›› At a glance
- Delivery model
- Tech-agnostic (works with your tools)
- Response authority
- Guided response
- MTTA SLA
- Not disclosed
- Coverage
- 24×7 · 1 SOC region
- Surfaces
- Endpoint · Cloud · Identity · Network
- IR retainer
- Separate
- Customers (public)
- Not published for MDR
- SOC analysts
- 140 cybersecurity professionals across security operations, incident response, offensive security and advisory
- Onboarding
- Tesorion says MDR use cases are tailored per organisation and linked to mitigating measures. No standard public onboarding duration was found.
›› Best for
›› IDEAL FOR
- Dutch organisations that want MDR from a Netherlands-based cybersecurity services firm
- Mid-market and enterprise teams that want T-SOC monitoring tied to XDR, SOAR and threat intelligence
- Buyers that value local incident response, red team and advisory capabilities around the MDR service
›› NOT IDEAL FOR
- Buyers that need public MDR pricing or contractual response SLAs before sales engagement
- Teams that require a public list of endpoint isolation, account disable or network blocking actions
- Organizations that want a pure-play MDR provider without broader services-firm scope
›› Coverage
Endpoint
Included
Cloud
Included
Identity
Included
SaaS
Limited
Network
Included
OT / IoT
Add-on
›› COMPATIBLE TOOLS
EDR
Cloud
›› ADDITIONAL CAPABILITIES
›› Incident response
- Monitoring
- 24/7 · Tesorion publishes 24/7 MDR and a 24/7 T-CERT incident phone number. Exact SOC shift model and analyst-to-customer ratio are not published
- First response
- Alert only — provider notifies your team with recommended actions · Custom playbooks supported
- Containment
- None documented
- Notification
- Phone · Email
- Response SLA
- Not disclosed · Tesorion publishes 24/7 MDR, early threat detection and mitigation where possible.
- IR included
- No — separate retainer
›› DETECTION QUALITY
- MTTD (detect)
- Not published
- MTTR (respond)
- Not published
- False positives
- Tesorion says incidents from XDR domains are normalized, automated and correlated through SOAR, then enriched with threat intelligence. No public false-positive methodology was found.
›› THREAT HUNTING
- Included
- Yes — in base service
- Approach
- hybrid
- Frequency
- Vendor-stated continuous monitoring with threat intelligence enrichment. Exact hunt cadence not published.
›› Pricing
Custom quote. Tesorion does not publish MDR package pricing.. Custom contracts.
- Indicative price
- Not published
What costs extra
- -Exact MDR pricing requires a Tesorion quote
- -T-CERT incident response, EDR, NDR, managed firewall, pentesting, red team and advisory work may be separate
- -Partner technology such as SentinelOne, Vectra AI, Recorded Future, Halcyon, Qualys, Proofpoint and KnowBe4 may affect total cost
- -Cloud, SaaS, identity, network and application source scope should be defined in the quote
Cost caveats
- -Public pages do not publish response SLAs or named default response actions.
- -The public MDR page says mitigation is immediate where possible, but does not specify what Tesorion can do without customer approval.
- -T-CERT incident response is prominent, but buyers should confirm whether IR hours are included in MDR or sold separately.
- -Tesorion lists broad coverage across domains, so buyers should confirm which monitored sources are included in base MDR.
Pricing compiled from public sources. Verify directly with the provider.
›› The team
- Analysts
- Direct employees · 140 cybersecurity professionals across security operations, incident response, offensive security and advisory
- Certifications
- ISO 27001NEN 7510
- Channels
- Email · Phone
- Data access
- Reports Only
- Portal
- Public pages describe MDR, XDR, SOAR and use cases, but do not show raw query access or a full portal workflow.
- Account manager
- Shared / pooled
›› Reputation
Tesorion has limited MDR-specific public review volume. The public buyer case rests on Dutch delivery, T-SOC operations, XDR and SOAR correlation, threat intelligence and nearby T-CERT incident response. Buyers should validate pricing, response authority, included source scope and whether T-CERT support is included before signing.
›› WHAT CUSTOMERS PRAISE
- — Dutch provider with Netherlands offices and local service delivery
- — MDR is tied to XDR, SOAR, threat intelligence and MITRE ATT&CK use cases
- — T-CERT incident response and offensive security teams can support broader security work
›› COMMON COMPLAINTS
- — No public MDR pricing
- — No public contractual MDR response SLA
- — Specific response actions and T-CERT inclusion need quote-level confirmation
›› REDDIT (R/SYSADMIN, R/MSP)
No meaningful Reddit signal found for Tesorion MDR specifically.
›› Questions to ask
›› 8 questions to ask Tesorion▾
- 1.
Which endpoint, identity, network, cloud and application sources are included in the MDR quote?
- 2.
Which response actions can Tesorion take directly, and which require our approval?
- 3.
Is T-CERT incident-response support included in MDR, or is it sold as a separate retainer or project?
- 4.
What contractual SLA applies to high-severity triage, escalation and containment?
- 5.
Which partner technologies are required, optional or already covered by our existing licenses?
- 6.
How are MITRE ATT&CK use cases tuned for our environment, and what detection content can we export if we leave?
- 7.
Which Netherlands SOC location, shift model and analyst certifications apply to our contract?
- 8.
How are cloud, SaaS, identity and OT sources priced if we add them after onboarding?
›› Evidence
›› SOURCES REVIEWED
›› PUBLIC-DATA CAVEATS
- -No public contractual response-time SLA is recorded for this profile.
- -No public fixed price is recorded; compare only after a scoped quote.
- -No public breach warranty is recorded.
- -Response workflows are described, but exact standard containment actions are not public.