

Lumifi MDR
PE-backed MDR roll-up built on the ShieldVision SOC automation platform with 1,000+ pre-built playbooks. US-based SOC in Scottsdale, AZ staffed by ex-military and former DoD analysts. Assembled through three acquisitions in 13 months: Datashield (May 2022, MDR operations and SOC team), Netsurion (May 2024, EventTracker SIEM and 400 clients), and Critical Insight (Nov 2024, IR capabilities, healthcare focus, 200+ clients). OT/ICS monitoring available through a Feb 2026 partnership with NetWitness. Technology-agnostic, integrates with Microsoft Sentinel, Defender, SentinelOne, CrowdStrike, Stellar Cyber, and others.
Buyer fit
Good fit when
- ✓Healthcare organizations needing HIPAA-aligned MDR, especially those already in the Critical Insight customer base
- ✓Mid-market companies with existing Microsoft Sentinel or Defender deployments wanting a managed layer on top
- ✓Organizations that value ex-military SOC background and are comfortable with limited public validation of capabilities
- ✓Buyers already using Netsurion EventTracker who want to stay on the platform with MDR added
Watch out when
- ×Buyers who need published MTTD/MTTR metrics, transparent pricing, or independent validation (MITRE, Forrester) before committing
- ×Organizations needing follow-the-sun SOC coverage (single US SOC only)
- ×Teams that need hands-on incident response included in base MDR pricing
- ×Security teams wanting full raw data query access and portal transparency on par with Expel or CrowdStrike
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Incident response (separate service via Critical Insight division, not in base MDR)
- –Professional services: penetration testing, security assessments, virtual CISO
- –OT/ICS monitoring (via NetWitness partnership, announced Feb 2026)
- –Security awareness training
- –Advanced compliance support
Cost caveats
- –Incident response is NOT included in base MDR. It is a separate service from the Critical Insight division, likely priced separately.
- –OT/ICS coverage requires the NetWitness partnership (announced Feb 2026) and is not part of standard MDR. Pricing and maturity of this offering are unknown.
- –Roll-up strategy means the service you buy today may have been three different companies 13 months ago. Ask about integration status between Datashield, Netsurion, and Critical Insight operations.
- –Zero public pricing. No way to benchmark costs before a sales conversation.
- –Single US SOC in Scottsdale, AZ. No follow-the-sun coverage, which may affect overnight response quality.
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
Gartner Peer Insights 4.9/5 (25 reviews in Managed Security Services, 6 in MDR), but very small sample size. Virtually no Reddit or G2 discussion. Glassdoor 2.9/5 (25 employee reviews) with only 39% recommending and 22% positive business outlook. Compensation rated 3.3/5, down 17% year-over-year. The Gartner rating looks good on paper but the tiny review count and lack of independent practitioner discussion make it hard to assess real-world performance.
What customers praise
- ✓Ex-military and former DoD SOC analysts (claimed, appeals to regulated industries)
- ✓Healthcare and critical infrastructure specialization via Critical Insight acquisition
- ✓ShieldVision playbook library speeds up deployment for common use cases
Common complaints
- ×Glassdoor 2.9/5 with 39% employee recommendation rate and 22% positive business outlook, suggesting internal challenges
- ×Three acquisitions in 13 months (Datashield, Netsurion, Critical Insight) raises service integration and consistency questions
- ×Zero public pricing, no published detection metrics, and virtually no independent practitioner reviews to validate claims
Virtually no Reddit discussion about Lumifi MDR. No significant threads on r/msp or r/cybersecurity as of early 2026. This is a notable gap for a company claiming 600+ customers.
Questions to ask
- 1.
The Datashield, Netsurion, and Critical Insight teams were three separate companies 13 months ago. Are they fully integrated into one SOC now, or are they still operating as separate teams?
- 2.
What specific containment actions will your SOC take directly in our environment? Can you demonstrate endpoint isolation and quarantine in a live or sandbox scenario?
- 3.
Your Glassdoor rating is 2.9/5 with 22% positive business outlook. What are you doing to address analyst retention and compensation, and how does turnover affect our service quality?
- 4.
What are your actual MTTD and MTTR numbers? If you do not publish metrics, how do you measure and validate detection effectiveness internally?
- 5.
Incident response is separate from base MDR. What does the Critical Insight IR retainer cost, and what is the handoff process during a live incident?
- 6.
With a single SOC in Scottsdale, how do you staff overnight and weekend shifts? What is the analyst-to-customer ratio during off-hours?
- 7.
What SLA commitments can you provide in writing, including financial penalties for missed response times?
- 8.
If we leave, what happens to the detection rules, playbooks, and content your team built for our environment?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.