority should be defined in writing because named autonomous endpoint and identity actions are not published.
- -Log storage can sit in the customer's Microsoft Log Analytics tenant or Defendable's platform, so retention and storage costs should be modeled early.
- -Incident-response retainer SLA is separate language and should not be assumed to be the MDR SLA.
- -Threat hunting is public, but hunt cadence and staffing are not published.
Pricing compiled from public sources. Verify directly with the provider.
The team
- Analysts
- Direct employees · Not published
- Certifications
- ISO 27001:2023Norwegian National Security Authority Quality Scheme for Incident Response
- Channels
- Portal · Email · Phone
- Data access
- Dashboard Access
- Portal
- The public MDR page says customers can follow ticket creation and management through a portal, and receive vulnerability advisories and threat intelligence reporting. It does not show raw query access or full case workflow.
- Account manager
- Shared / pooled
Reputation
Defendable has limited MDR-specific public review volume in major English-language review communities. The public buyer case rests on Norwegian SOC delivery, a direct MDR page, Microsoft Sentinel support, proactive threat hunting, a customer portal and incident-response depth. Buyers should validate pricing, response authority, retention cost and contractual SLA terms directly.
Reddit (r/sysadmin, r/msp)
No meaningful Reddit signal found for Defendable MDR specifically.
Questions to ask
8 questions to ask Defendable▾
- 1.
Which log sources, endpoints, users and Microsoft tenants are included in the MDR quote?
- 2.
Will our logs sit in Microsoft Log Analytics or Defendable's log management platform, and what retention period is included?
- 3.
Which response actions can Defendable take directly and which require our approval?
- 4.
What MDR SLA applies to high-severity triage, escalation and containment?
- 5.
How does the incident-response retainer interact with MDR during a severe incident?
- 6.
How often does proactive threat hunting run and how are findings reported?
- 7.
Which Sentinel workbooks and SOAR playbooks are standard versus customized for our environment?
- 8.
What tickets, reports, detection content and log data can we export if we leave?
Evidence
Sources reviewed
Public-data caveats
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response workflows are described, but exact standard containment actions are not public.
- -MDR analyst headcount or analyst-to-customer ratio is not public.