Truesec Truesec MDR (Core, Enterprise, Black)

Truesec MDR is a Swedish managed detection and response service with the largest Security Operations Center in the Nordic region, delivering 3-tier MDR services through 330+ cyber specialists.

Key Facts:

• Headquartered in Stockholm, Sweden
• SEB Private Equity portfolio company (implications: potential for future acquisitions, ownership changes, or strategic shifts)
• 330+ cyber specialists
• Largest SOC in the Nordics
• 100,000+ hours incident management experience
• EY strategic partnership announced March 2025
• 3-tier service model: MDR Core, MDR Enterprise, MDR Black (launched October 2024)
• Critical for buyers: Nordic-focused (Sweden, Norway, Denmark, Finland) with unclear US expansion timeline
• Critical for buyers: Claims "perfect track record" with no business-impacting incidents (impossible to verify independently)
• Critical for buyers: 86% of customers have >500 FTEs (not suitable for small businesses)
• Onboarding: 72 hours for MDR Core tier

Geographic Limitations and US Expansion Uncertainty

• Primary focus is Nordic region (Sweden, Norway, Denmark, Finland)
• US expansion announced but timeline and success unclear
• Critical questions for buyers:

• May have less expertise in US-specific compliance (HIPAA, state privacy laws)
• US market presence unclear compared to established US vendors

Unverifiable "Perfect Track Record" Claim

• Company claims "no customer in a monitored environment has experienced a business-impacting incident since day one"
• Critical issues with this claim:

Limited Public Customer Reviews

• Facebook: 92% recommend (only 11 reviews total - very small sample)
• Google: Mentions of "fast and friendly service" (not MDR-specific)
• Glassdoor: 6 employee reviews (not customer reviews of MDR service)
• No PeerSpot reviews found
• No G2 reviews found
• No Gartner Peer Insights reviews found
• Buyer impact: Cannot assess service quality through independent public reviews
• Comparison: Competitors have hundreds of reviews on major platforms

No Performance Metrics Disclosed

• No MTTD (Mean Time to Detect) published
• No MTTR (Mean Time to Respond) published
• No specific SLA response timeframes disclosed
• Only metric disclosed: 72-hour onboarding for MDR Core
• Cannot benchmark against industry standards (typical MTTR: 2-4 hours)
• Buyer impact: No way to evaluate operational excellence without vendor-provided data

Customer Size Profile

• 86% of customers have >500 FTEs (employees)
• Implication: Not suitable for small businesses (under 500 employees)
• Service designed for mid-market and enterprise
• Small businesses likely priced out or not target market
• MDR Core positioned for "small and medium-sized organizations" but 86% stat suggests otherwise

Pricing Opacity

• No public pricing for any of the three tiers
• Cannot budget without sales engagement for each tier
• Impossible to conduct preliminary cost comparison across tiers
• Must invest time comparing Core vs Enterprise vs Black without price anchors
• Buyer impact: Significant time investment required to determine tier and pricing fit

Private Equity Ownership Implications

• Owned by SEB Private Equity
• Buyer concerns with PE ownership:

• Positive aspects: Strong financial backing, potential for investment in growth

Limited Brand Recognition

• Smaller brand compared to CrowdStrike, SentinelOne, Palo Alto Networks
• Nordic market leader but limited global presence
• Less market awareness outside Scandinavia
• Fewer public case studies available
• Limited public discussion and community knowledge outside Nordics
• Implication: Harder to find peer references outside Nordic region

Limited Public Information

• Few public case studies for MDR service
• Company founding year not disclosed
• Data retention policies not public
• Contract terms require vendor engagement
• MDR Enterprise and Black onboarding times not disclosed
• Limited transparency on US operations staffing and capabilities

MDR Black Limited Track Record

• Launched October 2024 (only 1 year old as of 2025)
• No public data on breach coverage claims payouts
• Unique breach cost coverage model untested at scale
• No customer reviews specific to MDR Black tier
• Buyer concern: Newest tier has shortest operational track record

Absence of Analyst Recognition

• Not in Forrester Wave for MDR 2025
• Not in Gartner reports for MDR 2025
• No third-party analyst validation of capabilities
• Buyer impact: Must rely on vendor claims without independent validation
• Comparison: Major competitors have Forrester/Gartner recognition

Limited Public Reviews Available

Facebook Recommendations (Very Small Sample):

"92% recommend based on 11 reviews"

• Extremely small sample size (only 11 reviews total)
• Not specific to MDR service
• General company recommendations, not detailed service feedback
• Buyer concern: Cannot draw meaningful conclusions from 11 reviews

Google Reviews:

"Fast and friendly service mentioned"

• Not specific to MDR service
• Generic service comments
• No detailed technical feedback
• Buyer concern: Lacks substance for MDR evaluation

Glassdoor (Employee Reviews, Not Customer Reviews):

6 employee reviews found, but these are employee satisfaction reviews, not customer feedback on MDR service quality. Not relevant for buyers evaluating MDR service.

Absence of Reviews on Major Platforms:

• PeerSpot: No Truesec MDR reviews found
• G2: No Truesec MDR reviews found
• Gartner Peer Insights: No reviews found
• Buyer impact: No independent customer validation of service quality
• Comparison: Competitors like WithSecure have extensive reviews on these platforms

What This Means for Buyers

High Due Diligence Burden:

• Cannot rely on independent public reviews for validation
• Must conduct extensive reference checks with vendor-provided customer contacts
• Should request multiple customer references across different industries and sizes
• Should specifically request references from US customers (if applicable)
• Should request references for specific tier being considered (Core/Enterprise/Black)

Verification Recommendations for Buyers: 1. Request customer references in your industry 2. Request customer references of similar size 3. Request customer references in your geography (especially if US-based) 4. Ask references about "perfect track record" claim validity 5. Ask references about actual MTTR/MTTD performance 6. Ask references about US operations quality (if applicable) 7. For MDR Black: Request references who have used breach cost coverage

Service Strengths (Based on Available Data)

Largest Nordic SOC: Truesec operates the largest Security Operations Center in the Nordic region with 330+ cyber specialists, providing strong regional expertise and coverage.

100,000+ Hours Incident Response Experience: The Cybersecurity Incident Response Team has significant experience managing incidents across Nordic enterprises.

72-Hour Onboarding (MDR Core): Fast onboarding for the Core tier enables rapid deployment compared to industry averages of 2-4 weeks.

EY Partnership (March 2025): Strategic alliance with EY strengthens service delivery and market presence in the Nordic region, though partnership is very recent.

MDR Black Breach Coverage: Unique offering where IR costs are included if breach occurs via monitored device, reducing financial risk for customers (though untested at scale as tier only launched October 2024).

Technology-Agnostic Approach: Not locked to specific EDR vendor, allowing customers to leverage existing security tool investments.