

e2e-assure MDR
UK-based MDR provider with SOCs in the UK and Australia, staffed exclusively by SC-cleared analysts. Their proprietary CUMULO platform integrates with existing security tools (Microsoft, CrowdStrike, SentinelOne, Splunk) for threat detection across endpoint, cloud, network, and OT environments. Uses an 'Attack Disruption' model with pre-approved automated containment (endpoint isolation, account disabling, file quarantine), followed by analyst investigation within one hour. Full remediation beyond containment is guided. Incident response is a separate service delivered through UK-based partners.
Buyer fit
Good fit when
- ✓UK or Australian government and critical infrastructure organizations requiring SC-cleared analysts
- ✓Mid-market and enterprise organizations with Microsoft-heavy environments (Defender, Sentinel, Microsoft 365)
- ✓Organizations needing OT/ICS threat detection integrated with IT security operations
- ✓Companies needing NIS2, CAF, or G-Cloud 14 framework compliance alignment
Watch out when
- ×Organizations needing full hands-on remediation (e2e-assure automates containment but guides remediation)
- ×Companies outside UK/Australia needing local SOC presence or non-English language support
- ×Companies wanting incident response included in base MDR pricing
- ×Budget-constrained SMBs, per-user pricing with undisclosed minimum spend
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Incident response (separate service via UK partners, retainer-based)
- –Additional coverage areas (OT/ICS, advanced cloud security)
- –Enhanced service levels beyond baseline
Cost caveats
- –Incident response is NOT included in base MDR. It is a separate retainer delivered through UK-based partners.
- –Automated containment triggers on critical alerts, but broader remediation is your team's responsibility. Budget for internal staff to act on SOC guidance.
- –Minimum spend threshold exists but is not publicly disclosed. Ask for it before engaging.
- –OT/ICS and advanced cloud coverage may be priced as additional modules beyond base MDR.
- –Managed tier costs more than Monitored, with significantly different automation and analyst involvement. Clarify which tier is being quoted.
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
NPS score of 88+ (vendor-reported, industry average 34) suggests high customer satisfaction among existing clients. However, virtually no public reviews on G2, Gartner, or Reddit exist, making independent validation impossible. Customers appear to value SC clearance and UK/government compliance focus. Small enough provider that community discussion is minimal.
What customers praise
- ✓SC-cleared UK-based analysts exclusively, valued by government and critical infrastructure buyers
- ✓Deep Microsoft expertise (70+ Microsoft certifications, first Microsoft-approved Teams security app)
- ✓Modular service model lets customers prioritize coverage areas without renegotiating contracts
- ✓NPS score of 88+ (industry average 34), with monthly customer feedback loops
Common complaints
- ×Very few public reviews on G2, Gartner, or Reddit, making independent validation difficult
- ×Remediation beyond automated containment is guided, requiring customer staff to execute
- ×Incident response is a separate partner-delivered service, not included in MDR pricing
Questions to ask
- 1.
What is the exact minimum spend threshold, and how does per-user pricing change between Monitored and Managed tiers?
- 2.
Which Attack Disruption containment actions are pre-approved by default, and which require our sign-off before going live?
- 3.
What are our specific MTTD and MTTR targets at each severity level, and what happens if you miss them?
- 4.
Which UK partner handles incident response, what does the retainer cost, and what is their response time commitment?
- 5.
What data can we export from CUMULO via API if we decide to leave?
- 6.
How many customers does our assigned analyst team support, and does the SC clearance requirement limit hiring capacity?
- 7.
For OT/ICS coverage, which protocols do you passively monitor (beyond Modbus, DNP3, OPC-UA, MQTT), and what is the additional cost?
- 8.
What is your false positive rate for environments similar to ours, and how does onboarding baselining reduce it?
Evidence
Sources reviewed
Public-data caveats
- –SLA caveat: Critical alerts reviewed within minutes. MTTD, MTTN, and MTTR tracked in monthly reports via CUMULO dashboards. 1-hour investigation commitment after automated containment events. OT safety-critical threats: 30-minute detection target, 60-minute customer notification. Managed service tier shows 30-minute SLA for high-severity incidents per Microsoft AppSource listing.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.