At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Guided response
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 2 SOC regions
- Surfaces
- Endpoint · Identity
- IR retainer
- Separate
- Customers (public)
- 500+ customers
- SOC analysts
- Performanta publishes 150+ security specialists and says it has grown to over 180 security professionals. LinkedIn lists 51-200 employees, with 174 associated employees. Specific SOC analyst count is not published.
- Onboarding
- Not published. Performanta describes scoping, discovery, prioritisation, validation and mobilisation stages for Safe XDR, but no standard implementation duration was found.
Best for
Ideal for
- Buyers already committed to Microsoft Defender and Sentinel that want a services firm to manage detection and response
- Organizations that want attack-surface management and XDR monitoring reviewed together
- UK and South Africa buyers that prefer a provider with SOC delivery in those regions
Not ideal for
- Buyers that need public MDR pricing before sales
- Teams that require named autonomous endpoint or identity actions in public docs
- Organizations that want a pure-play MDR provider with broad published third-party EDR integrations
Coverage
Endpoint
Included
Cloud
Limited
Identity
Included
SaaS
Limited
Network
Limited
OT / IoT
Not offered
Compatible tools
EDR
SIEM
Cloud
Additional capabilities
Incident response
- Monitoring
- 24/7 · Performanta publishes 24/7/365 SOC services from its SOCs in the UK and South Africa. Exact shift handoff model and analyst-to-customer ratio are not published
- First response
- Alert only — provider notifies your team with recommended actions · Custom playbooks supported
- Containment
- None documented
- Notification
- Phone · Email
- Response SLA
- Not disclosed · Performanta publishes 24x7x365 SOC services, 24/7 XDR monitoring and an MDR service for Defender for Endpoint.
- IR included
- No — separate retainer
Detection quality
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- Performanta says rules, analytics, AI and human expertise are used to filter false positives and benign events from real threats. It does not publish a false-positive rate or tuning cadence.
Threat hunting
- Included
- Yes — in base service
- Approach
- proactive
- Frequency
- Public pages say threat hunting is proactive, automated and human-driven. Exact hunt cadence not published.
Pricing
Custom quote. Performanta does not publish MDR, Safe XDR or managed SOC package pricing.. Custom or managed soc or safe xdr or mdr for defender for endpoint contracts.
- Indicative price
- Not published
What costs extra
- -Exact MDR and Safe XDR pricing requires a Performanta quote
- -Microsoft Defender and Microsoft Sentinel licensing may be separate from Performanta's service fee
- -Incident response and digital forensics scope should be priced separately
- -Attack surface management, security assurance, managed controls and vulnerability management may be separate service lines
Cost caveats
- -Public pages do not publish MDR pricing, contract minimums or service-credit language.
- -The explicit MDR offer is tied to Defender for Endpoint, so Microsoft licensing and customer tenant readiness can drive total cost.
- -Public pages do not define default MDR response authority, so buyers need the managed-technology boundary in writing.
- -Cloud and SaaS coverage appear tied to Microsoft security controls and Safe XDR scope, so non-Microsoft telemetry should be confirmed early.
- -Incident response is listed as a consulting service, so buyers should confirm what is included in MDR versus a separate incident-response engagement.
Pricing compiled from public sources. Verify directly with the provider.
The team
- Analysts
- Direct employees · Performanta publishes 150+ security specialists and says it has grown to over 180 security professionals. LinkedIn lists 51-200 employees, with 174 associated employees. Specific SOC analyst count is not published.
- Channels
- Portal · Email · Phone
- Data access
- Dashboard Access
- Portal
- Performanta says Safe XDR provides transparency across the attack surface and a Risk Operations Centre for prioritisation and mitigation planning. Public pages do not show raw query access, case workflow depth or ticketing integrations.
- Account manager
- Shared / pooled
Reputation
No meaningful MDR-specific buyer-review signal was found in major English-language review communities during this pass. The public buyer case rests on Performanta's Microsoft security focus, UK and South Africa SOC operations, Safe XDR platform, threat-hunting process and incident-response consulting depth. Buyers should validate pricing, response authority, non-Microsoft telemetry support and exact incident-response inclusion directly.
Reddit (r/sysadmin, r/msp)
No meaningful Reddit signal found for Performanta MDR specifically.
Questions to ask
7 questions to ask Performanta▾
- 1.
Is our scope the Defender for Endpoint MDR service, Safe XDR, managed SOC or a mix of the three?
- 2.
Which response actions can Performanta take directly, and which require our team to execute?
- 3.
Which Microsoft licenses and Sentinel data costs sit outside the service fee?
- 4.
Which non-Microsoft EDR, SIEM, cloud and SaaS telemetry sources are supported in our environment?
- 5.
What incident-response work is included in MDR and what requires a separate consulting engagement?
- 6.
What contractual SLA applies to high-severity triage, escalation and containment?
- 7.
What detection rules, playbooks, reports and case history can we export if we leave?
Evidence
Sources reviewed
Public-data caveats
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response workflows are described, but exact standard containment actions are not public.
- -MDR analyst headcount or analyst-to-customer ratio is not public.