

Gradient Cyber MXDR
Mid-market MXDR provider built on the proprietary Quorum AI platform. Vertically integrated with in-house platform, SOC, and analyst team. Technology-agnostic approach integrates with existing security stacks via 300+ integrations across EDR, network, cloud, identity, and SaaS. Offers both active and passive response modes: active response includes endpoint isolation, process termination, quarantine, and rollback via integrated EDR agents. 10:1 client-to-analyst ratio (vendor-published) and 99% false positive elimination rate (vendor-published). Onboarding in days with network sensors that require minimal setup. Also covers maritime OT environments.
Buyer fit
Good fit when
- ✓Mid-market organizations (200-2,000 employees) with limited security staff wanting 24x7 monitoring and active endpoint response without hiring a SOC
- ✓Companies with existing security tools wanting technology-agnostic MXDR that integrates with their current EDR, network, and cloud investments
- ✓Maritime and transportation organizations needing OT visibility alongside IT security
- ✓Organizations prioritizing false positive reduction and analyst attention with configurable response authority
Watch out when
- ×SMBs under 200 employees or large enterprises over 5,000 employees (outside mid-market focus)
- ×Teams needing Slack or Teams integration for real-time SOC communication (portal and email only)
- ×Organizations that need fully autonomous response without any pre-agreed enforcement policies
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Full incident response beyond active containment (may require separate professional services engagement)
- –Additional integrations beyond base package
- –Custom professional services and consulting
Cost caveats
- –No public pricing. You will need a custom quote and have no benchmark to negotiate against.
- –Network sensors may require on-premises hardware deployment. Ask about hardware costs.
- –Active containment (isolate, quarantine, kill) is included, but full incident response and forensics beyond containment may require a separate professional services engagement. Clarify exactly where that line is.
- –Monthly reviews only, not quarterly business reviews like some competitors offer.
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Reputation
Limited public review volume. Gartner Peer Insights 4.2/5 with 13 reviews, very small market presence. Praise centers on communication quality, ease of deployment, and false positive reduction. Complaints focus on challenging ongoing management, limited customization, and gaps between sales promises and actual capabilities. No Reddit discussions found.
What customers praise
- ✓Reviewers praise communication quality and overall service (Gartner Peer Insights)
- ✓Fast deployment with network sensors requiring minimal customer effort
- ✓99% false positive elimination with cross-correlation across telemetry sources
Common complaints
- ×Ongoing management is challenging, requires multiple follow-ups before action
- ×Capabilities promised during sales don't always materialize post-deployment
- ×Communication drops off after initial deployment, leaving more work on the customer's team
No Reddit discussions found on r/msp, r/cybersecurity, or r/sysadmin. Very limited community visibility.
Questions to ask
- 1.
Your MEDR page says you halt processes, quarantine, remediate, rollback, and disconnect endpoints. Which of those actions are enabled by default, and which require us to opt in via enforcement policies?
- 2.
What is the exact per-endpoint or per-environment pricing, and are there additional costs for sensors, integrations, or data volume?
- 3.
You don't publish MTTD or MTTR. What detection and response speed can you commit to in writing?
- 4.
Reviewers mention ongoing management is challenging after deployment. What level of customer effort is expected day-to-day?
- 5.
What happens to our data, SitReps, and investigation history if we leave? Can we export everything?
- 6.
Active containment is included, but where exactly is the line between base MXDR response and a separate professional services engagement for full incident response and forensics?
- 7.
Can you provide customer references in our industry who can speak to ongoing support quality and customization?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.