

Nomios Guardian xMDR
European MDR from Nomios with two delivery paths: Guardian xMDR, a tiered service built on Palo Alto Networks Cortex XDR and operated from Nomios' in-house SOC in Zoeterwoude, Netherlands; and Custom MDR for larger environments that need Microsoft, Splunk, QRadar, CrowdStrike or other existing tooling. Public materials describe 24/7 monitoring, analyst validation, automated response playbooks, threat hunting, EU data hosting, ISO 27001 and SOC 2 Type II certification. Public price amounts, response-time SLAs, breach warranty terms and analyst staffing ratios are not published.
Buyer fit
Good fit when
- ✓European buyers that need EU-hosted MDR data and a local SOC relationship
- ✓Organizations standardizing on Cortex XDR or considering a Cortex XDR-backed MDR service
- ✓Teams that want a packaged MDR tier but may later need custom detection engineering
- ✓Regulated organizations preparing for NIS2, DORA or GDPR data-residency scrutiny
- ✓Enterprises with OT, network or custom log sources that may need managed SIEM extension
Watch out when
- ×Buyers that need public per-endpoint price amounts before a sales call
- ×Organizations that want a published breach warranty
- ×Teams requiring a public fixed response-time SLA and service-credit terms
- ×Buyers outside Europe that need a local SOC in their region
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Optional SIEM coverage for log sources outside Cortex XDR native library
- –Sovereign Managed SIEM extension
- –Custom MDR for Microsoft Sentinel, Splunk, QRadar, CrowdStrike or other existing tools
- –Incident response beyond MDR coordination
- –Penetration testing, vulnerability management and security assessments
- –Additional detection engineering and custom playbooks beyond packaged tiers
Cost caveats
- –Nomios says Guardian xMDR has transparent tier-based pricing, but public price amounts are not listed.
- –Guardian xMDR is built on Cortex XDR, so buyers should price Palo Alto licensing and migration effort if they are not already on that stack.
- –Coverage outside Cortex XDR's native library may require the Sovereign Managed SIEM extension.
- –Custom MDR can keep existing tools, but SIEM, EDR and data-retention costs remain part of total cost.
- –No public breach warranty, trial or fixed response-time SLA was found.
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Reputation
Nomios has a European infrastructure and security-services footprint, but public MDR-specific peer review volume is limited. The clearest public evidence is from Nomios' own MDR page and Guardian xMDR launch material rather than independent managed-service evaluations.
What customers praise
- ✓In-house Dutch SOC with EU-hosted data
- ✓Guardian xMDR gives a structured Cortex XDR path while Custom MDR supports existing tools
- ✓Public materials separate packaged Guardian xMDR from Custom MDR
- ✓Broader Nomios group can provide incident response, testing, vulnerability management and OT security
Common complaints
- ×No public price amounts despite tiered-pricing language
- ×No public response-time SLA or breach warranty
- ×MDR-specific independent reviews and analyst metrics are limited
- ×Guardian xMDR buyers may need Palo Alto licensing or a migration from their current stack
No useful MDR-specific Reddit signal found during verification.
Questions to ask
- 1.
What are the exact prices for Essential, Core, Advanced and Elite, and which features move between tiers?
- 2.
Which response actions can Nomios take automatically, and which require approval?
- 3.
Does our scope require Cortex XDR, Sovereign Managed SIEM, Custom MDR, or a combination?
- 4.
What contractual SLA applies to critical incidents, containment and notification?
- 5.
Which data remains hosted in the EU, and what retention period is included?
- 6.
Are incident response hours included in MDR or sold separately?
- 7.
What customer portal, ticketing integration and raw-query access are included by tier?
- 8.
Can Nomios provide MDR-specific references for our industry and country?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.