

WithSecure Elements MDR
Finnish MDR provider focused on European data sovereignty, built on the WithSecure Elements platform. Demerged from F-Secure in 2022, with MDR operational since 2015 through the acquired MWR InfoSecurity Countercept service. Being taken private by CVC Capital Partners and founder Risto Siilasmaa, with Nasdaq Helsinki delisting expected H1 2026.
Buyer fit
Good fit when
- ✓European mid-market organizations prioritizing EU data residency, GDPR, NIS2, and DORA compliance
- ✓Companies wanting a single-vendor platform (EPP + EDR + XDR + MDR) with included IR
- ✓Organizations needing NCSC CIR Level 1 assured incident response
Watch out when
- ×Organizations committed to multi-vendor or BYO-EDR strategies (requires WithSecure agent)
- ×Companies needing OT/ICS coverage or published contractual MTTD/MTTR SLAs
- ×Buyers concerned about ownership stability after CVC take-private, consulting divestiture, and managed services ARR decline
Coverage
Platform
Additional capabilities
Incident response
Pricing
What costs extra
- –MDR for Identities (Entra ID add-on) is a separate product
- –Cloud Protection for Salesforce and Collaboration Protection for Microsoft 365 are separate modules
- –Elements Infinite is a premium tier above standard Elements MDR
Cost caveats
- –Platform lock-in: requires WithSecure Elements EDR, cannot use competing EDR
- –Modular pricing: full coverage across identity, cloud, SaaS, and exposure management adds cost beyond base MDR
- –Ownership transition: being taken private by CVC/Siilasmaa, managed services ARR declined 22% in H1 2025
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Reputation
PeerSpot 8.0/10 with 100% recommend rate and growing mindshare (0.3% to 1.0% YoY). Gartner Peer Insights 4.5/5 across 144 reviews (all products). Forrester Strong Performer in MDR Europe Q3 2025. Being taken private by CVC/Siilasmaa (delisting expected H1 2026). Consulting divested to Neqst May 2025. Managed services ARR declined 22% in H1 2025.
What customers praise
- ✓Excellent detection quality and well-educated response team
- ✓Strong European data sovereignty positioning (GDPR, NIS2, DORA)
- ✓Cost-effective for mid-market organizations with fast alert response
Common complaints
- ×Customer portal needs improvement per PeerSpot feedback
- ×No published SLA or metrics transparency (no MTTD/MTTR)
- ×Ownership transition uncertainty: being taken private, consulting divestiture, managed services ARR decline 22%
Very limited Reddit discussion. Not well known in US-centric r/msp or r/cybersecurity communities. Low brand visibility outside European markets.
Questions to ask
- 1.
What is the exact per-endpoint pricing for Elements MDR vs. Elements Infinite, and how do costs scale as we add identity, cloud, and exposure management modules?
- 2.
Can you provide contractual MTTD/MTTR SLA commitments, or is 'reaction in minutes, containment in hours' the only benchmark?
- 3.
What was the impact of divesting the consulting business to Neqst in 2025 on MDR detection engineering and threat hunting?
- 4.
How does the CVC/Siilasmaa take-private transaction affect your MDR roadmap and pricing post-delisting?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.