Buyer fit
Good fit when
- ✓European or MENA organizations wanting local SOC presence and data residency
- ✓Maritime or OT/ICS operators needing MDR built for those environments
- ✓Microsoft-centric shops wanting Sentinel/Defender MDR from a MISA member
Watch out when
- ×North American or APAC organizations needing local SOC presence
- ×Buyers who need transparent, published pricing before engaging sales
- ×Teams expecting threat hunting included in base MDR
Coverage
4 of 6 attack surfaces in the base price — the rest are separately priced.
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Threat hunting (add-on at all tiers)
- –MDR for OT (separate service, Dragos/Nozomi integration)
- –MDR for Vessels (separate maritime-specific service)
- –MDR for Brand (digital risk protection, separate)
- –CoreX Max/Elite tiers (advanced detection content beyond Core Lite/Plus)
Cost caveats
- –Threat hunting is an add-on at every tier, not included in base MDR
- –Four-tier model (Core Lite through CoreX Elite) with feature boundaries not publicly documented
- –OT, Vessels, and Brand modules each carry separate pricing on top of base MDR
- –Core and CoreX tiers are built around Microsoft Defender XDR and Sentinel, which may require Microsoft licensing you do not already own
- –Cloud workload monitoring currently supports only Microsoft Azure. AWS and GCP support is listed as 'future' on their website
Verify pricing directly with the provider.
Team and access
Reputation
Named in the Gartner Market Guide for MDR four times (2021, 2023, 2024, 2025) and included in Forrester Wave MDR Services Europe Q3 2025. Virtually no customer reviews on G2, PeerSpot, or Reddit. Glassdoor 3.7/5 (52 reviews, 63% recommend). Strong analyst recognition but almost no independent customer validation.
What customers praise
- ✓Gartner Market Guide (4 editions) and Forrester Wave MDR Europe Q3 2025 inclusion
- ✓Publishes operational metrics (11.2-minute MTTR claim) when most competitors do not
- ✓OT/ICS and maritime vessel MDR serve verticals most MDR providers ignore
Common complaints
- ×Virtually no public customer reviews anywhere (G2, PeerSpot, Reddit)
- ×Opaque four-tier pricing with no published feature boundaries between tiers
- ×Threat hunting is an add-on at every tier, unlike competitors who include it
No mentions found in r/msp, r/cybersecurity, or r/sysadmin.
Questions to ask
- 1.
What specific capabilities differ between MDR Core Lite, Core Plus, CoreX Max, and CoreX Elite? Can we see a feature comparison?
- 2.
Threat hunting is listed as an add-on. What does it cost, how many hunts per quarter, and what triggers a proactive hunt versus a reactive one?
- 3.
The 11.2-minute MTTR for critical incidents on your website, how is that measured and what percentage of incidents does it cover?
- 4.
We do not use Microsoft Sentinel. What detection coverage gaps exist when SWORDFISH integrates with a non-Microsoft SIEM?
- 5.
If we leave Obrela, what happens to detection content, playbooks, and historical data stored in SWORDFISH?
- 6.
You have virtually no public customer reviews. Can you provide three references in our industry and region?
Evidence
Sources reviewed
Public-data caveats
- –SLA caveat: Obrela publishes a mean response time of under 15 minutes. Their website also claims an 11.2-minute average for critical incidents (vendor-published, not independently verified). Some remediation actions are automatic via playbooks, others require customer approval per engagement rules.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Further reading
Independent research. Verify details directly with the provider before making decisions.
