›› At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Active remediation
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 1 SOC region
- Surfaces
- Endpoint · Cloud · SaaS · Identity · Network
- IR retainer
- ✓ Bundled
- Customers (public)
- Not published
- SOC analysts
- 60+ technical experts across the Cyber Defense Centers, 98 total employees as of March 2026
- Onboarding
- Vendor reports onboarding compressed from 1 week to 1 day for Microsoft-stack customers
›› Best for
›› IDEAL FOR
- German SMEs and regulated EU buyers that need on-premises or sovereign cloud delivery for NIS2 and BSI alignment
- Customers that already own SIEM and EDR and want a co-managed SOC layer rather than a rip-and-replace platform
- Microsoft-stack mid-market buyers in DACH that want a German MDR with deep Sentinel and Defender practice
›› NOT IDEAL FOR
- Non-European multinationals needing 24/7 follow-the-sun coverage from regional SOCs
- Buyers who require a published response SLA and breach warranty backed by financial commitments
- Teams that rely heavily on G2 or large public review pools to vet vendors
›› Coverage
Endpoint
Included
Cloud
Included
Identity
Included
SaaS
Included
Network
Included
OT / IoT
Limited
›› COMPATIBLE TOOLS
EDR
SIEM
Cloud
›› ADDITIONAL CAPABILITIES
›› Incident response
- Monitoring
- 24/7 · Coverage from German-based Cyber Defense Centers, specific shift model not published
- First response
- Configurable — auto-act per your playbook, or escalate for approval · Custom playbooks supported
- Containment
- Endpoint isolation · Process kill · Network containment · Account disable · File quarantine
- Notification
- Phone · Email
- Response SLA
- Not disclosed · SECUINFRA does not publish a public response SLA.
- IR included
- Yes — in contract
›› DETECTION QUALITY
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- Detection content is custom-built per customer in the underlying SIEM rather than relying on a one-size-fits-all rules pack. Specific false-positive rates are not published.
›› THREAT HUNTING
- Included
- Yes — in base service
- Approach
- hybrid
- Frequency
- Continuous as part of the MDR engagement
›› Pricing
Custom quote, varies by chosen tierand integrated SIEM and EDR. Sold direct.. Annual or multi-year contracts.
- Indicative price
- Not published
What costs extra
- -SOC consulting and CDRC build-out
- -SIEM use case engineering
- -Incident response retainer
Cost caveats
- -On-Premises tier requires the customer to keep running their own SIEM hardware and licensing
- -Co-Managed tier means the customer's team still executes part of the response
- -No published SLA, response timing depends on the underlying SIEM and EDR you bring
Pricing compiled from public sources. Verify directly with the provider.
›› The team
- Analysts
- Direct employees · 60+ technical experts across the Cyber Defense Centers, 98 total employees as of March 2026
- Certifications
- Not published
- Channels
- Email · Portal · Phone
- Data access
- Full Query Access
- Portal
- On-Premises and Co-Managed tiers leave the SIEM with the customer, so analysts and customer engineers query the same data store. Portal depth is not separately documented for the full-service tier.
- Account manager
- Dedicated
›› Reputation
SECUINFRA has a Gartner Peer Insights vendor profile in the MDR category but limited English-language community coverage on G2 and PeerSpot. Most public sentiment comes from German-language IT press and the firm's own publishing. Buyers shopping outside Germany should expect to lean on direct references.
›› WHAT CUSTOMERS PRAISE
- — Sovereign delivery options appeal to German SMEs and regulated EU buyers wary of US cloud providers
- — Three-tier model (full-service, co-managed, on-premises) gives buyers a real choice on data residency
- — Placed 4th in Germany's Best Employers 2025 by Great Place to Work, suggests lower analyst churn than typical for a German MSSP
›› COMMON COMPLAINTS
- — Limited public review base outside German-language sources
- — No published SLA or detection metrics to benchmark against pure-play competitors
- — Footprint is concentrated in Germany, multinationals will need to confirm timezone and language coverage
›› REDDIT (R/SYSADMIN, R/MSP)
Almost no English-language Reddit discussion. r/cybersecurity_de and German LinkedIn carry more chatter than the global subs.
›› Questions to ask
›› 7 questions to ask SECUINFRA▾
- 1.
Which of the three tiers fits us best, full-service, Co-Managed or On-Premises, and how does pricing differ between them?
- 2.
If we go On-Premises, what hardware, SIEM licensing and storage costs are we still on the hook for?
- 3.
How does response work at 3am if our team is unreachable, and which actions are autonomous versus customer-approved?
- 4.
What detection content stays with us if we leave, and what is built specifically inside our SIEM versus your platform?
- 5.
Do you have customer references in our regulated sector, ideally NIS2 or BSI-aligned, that we can speak with?
- 6.
How do you handle multilingual reporting if we have non-German operating units?
- 7.
What does the analyst rotation look like, and how is night shift covered from German Cyber Defense Centers?
›› Evidence
›› SOURCES REVIEWED
›› PUBLIC-DATA CAVEATS
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response authority may depend on pre-approval and contract scope.