›› At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Guided response
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 1 SOC region
- Surfaces
- Endpoint · Network
- IR retainer
- Separate
- Customers (public)
- Not published for MDR
- SOC analysts
- 60+ security specialists across SOC, red team, cyber forensics, threat analysts and CERT
- Onboarding
- Northwave says implementation starts with a plan covering service elements, phases, planning and threat-based use cases, then onboarding log sources and processes. No standard public onboarding duration was found.
›› Best for
›› IDEAL FOR
- Benelux, DACH and Nordic buyers that want European MDR with a Utrecht SOC
- Mid-market and enterprise teams that value MDR connected to CERT, IR, red team and threat research
- Organizations that want risk-based monitoring across endpoint telemetry, logs and network traffic
›› NOT IDEAL FOR
- Buyers that need public MDR pricing or response SLAs before engaging sales
- Teams that require a public list of endpoint isolation, account disable or network blocking actions
- Organizations that need clearly packaged SaaS, identity or cloud workload coverage in base MDR
›› Coverage
Endpoint
Included
Cloud
Limited
Identity
Limited
SaaS
Not offered
Network
Included
OT / IoT
Add-on
›› COMPATIBLE TOOLS
EDR
SIEM
Cloud
›› ADDITIONAL CAPABILITIES
›› Incident response
- Monitoring
- 24/7 · Northwave publishes 24/7 SOC monitoring from Utrecht. Exact shift model and analyst-to-customer ratio are not published
- First response
- Alert only — provider notifies your team with recommended actions · Custom playbooks supported
- Containment
- None documented
- Notification
- Phone · Email
- Response SLA
- Not disclosed · Northwave publishes 24/7 SOC monitoring, swift response language and a 24/7 Rapid Response service.
- IR included
- No — separate retainer
›› DETECTION QUALITY
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- Northwave says detection is tailored to the customer's risk profile and tuned to reduce irrelevant alarms. No public false-positive methodology was found.
›› THREAT HUNTING
- Included
- Yes — in base service
- Approach
- proactive
- Frequency
- Vendor-stated active searching. Exact hunt cadence not published.
›› Pricing
Custom quote. Northwave does not publish MDR package pricing.. Custom contracts.
- Indicative price
- Not published
What costs extra
- -Exact MDR pricing requires a Northwave quote
- -Rapid Response, red teaming, advanced red teaming, vulnerability management, OT security and Managed Security and Privacy Office work may be separate
- -Customer log source volume, endpoint telemetry, network traffic and threat-intelligence scope may affect total cost
- -Compliance and privacy services should be scoped separately from MDR
Cost caveats
- -Public pages do not publish response SLAs or named default response actions.
- -Rapid Response is a separate related service, so buyers should confirm what incident-response support is included in base MDR.
- -Cloud, SaaS and identity coverage are not named as clearly as endpoint, log and network telemetry.
- -Detection tuning depends on onboarding log sources and threat-based use cases, which may affect deployment effort.
Proof of value may be available through sales.
Pricing compiled from public sources. Verify directly with the provider.
›› The team
- Analysts
- Direct employees · 60+ security specialists across SOC, red team, cyber forensics, threat analysts and CERT
- Channels
- Portal · Email · Phone
- Data access
- Dashboard Access
- Portal
- Public pages describe monitoring, alert handling and a Security Operations Manager, but do not show raw query access or full portal workflow.
- Account manager
- Dedicated
›› Reputation
Northwave has limited MDR-specific public review volume. The public buyer case rests on European delivery, Utrecht SOC operations and the connection between MDR, CERT, red team and threat research. Buyers should validate response authority, cloud and identity coverage, pricing and escalation rules before signing.
›› WHAT CUSTOMERS PRAISE
- — MDR is backed by incident response, red team, threat analysts and CERT specialists
- — Utrecht SOC and European delivery fit Benelux and DACH buyers
- — Risk-based tuning helps avoid generic alert handling
›› COMMON COMPLAINTS
- — No public MDR pricing
- — No public contractual response SLA
- — Specific response actions and cloud or SaaS coverage need quote-level confirmation
›› REDDIT (R/SYSADMIN, R/MSP)
No meaningful Reddit signal found for Northwave MDR specifically.
›› Questions to ask
›› 8 questions to ask Northwave▾
- 1.
Which endpoint telemetry, log sources and network traffic sources are included in the MDR quote?
- 2.
Which response actions can Northwave take directly, and which require our approval?
- 3.
When does an incident move from MDR into the separate Rapid Response service?
- 4.
What contractual SLA applies to high-severity triage, escalation and containment?
- 5.
Which cloud, SaaS and identity sources are covered by default, and which require extra scope?
- 6.
What data, cases, detection content and threat-intelligence context can we export if we leave?
- 7.
How much Security Operations Manager time is included in the service?
- 8.
Which SOC location, shift model and analyst certifications apply to our contract?
›› Evidence
›› SOURCES REVIEWED
›› PUBLIC-DATA CAVEATS
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response workflows are described, but exact standard containment actions are not public.