›› At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Active remediation
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 3 SOC regions
- Surfaces
- Endpoint · Cloud · SaaS · Identity · Network · OT/ICS
- IR retainer
- ✓ Bundled
- Customers (public)
- 250+ private and public sector organizations
- SOC analysts
- Not published
- Onboarding
- Not published
›› Best for
›› IDEAL FOR
- Existing Hitachi enterprise customers consolidating security services with a vendor they already work with
- Multinationals that need IT and OT MDR coverage from the same provider
- Canadian and European mid-market buyers wanting a non-US-headquartered SOC for data residency reasons
›› NOT IDEAL FOR
- Buyers who need published SLA commitments or independently validated detection metrics
- Pure-play SaaS shops with no OT footprint, where smaller specialists may move faster
- Teams that rely heavily on community reviews to vet a vendor
›› Coverage
Endpoint
Included
Cloud
Included
Identity
Included
SaaS
Included
Network
Included
OT / IoT
Included
›› COMPATIBLE TOOLS
EDR
SIEM
Cloud
›› ADDITIONAL CAPABILITIES
›› Incident response
- Monitoring
- 24/7 · Follow-the-sun across six SOCs in Canada, US, Mexico, Switzerland, Japan and Poland
- First response
- Configurable — auto-act per your playbook, or escalate for approval · Custom playbooks supported
- Containment
- Endpoint isolation · Process kill · Network containment · Account disable · File quarantine
- Notification
- Phone · Email
- Response SLA
- Not disclosed · Hitachi Cyber does not publish a public response SLA.
- IR included
- Yes — in contract
›› DETECTION QUALITY
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- Tier 1 triage uses analytics tooling inherited from Cumulus Systems plus AI-assisted correlation. Specific false positive rates are not published.
›› THREAT HUNTING
- Included
- Yes — in base service
- Approach
- hybrid
- Frequency
- Continuous as part of the base service
›› Pricing
Custom quote, not published. Sold direct.. Annual or multi-year contracts.
- Indicative price
- Not published
What costs extra
- -Penetration testing
- -Vulnerability assessments
- -GRC consulting
- -OT-specific MDR add-ons via the Krakow SOC
Cost caveats
- -Pricing is fully custom, no public benchmarks to anchor negotiation
- -OT coverage routes through the new Krakow SOC and may change response timing if your assets sit elsewhere
- -Services span MDR, MSS and consulting under one roof, scope creep into adjacent services is easy
Pricing compiled from public sources. Verify directly with the provider.
›› The team
- Analysts
- Direct employees · Not published
- Certifications
- PCI QSAFIRST
- Channels
- Email · Portal · Phone
- Data access
- Dashboard Access
- Portal
- Customer portal surfaces alerts, tickets and reports. Depth of raw query access is not publicly documented.
- Account manager
- Dedicated
›› Reputation
Hitachi Cyber has limited public review presence on G2, Gartner Peer Insights and PeerSpot for its MDR service specifically. Most independent coverage focuses on the Hitachi corporate parent or Above Security heritage rather than current customer experience. Buyers will need to lean on direct references.
›› WHAT CUSTOMERS PRAISE
- — Backed by Hitachi corporate parent with long-running Quebec security heritage
- — Six global SOCs including a dedicated OT center in Poland
- — Multi-vendor approach lets customers keep their existing EDR and SIEM
›› COMMON COMPLAINTS
- — Very thin public review base for the MDR service itself
- — No published response SLA or detection metrics to compare against pure-play competitors
- — Brand has changed names three times (Above Security, Hitachi Systems Security, Hitachi Cyber) which makes historical references confusing
›› REDDIT (R/SYSADMIN, R/MSP)
Almost no Reddit discussion of Hitachi Cyber MDR specifically. Practitioners typically encounter the brand through Hitachi enterprise relationships rather than competitive bake-offs.
›› Questions to ask
›› 7 questions to ask Hitachi Cyber▾
- 1.
Which of your six SOCs would handle our environment, and what is the specific response SLA from that region?
- 2.
How much of the response is autonomous versus requiring our approval, and what does the runbook look like at 3am?
- 3.
How does your Krakow OT SOC integrate with the IT SOCs if we have both environments under one contract?
- 4.
What detection metrics can you share from real customer engagements, since none are published publicly?
- 5.
Which EDR and SIEM products do your analysts have deep tuning experience with versus best-effort log ingestion?
- 6.
How does pricing change if we add penetration testing, GRC consulting or OT coverage on top of the base MDR?
- 7.
What does the data export look like if we leave, including detection content and historical alerts?
›› Evidence
›› SOURCES REVIEWED
›› PUBLIC-DATA CAVEATS
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response authority may depend on pre-approval and contract scope.
- -MDR analyst headcount or analyst-to-customer ratio is not public.