Buyer fit
Good fit when
- ✓UK and international mid-market or enterprise buyers that need CREST SOC-certified MDR
- ✓Regulated organisations that value NCSC CIR, incident response, threat intelligence and testing credentials
- ✓Security teams that want MDR plus broader assurance, governance, penetration testing and incident-readiness support
Watch out when
- ×Buyers requiring public pricing before engaging sales
- ×SMBs wanting a simple low-cost endpoint-only MDR bundle
- ×Teams that want independently benchmarked public MTTD/MTTR metrics
Coverage
2 of 6 attack surfaces in the base price — the rest are separately priced.
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Deployment and configuration of MDR tooling
- –Onboarding of log sources
- –Incident response and digital forensics beyond contracted MDR scope
- –Managed vulnerability scanning, vCISO, penetration testing and red teaming
- –Cloud SIEM, EDR or other third-party tooling licenses depending on architecture
Cost caveats
- –Confirm whether Incident Response and Digital Forensics are included in the MDR contract or sold as separate retainers/services.
- –Confirm SIEM and EDR licensing responsibilities, especially for Microsoft Sentinel or CrowdStrike Next-Gen SIEM deployments.
- –No public contractual SLA or service-credit table was found.
- –Physical SOC location, data residency and raw log export terms should be confirmed in writing.
Verify pricing directly with the provider.
Team and access
Certifications
Reputation
LRQA Nettitude has strong accreditation evidence, but public buyer-review signal for the MDR service itself is thin. G2's seller profile shows 3.8/5 across two Nettitude reviews, and they are not MDR-specific.
What customers praise
- ✓Deep CREST and NCSC accreditation story
- ✓Strong fit for UK and regulated buyers that value assurance, incident response and testing depth
- ✓Microsoft Sentinel and Defender-heavy managed SOC/XDR options
Common complaints
- ×No public MDR pricing bands
- ×No public contractual SLA table
- ×Physical SOC locations and default response-authority details are not published
No meaningful Reddit signal found in this pass.
Questions to ask
- 1.
Which SOC locations will monitor our environment, and where will our telemetry be stored and processed?
- 2.
What contractual SLA applies to high-severity triage, containment, notification and escalation?
- 3.
Which response actions can LRQA execute without approval, and how are automation policies configured?
- 4.
Is incident response and digital forensics included in the MDR subscription, or does it require a separate retainer?
- 5.
Which SIEM/EDR/NDR technologies are included in the quote, and which licenses are billed separately?
- 6.
If Microsoft Sentinel is used, does the data stay in our tenant and what detection content remains if we leave?
- 7.
Can LRQA provide recent MTTD/MTTR, false-positive and escalation-volume data for customers of our size?
- 8.
How are threat hunting findings and custom detection rules reported during service reviews?
Evidence
Sources reviewed
Main public source used for the provider profile.
Official SOCaaS page describing 24x7 monitoring, detection and response, modular managed security services, MDR, XDR, EDR, NDR, incident response and digital forensics.
Official XDR page describing Managed XDR, Microsoft Solutions Partner for Security positioning, Microsoft Sentinel and CrowdStrike Next-Gen SIEM integrations, EDR, SIEM, cloud/hybrid telemetry, AI-supported analytics and 24/7 detection and response.
Official announcement used for NCSC Cyber Incident Response Level 2 status, CREST context, founding year, LRQA parent-company context and the statement that LRQA Nettitude spans managed detection and response offerings.
NCSC organisation listing confirming Nettitude Ltd trading as LRQA is assured for CHECK Penetration Testing, Cyber Incident Exercising and Cyber Incident Response, with 24/7 incident-response contact details.
Official 2018 acquisition announcement confirming Nettitude was founded in 2003, became part of LRQA and brought managed security services, penetration testing, information security consulting and incident response into LRQA's portfolio.
Official announcement confirming Microsoft Solutions Partner for Security designation and Microsoft Sentinel/Microsoft cloud security services capability.
Official page used for cyber-specialist scale, CREST accreditation breadth, NCSC CHECK, PCI/ISC2/BCI references, awards and the FAQ that explicitly pairs penetration testing with MDR.
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public breach warranty is recorded.
- –Response workflows are described, but exact standard containment actions are not public.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Independent research. Verify details directly with the provider before making decisions.
