Obrela MDR

Name: Obrela Obrela MDR
Brand: Obrela

Works with your toolsIntegrates with your existing security tools via APIs. You keep your current EDR, SIEM, and cloud tools.

Visit website →

European services firm delivering technology-agnostic MDR through its proprietary SWORDFISH Open XDR platform. Founded in Athens in 2010 and expanded via the Encode acquisition in 2022, Obrela now operates from London with ROCs across Europe and the Middle East. Unusual among MDR providers for offering dedicated OT/ICS and maritime vessel monitoring as separate services.

SLA ≤15 minutes

Monitoring 24/7

IR Included

From Custom pricing

Visit website →

Best For

Ideal for

European or MENA organizations wanting local SOC presence and data residency
Maritime or OT/ICS operators needing MDR built for those environments
Microsoft-centric shops wanting Sentinel/Defender MDR from a MISA member

Not ideal for

North American or APAC organizations needing local SOC presence
Buyers who need transparent, published pricing before engaging sales
Teams expecting threat hunting included in base MDR

Coverage

Endpoint

Included

Cloud

Limited

Identity

Included

SaaS

Included

Network

Included

OT / IoT

Add-on

Compatible Tools

EDR

Microsoft Defender

SIEM

Microsoft Sentinel

Cloud

Microsoft Azure

Additional Capabilities

MDR for OT/ICS (Dragos and Nozomi integration)MDR for Vessels (maritime IT/OT, NIS2/IMO compliance)MDR for Brand (digital risk protection)Exposure Management Console (CTEM alignment)CREST-certified DFIR retainer

Incident Response

Monitoring24/7 · Follow-the-sun across three ROCs: Athens, Riyadh, and Dubai. 24/7/365

First ResponseConfigurable — auto-act per your playbook, or escalate for approval · Custom playbooks supported

ContainmentEndpoint isolation · Process kill · Network containment · Account disable · File quarantine

NotificationPhone · Email

Response SLA

≤15 minutes

Obrela publishes a mean response time of under 15 minutes.

IR IncludedYes — in contract

Detection Quality

MTTD (detect)Not published

MTTR (respond)Under 15 minutes (vendor-published). Obrela's website claims 11.2-minute average for critical incidents, but this is self-reported, not independently validated.

False PositivesNot published. Obrela mentions analyst validation before remediation but does not detail false positive rates or reduction methodology.

Threat Hunting

IncludedExtra cost

Approachhybrid

FrequencyNot published

Pricing

Custom pricing. Four tiers: MDR Core Lite, Core Plus, CoreX Max, and CoreX Elite, with increasing detection content and hunting capabilities. Specialized modulespriced separately.. Not published contracts.

Pricing compiled from public sources. Verify directly with the provider.

The Team

AnalystsDirect employees · Not published separately. ~180 employees at time of Encode merger (2022).

ChannelsEmail · Portal · Phone

Data AccessDashboard Access

PortalSWORDFISH portal includes CyberOps (service delivery dashboards), EMC (exposure management), and SRM (service requests). No independent reviews of the portal experience exist on G2 or PeerSpot.

Account ManagerDedicated

Reputation

Mixed

Named in the Gartner Market Guide for MDR four times (2021, 2023, 2024, 2025) and included in Forrester Wave MDR Services Europe Q3 2025. Virtually no customer reviews on G2, PeerSpot, or Reddit. Glassdoor 3.7/5 (52 reviews, 63% recommend). Strong analyst recognition but almost no independent customer validation.

What customers praise

Gartner Market Guide (4 editions) and Forrester Wave MDR Europe Q3 2025 inclusion
Publishes operational metrics (11.2-minute MTTR claim) when most competitors do not
OT/ICS and maritime vessel MDR serve verticals most MDR providers ignore

Common complaints

Virtually no public customer reviews anywhere (G2, PeerSpot, Reddit)
Opaque four-tier pricing with no published feature boundaries between tiers
Threat hunting is an add-on at every tier, unlike competitors who include it

Reddit (r/sysadmin, r/msp)

No mentions found in r/msp, r/cybersecurity, or r/sysadmin.

What to Ask Obrela (6 questions)▼

1.
What specific capabilities differ between MDR Core Lite, Core Plus, CoreX Max, and CoreX Elite? Can we see a feature comparison?
2.
Threat hunting is listed as an add-on. What does it cost, how many hunts per quarter, and what triggers a proactive hunt versus a reactive one?
3.
The 11.2-minute MTTR for critical incidents on your website, how is that measured and what percentage of incidents does it cover?
4.
We do not use Microsoft Sentinel. What detection coverage gaps exist when SWORDFISH integrates with a non-Microsoft SIEM?
5.
If we leave Obrela, what happens to detection content, playbooks, and historical data stored in SWORDFISH?
6.
You have virtually no public customer reviews. Can you provide three references in our industry and region?

Compare

Browse Related

By size

MDR for Mid-market →MDR for Enterprise →

By region

Providers in Europe →Providers in MEA →

By compliance

ISO 27001:2013 compliant MDR →ISO 9001:2015 compliant MDR →ISO 22301:2019 compliant MDR →

By integration

MDR with Microsoft Defender →

By industry

MDR for Financial Services →MDR for Healthcare →

Information compiled from public sources. Verify details directly with the provider before making decisions.

Best For

Ideal for

European or MENA organizations wanting local SOC presence and data residency
Maritime or OT/ICS operators needing MDR built for those environments
Microsoft-centric shops wanting Sentinel/Defender MDR from a MISA member

Not ideal for

North American or APAC organizations needing local SOC presence
Buyers who need transparent, published pricing before engaging sales
Teams expecting threat hunting included in base MDR

Coverage

Endpoint

Included

Cloud

Limited

Identity

Included

SaaS

Included

Network

Included

OT / IoT

Add-on

Compatible Tools

EDR

Microsoft Defender

SIEM

Microsoft Sentinel

Cloud

Microsoft Azure

Additional Capabilities

Incident Response

Monitoring24/7 · Follow-the-sun across three ROCs: Athens, Riyadh, and Dubai. 24/7/365

First ResponseConfigurable — auto-act per your playbook, or escalate for approval · Custom playbooks supported

ContainmentEndpoint isolation · Process kill · Network containment · Account disable · File quarantine

NotificationPhone · Email

Response SLA

≤15 minutes

Obrela publishes a mean response time of under 15 minutes.

IR IncludedYes — in contract

The Team

AnalystsDirect employees · Not published separately. ~180 employees at time of Encode merger (2022).

ChannelsEmail · Portal · Phone

Data AccessDashboard Access

PortalSWORDFISH portal includes CyberOps (service delivery dashboards), EMC (exposure management), and SRM (service requests). No independent reviews of the portal experience exist on G2 or PeerSpot.

Account ManagerDedicated

Reputation

Mixed

What customers praise

Gartner Market Guide (4 editions) and Forrester Wave MDR Europe Q3 2025 inclusion
Publishes operational metrics (11.2-minute MTTR claim) when most competitors do not
OT/ICS and maritime vessel MDR serve verticals most MDR providers ignore

Common complaints

Virtually no public customer reviews anywhere (G2, PeerSpot, Reddit)
Opaque four-tier pricing with no published feature boundaries between tiers
Threat hunting is an add-on at every tier, unlike competitors who include it

Reddit (r/sysadmin, r/msp)

No mentions found in r/msp, r/cybersecurity, or r/sysadmin.