

Optiv MDR
Services-firm MDR from Optiv, built on Google Security Operations with Optiv data engineering, SOAR playbooks, Global Threat Intelligence Center feeds and 24/7/365 analyst monitoring. The service is designed for enterprises modernizing a multi-vendor SOC rather than buyers looking for a packaged endpoint-only MDR. It supports EDR, identity, network, collaboration, cloud, on-prem and hybrid telemetry, with automated hunting in the core offer and custom manual hunting available as an option.
Buyer fit
Good fit when
- ✓Enterprises with a multi-vendor security stack that want a managed layer without replacing core tools
- ✓Teams standardizing on Google Security Operations or evaluating Google SecOps as their detection platform
- ✓Organizations modernizing an existing SOC while needing 24/7 analyst coverage
- ✓Buyers that want MDR tied to broader advisory, implementation and technology-sourcing support
Watch out when
- ×SMBs wanting simple per-endpoint MDR pricing
- ×Buyers that need a public price, public SLA and public breach warranty before sales engagement
- ×Teams seeking a single-vendor endpoint bundle with minimal SIEM or log-management work
- ×Organizations that cannot forecast data ingestion and retention costs
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Optional Technical Account Management
- –Custom manual threat hunting
- –Additional active defense or incident-response hours beyond the included annual active-defense allocation
- –Broader SOC modernization work
- –Underlying security tools and telemetry sources not already licensed
- –Possible additional data ingestion or retention beyond scoped Google Security Operations terms
Cost caveats
- –Optiv MDR is built for complex environments; buyers should model Google Security Operations ingestion and retention volume before comparing it with per-endpoint MDR quotes.
- –The service can manage many existing tools, but those EDR, identity, cloud and network tools remain separate licensing costs.
- –Active defense is described as 40 hours per year. Clarify the hourly rate and escalation path once that allocation is consumed.
- –TAM and custom manual threat hunting are optional components, not baseline inclusions.
- –No public price floor, public SLA or breach warranty was found.
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Reputation
Optiv has strong brand recognition as a large cyber advisory and technology-services firm, but MDR-specific peer review volume is thinner than for MDR-first vendors. Gartner Peer Insights lists Optiv reviews in managed security services rather than a separate high-volume MDR product page. Reddit discussion is mostly about Optiv as a reseller and services firm, not day-to-day MDR operations.
What customers praise
- ✓Large services firm with broad technology partner coverage
- ✓Useful fit for enterprises trying to modernize an existing SOC rather than replace tools
- ✓Google Security Operations architecture gives buyers a known platform foundation
- ✓Analyst recognition in KuppingerCole's 2024 MDR Leadership Compass
Common complaints
- ×Limited MDR-specific public reviews compared with MDR-first providers
- ×Pricing is opaque and depends on data volume, scope and optional services
- ×Buyers must distinguish MDR from Optiv's broader advisory, reseller and SOC modernization work
- ×No public contractual SLA or breach warranty found
Sparse and mixed. Mentions tend to discuss Optiv as a VAR/advisory firm rather than a standalone MDR provider, so Reddit is not a strong validation source for MDR service quality.
Questions to ask
- 1.
Which log sources are included in the base MDR scope, and what is the projected Google Security Operations ingestion cost at our current and peak volumes?
- 2.
What contractual SLA applies to critical investigations, containment and customer notification?
- 3.
Which response actions are pre-approved by default for our EDR, identity, network and collaboration tools?
- 4.
How are the 40 annual active-defense hours consumed, and what rate applies after they are exhausted?
- 5.
Is optional Technical Account Management included in this quote or priced separately?
- 6.
What detection rules and SOAR playbooks can we export if we leave?
- 7.
How many analysts support our account, where are they located and what is the overnight escalation path?
- 8.
Can Optiv provide MDR-specific customer references in our industry rather than broader consulting references?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
- –MDR analyst headcount or analyst-to-customer ratio is not public.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.