At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Active remediation
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 1 SOC region
- Surfaces
- Endpoint · Cloud · Network
- IR retainer
- Separate
- Customers (public)
- Not published
- SOC analysts
- Beyon/DTS acquisition announcement referenced a combined team of over 60 cybersecurity experts in 2023. HawkEye-specific analyst count is not published.
- Onboarding
- HawkEye describes an onsite discovery workshop, package selection, secure onboarding, service delivery and secure offboarding. No standard calendar timeline was found.
Best for
Ideal for
- Middle East and EMEA buyers that want a UAE-based managed CSOC and XDR provider
- Organizations that need tiered MDR packaging by log-source volume and EPS rather than endpoint-seat pricing
- Critical infrastructure, manufacturing, energy or utility teams evaluating OT/ICS monitoring alongside IT MDR
Not ideal for
- Buyers that need public MDR pricing or contractual MTTD/MTTR before sales
- Teams that require a globally documented follow-the-sun SOC model outside the Middle East
- Organizations that want DFIR, SOAR, NDR, CASB and attack-surface services bundled into every MDR tier
Coverage
Endpoint
Included
Cloud
Included
Identity
Limited
SaaS
Limited
Network
Included
OT / IoT
Add-on
Compatible tools
EDR
SIEM
Cloud
Additional capabilities
Incident response
- Monitoring
- 24/7 · HawkEye publishes a fully managed 24/7 CSOC and XDR service based in Dubai and Abu Dhabi, with EMEA regional coverage. Exact shift model and staffing ratios are not published
- First response
- Configurable — auto-act per your playbook, or escalate for approval · Custom playbooks supported
- Containment
- Endpoint isolation · Network containment
- Notification
- Phone · Email
- Response SLA
- Not disclosed · HawkEye publishes 24x7 managed CSOC/XDR, real-time incident notification and real-time response language.
- IR included
- No — separate retainer
Detection quality
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- HawkEye describes AI/ML triage, use-case development, alert summarization, threat intelligence enrichment and analyst review. It does not publish a false-positive rate or triage-volume methodology.
Threat hunting
- Included
- Yes — in base service
- Approach
- hybrid
- Frequency
- Not published
Pricing
Tiered subscription packages by log-source count and EPS, with custom-tailored packages for additional log sources, EPS and retention. Public prices are not published.. Lite bronze or baseline silver or advanced gold or premium platinum or custom-tailored package contracts.
- Indicative price
- Not published
What costs extra
- -Additional log sources require a custom-tailored package
- -Additional EPS capacity requires a custom-tailored package
- -Log retention longer than 12 months requires a custom-tailored package
- -Digital forensics and incident response are add-ons below Premium Platinum
- -Managed SOAR is an add-on in Advanced Gold and Premium Platinum
- -Managed vulnerability assessment, penetration testing, web application scanning, attack surface management, OSINT/DARKINT, security awareness, phishing, NDR, brand monitoring, CASB and compromise assessment are listed as add-ons
Cost caveats
- -Package limits are defined by log sources and events per second, so high-volume environments should model ingestion growth before contract.
- -Public pages do not publish prices, minimum terms, contractual SLAs, service credits or MTTD/MTTR metrics.
- -DFIR is included only in Premium Platinum in the package table; lower tiers list it as an add-on.
- -Managed SOAR and many adjacent managed services are add-ons rather than guaranteed base MDR scope.
- -The public AI SOC page says response actions are analyst-approved, so buyers should document which containment actions DTS can execute and whose approval is required.
Pricing compiled from public sources. Verify directly with the provider.
The team
- Analysts
- Direct employees · Beyon/DTS acquisition announcement referenced a combined team of over 60 cybersecurity experts in 2023. HawkEye-specific analyst count is not published.
- Certifications
- ISO 27001SOC 2 Type I logo shown on DTS siteSOC-CMM risk-driven certification logo shown on DTS site
- Channels
- Portal · Email · Phone
- Data access
- Dashboard Access
- Portal
- Package pages include read-only access to CSOC dashboards, reports and customized reporting. Public pages do not describe raw query access.
- Account manager
- Shared / pooled
Reputation
HawkEye has strong vendor-controlled detail for package tiers, dashboard access, retention, CSOC/XDR capabilities and regional SOC positioning, but little independent MDR-specific review signal in public English-language communities. Buyers should validate analyst quality, response authority and pricing through references.
What customers praise
- — Clear Middle East regional CSOC positioning from Dubai and Abu Dhabi
- — Published package tiers with log-source, EPS, retention and report differences
- — Broad scope across XDR, threat hunting, SOAR options and OT/ICS monitoring
Common complaints
- — No public pricing or contractual response SLA
- — DFIR, SOAR and several managed services are tier-dependent or add-ons
- — Limited independent MDR-specific buyer-review signal
Reddit (r/sysadmin, r/msp)
No meaningful Reddit signal found for DTS HawkEye MDR specifically.
Questions to ask
8 questions to ask DTS Solution▾
- 1.
Which package tier maps to our expected log-source count, EPS and retention requirements?
- 2.
Which response actions can DTS execute directly in our tools, and which require our approval?
- 3.
Is managed digital forensics and incident response included in our tier or quoted as an add-on?
- 4.
What contractual SLA applies to high-severity triage, customer notification and containment?
- 5.
What detection use cases are included by default and which are custom work?
- 6.
How does HawkEye integrate with our current SIEM, EDR, cloud and identity sources?
- 7.
For OT/ICS monitoring, where are logs stored and what connectivity crosses the OT boundary?
- 8.
What reports, dashboards, raw logs, tickets, playbooks and detection content can we export during offboarding?
Evidence
Sources reviewed
Main public source used for the provider profile.
Official service page used to verify Dubai and Abu Dhabi CSOC base, EMEA regional coverage, XDR, MDR, threat hunting, reporting and feature claims.
Official package page used to verify Lite, Baseline, Advanced and Premium tiers, log-source bands, EPS limits, retention, dashboard access, report cadence and add-on caveats.
Official tier page used to verify Advanced Gold scope, 24x7 monitoring, 100-200 log-source limit, 3,000 EPS, reporting cadence, dashboards and add-on services.
Official tier page used to verify Premium Platinum scope, 200-300 log-source limit, 5,000 EPS, managed digital forensics and incident response inclusion, manual and automated hunting and add-on services.
Official OT page used to verify ICS/OT monitoring, real-time/scheduled/on-demand options, monthly onsite review language, OT remote-monitoring architecture and ICS MITRE ATT&CK use-case language.
Official DTS page used to verify company positioning, service lines, office locations, accreditations shown on the site and trademark ownership of HAWKEYE.
Official DTS announcement used to verify the 2023 Beyon Cyber majority-stake acquisition, DTS establishment year, Dubai headquarters and combined cybersecurity-expert count language.
Public-data caveats
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response authority may depend on pre-approval and contract scope.
- -MDR analyst headcount or analyst-to-customer ratio is not public.