Buyer fit
Good fit when
- ✓US mid-market organizations in healthcare, financial services, or government wanting affordable MDR for regulated environments
- ✓Teams with existing EDR tools (CrowdStrike, SentinelOne, Microsoft Defender) wanting managed detection without ripping and replacing
- ✓Organizations that want a $2M breach warranty and HITRUST readiness consulting from one vendor
Watch out when
- ×International organizations needing non-US SOC coverage or multilingual support
- ×Buyers who want an MDR provider with strong independent validation (no MITRE participation, almost no public reviews)
- ×Organizations needing OT/ICS coverage or follow-the-sun SOC operations
Coverage
2 of 6 attack surfaces in the base price — the rest are separately priced.
EDR
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –RansomSnare module (separate annual license, described as 'modest fee')
- –Incident response retainer (separate purchase)
- –Network MDR (separate pricing by bandwidth)
- –Log MDR (separate pricing by daily GB ingestion)
- –vCISO and advisory services
Cost caveats
- –Incident response is NOT included in base MDR. Separate retainer required for the 2-hour response commitment.
- –Network MDR, Log MDR, and Pondurance for Microsoft are all separate products with separate pricing on top of endpoint MDR
- –RansomSnare module is a separate license on top of MDR (free promotion for new customers may be time-limited)
- –Cloud, SaaS (M365), and network coverage each require purchasing separate product modules beyond base endpoint MDR
Breach warranty up to $2,000,000.
Verify pricing directly with the provider.
Team and access
Reputation
Gartner Peer Insights 5.0/5 but only 2 reviews, too small to draw conclusions. Named in Gartner 2024 Market Guide for MDR as the only 'risk-based' vendor. Almost no presence on G2, PeerSpot, or Reddit. Glassdoor 2.4/5 (36 reviews) with recurring complaints about leadership and employee turnover.
What customers praise
- ✓Affordable pricing compared to larger MDR providers
- ✓Easy deployment with hands-on onboarding support
- ✓Risk-based approach tailored to regulated industries
Common complaints
- ×Almost zero independent review presence (2 Gartner reviews, no PeerSpot reviews, no Reddit mentions)
- ×Glassdoor 2.4/5 with recurring complaints about leadership, turnover, and morale (only 26% would recommend)
- ×Small team (~124 employees) with US-only overnight on-call, not follow-the-sun
No mentions found in r/msp, r/cybersecurity, or r/sysadmin.
Questions to ask
- 1.
The marketing says 'typical time to remediation under 15 minutes.' Will you put an MTTR commitment in the contract?
- 2.
What exactly qualifies as a covered incident under the $2M Assurance Program, and what scenarios are excluded?
- 3.
How does overnight coverage actually work? Is there a staffed SOC at 3am or are analysts on-call and paged in?
- 4.
Is the RansomSnare module included in MDR pricing long-term, or does the free launch promotion expire?
- 5.
What is the data retention policy, and what data can we export if we leave?
- 6.
Glassdoor reviews mention significant employee turnover. How has SOC analyst retention been over the past year?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –Response authority may depend on pre-approval and contract scope.
Also consider
Independent research. Verify details directly with the provider before making decisions.
