LevelBlue MDR
Works with your toolsIntegrates with your existing security tools via APIs. You keep your current EDR, SIEM, and cloud tools.Trustwave MDR
The result of five acquisitions in under two years: AT&T Cybersecurity spun off as LevelBlue in May 2024, then absorbed Stroz Friedberg (IR), Trustwave (MDR/SpiderLabs), Cybereason (XDR), and Alert Logic (MDR) to form the largest pure-play MSSP at $1B+ combined revenue. Trustwave MDR is the primary enterprise offering today. Multiple product lines remain unintegrated, with a unified platform promised for 2026 but not yet delivered.
Best For
Ideal for
- US federal and state agencies that need FedRAMP/StateRAMP-authorized MDR with deep compliance credentials
- Regulated industries (financial services, healthcare) needing PCI DSS QSA and MDR from one provider
- Large enterprises wanting technology-agnostic MDR with OT/ICS coverage options and global SOC presence
Not ideal for
- Organizations that prioritize vendor stability. Five ownership changes and a 15% launch-day layoff are red flags.
- Buyers who need clear SLAs upfront. Base MDR tier commitments are not disclosed, and the product lineup is confusing.
- SMBs or budget-constrained teams. Custom pricing starting around $44K/year and a fragmented product portfolio.
Coverage
Endpoint
Cloud
Identity
SaaS
Network
OT / IoT
Compatible Tools
EDR
SIEM
Cloud
Additional Capabilities
Incident Response
MDR Elite: 15-minute MTTA and sub-30-minute MTTR with client-defined response protocols.
Detection Quality
Threat Hunting
Pricing
Custom quote-based pricing in two tiers. Non-EDR sources priced by MEPD. EDR telemetry is unlimited for contracted endpoints.. Annual or multi-year contracts.
Pricing compiled from public sources. Verify directly with the provider.
The Team
Reputation
G2 4.4/5 (120 reviews, primarily USM Anywhere). Gartner Peer Insights 4.3/5 (Trustwave MDR). Frost & Sullivan MDR Growth Index Leader 2025. Cybereason achieved 100% detection in MITRE ATT&CK 2024. SpiderLabs and FedRAMP authorization are genuine differentiators. Main concern is integration risk from five acquisitions in two years.
What customers praise
- First pure-play MDR to earn FedRAMP authorization, a real differentiator for government buyers
- SpiderLabs is a large, legitimate offensive security operation (1,000+ staff, 2,100+ pen tests/year)
- Cybereason scored 100% detection in MITRE ATT&CK Enterprise 2024, adding real detection credibility
Common complaints
- Five acquisitions in two years with a 15% layoff at launch. Glassdoor 3.5/5 with 55% recommend and reports of high attrition
- Multiple unintegrated platforms (Fusion, USM Anywhere, Cybereason, Alert Logic). Promised unified platform not yet delivered.
- Base MDR tier SLAs and response times are not disclosed. Only Elite gets the published metrics.
Reddit (r/sysadmin, r/msp)
Very little LevelBlue or Trustwave MDR discussion on Reddit. When mentioned, ownership churn is the recurring concern. MSP community sentiment is lukewarm.
What to Ask LevelBlue (6 questions)▼
- 1.
After five acquisitions in two years, what specific contract continuity guarantees exist if the product we buy gets deprecated or merged?
- 2.
Which specific product are we being quoted: Trustwave MDR, MDR Elite, MXDR, MTDR, Co-Managed SOC, or Cybereason XDR? What do we lose by choosing one over another?
- 3.
What are the exact SLA commitments for base MDR? The published 15-min MTTA and sub-30-min MTTR only apply to Elite.
- 4.
How is MEPD calculated for our environment, and what happens to pricing if our event volume spikes?
- 5.
What is the current staff retention rate across the combined entity? Glassdoor reviews cite high attrition in some teams.
- 6.
When will the unified platform be available, and what happens to our current platform (Fusion, USM, Cybereason) if we sign today?
Browse Related
By integration
Information compiled from public sources. Verify details directly with the provider before making decisions.