UnderDefense MDR
Works with your toolsIntegrates with your existing security tools via APIs. You keep your current EDR, SIEM, and cloud tools.UnderDefense MAXI MDR
Vendor-agnostic MDR built on the MAXI platform that works on top of your existing EDR and SIEM rather than replacing them. Analysts take configurable remediation actions while data stays in your infrastructure. Founded in Ukraine (2017), now HQ'd in New York with ~128 employees. No independent detection benchmarks, but transparent pricing and full data portability on exit.
Best For
Ideal for
- Mid-market teams with existing EDR/SIEM that want MDR layered on top without ripping and replacing
- Budget-conscious buyers who value transparent per-device pricing and full data ownership on exit
- Organizations comfortable with a smaller, newer vendor in exchange for flexibility and no lock-in
Not ideal for
- Organizations that require independently validated detection metrics (MITRE, Forrester, etc.) before committing
- Buyers that need a large, established vendor with deep bench strength and hundreds of published case studies
- Teams wanting month-to-month flexibility or a free trial before annual commitment
Coverage
Endpoint
Cloud
Identity
SaaS
Network
OT / IoT
Compatible Tools
EDR
SIEM
Cloud
Additional Capabilities
Incident Response
UnderDefense advertises 2-minute alert-to-triage and 15-minute Mean Time to Containment (MTTC).
Detection Quality
Threat Hunting
Pricing
Per-device pricing, vendor-agnostic. Annual contracts.
Breach warranty up to $1,000,000.
Pricing compiled from public sources. Verify directly with the provider.
The Team
Reputation
Gartner Peer Insights 4.9/5 (7 reviews). G2 shows 5/5 but across only 31 total reviews for all products. 66 reviews on Clutch with strong ratings. PeerSpot mindshare is 0.0% in the MDR category. No Reddit or independent practitioner forum discussion found.
What customers praise
- Fast onboarding (30 days) and responsive analyst communication per Gartner Peer Insights reviews
- Vendor-agnostic approach preserves existing EDR and SIEM investments without forced replacement
- Transparent starting pricing at $11/device with no data egress fees and full portability on exit
Common complaints
- Very small market presence (~128 employees, 0% PeerSpot mindshare) with limited independent review data
- All published metrics (2-min MTTD, 15-min MTTC, 90% FP reduction) are vendor-claimed with no third-party validation
- Annual contract required, 3-year commitment for breach warranty, no free trial for MDR
Reddit (r/sysadmin, r/msp)
No Reddit or practitioner forum discussion found. Limited visibility in independent communities makes it hard to gauge real-world satisfaction beyond vendor-curated review platforms.
What to Ask UnderDefense (8 questions)▼
- 1.
What specific remediation actions will your analysts take autonomously vs. requiring our approval, and how do we configure those thresholds?
- 2.
Your MTTD and MTTR figures come from marketing materials. Have you participated in MITRE ATT&CK Evaluations or any third-party benchmark? If not, why?
- 3.
How does the $1M breach warranty work in practice? Who underwrites it, what are the exact exclusions, and have you ever paid a claim?
- 4.
How many SOC analysts would cover our account, and what is the analyst-to-customer ratio? This is not published anywhere.
- 5.
The 500+ client count includes all services. How many active MDR-only customers do you have today?
- 6.
You market 250+ integrations. Can you share the full list and clarify which are pre-built vs. custom API work, and what custom work costs?
- 7.
Your OT/ICS coverage appears in blog posts but not as a formal product. What does OT monitoring actually include, and do you have manufacturing customer references?
- 8.
Detection rules are written in Sigma format. If we leave, do we retain full ownership of custom rules built during our engagement?
Browse Related
By integration
By industry
Information compiled from public sources. Verify details directly with the provider before making decisions.