At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Active remediation
- MTTA SLA
- ≤1 hour
- Coverage
- 24×7 · 1 SOC region
- IR retainer
- ✓ Bundled
- Customers (public)
- Not published for MDR
- SOC analysts
- r-tec's LinkedIn page lists 51-200 employees. MDR-specific analyst count is not published.
- Onboarding
- r-tec says site collectors support simple and fast implementation, but no standard public onboarding duration was found.
Best for
Ideal for
- German mid-market and enterprise buyers that want MDR from a services firm with incident-response depth
- KRITIS, industrial and OT-heavy organizations evaluating MDR for both IT and control environments
- Teams that want Exabeam, Microsoft Sentinel, CrowdStrike or Microsoft Defender XDR operated by an external Cyber Defense Center
Not ideal for
- Buyers that need public price cards or contract minimums before sales engagement
- Organizations that want an MDR portal demonstrated on the public website
- Teams that need all response actions and OT MDR bundled into one standard package without quote-level validation
Coverage
Endpoint
Limited
Cloud
Not offered
Identity
Limited
SaaS
Not offered
Network
Limited
OT / IoT
Add-on
Compatible tools
EDR
SIEM
Cloud
Additional capabilities
Incident response
- Monitoring
- 24/7 · Premium MDR service times are published as 24x7. Basic service times are published as Monday-Friday, 8:00-18:00, while automated detection and alerting are 24x7 on both tiers. Exact analyst shift model and ratio are not published
- First response
- Alert only — provider notifies your team with recommended actions · Custom playbooks supported
- Containment
- None documented
- Notification
- Phone · Email
- Response SLA
- ≤1 hour · r-tec publishes Basic and Premium MDR service levels.
- IR included
- Yes — in contract
Detection quality
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- r-tec says the service identifies deviations from normal behavior across users, devices, properties, relationships and events. Human analysts review anomalies before alarm and response. Public pages do not publish a false-positive rate.
Threat hunting
- Included
- Yes — in base service
- Approach
- proactive
- Frequency
- Listed on the MDR service-level table. Exact cadence not published.
Pricing
Tiered custom quote. r-tec publishes Basic and Premium MDR tiers but does not publish prices.. Basic or premium or custom contracts.
- Indicative price
- Not published
What costs extra
- -Exact MDR pricing requires an r-tec quote
- -Additional costs for a security incident apply only after prior coordination and approval
- -OT MDR, Managed EDR, Incident Response Service, Vulnerability Management and Dark Web Monitoring may have separate scope
- -Exabeam, Microsoft Sentinel, CrowdStrike, Microsoft Defender XDR and Claroty licensing can affect total cost
Cost caveats
- -Premium is required for 24x7 service times and the 1-hour qualification and First Response target.
- -Basic still has 24x7 automated detection and alerting, but human service hours are Monday-Friday, 8:00-18:00.
- -Public pages do not publish prices or contract minimums.
- -Optional direct response should be converted into a written pre-approval matrix.
- -Endpoint telemetry may depend on contracted CrowdStrike, Microsoft Defender XDR or Managed EDR scope.
- -OT MDR and Managed EDR are separate named services, so buyers should confirm whether they are included or quoted separately.
Pricing compiled from public sources. Verify directly with the provider.
The team
- Analysts
- Direct employees · r-tec's LinkedIn page lists 51-200 employees. MDR-specific analyst count is not published.
- Certifications
- ISO 27001ISO 9001BSI-certified APT Response service provider
- Channels
- Email · Phone
- Data access
- Dashboard Access
- Portal
- Public MDR pages do not show a dedicated portal. The service relies on r-tec analyst qualification, alarm workflows, recommendations and incident-response handoff.
- Account manager
- Shared / pooled
Reputation
r-tec has limited MDR-specific public review volume. The public buyer case rests on German delivery, a published IT MDR service, a separate OT MDR service, BSI APT-response status and clear Basic versus Premium service-level targets. Buyers should validate exact response authority, pricing, OT scope and the operating model behind Premium 24x7 service.
What customers praise
- — Published MDR service-level targets separate Basic and Premium coverage
- — IT MDR and OT MDR pages support mixed enterprise and industrial environments
- — German delivery and ISO 27001 or ISO 9001 certification support regulated-buyer diligence
Common complaints
- — No public MDR pricing
- — No public MDR-specific analyst count
- — Response-action authority needs contract-level confirmation
Reddit (r/sysadmin, r/msp)
No meaningful Reddit signal found for r-tec MDR specifically.
Questions to ask
8 questions to ask r-tec IT Security▾
- 1.
Are we buying Basic or Premium MDR and which service hours apply to human response?
- 2.
Which IT log sources, endpoints, identities, cloud services and network sources are included in our quote?
- 3.
Is OT MDR included or is it a separate service with separate Claroty or OT network scope?
- 4.
Which response actions can r-tec take directly and which require our approval?
- 5.
What does the 1-hour Premium qualification and First Response target mean in the contract?
- 6.
How are additional incident costs approved, billed and capped?
- 7.
Which data, detection content, reports and case notes can we export if we leave?
- 8.
Which German data-center, ISO and BSI APT Response scopes apply to our service?
Evidence
Sources reviewed
Public-data caveats
- -SLA caveat: r-tec publishes Basic and Premium MDR service levels. Automated attack detection and alerting are 24x7 on both tiers. Published qualification and First Response targets are maximum 2 hours on Basic and maximum 1 hour on Premium. Expert remote response is maximum 6 hours on Basic and maximum 4 hours on Premium, with onsite expert response listed as next business day. Buyers should confirm contractual terms and service-credit language.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response workflows are described, but exact standard containment actions are not public.
- -MDR analyst headcount or analyst-to-customer ratio is not public.