Straight answers

Frequently asked questions

Everything businesses usually want to know before a first conversation. If your question is not here, ask us directly and you will get a straight answer.

3D illustration accompanying straight answers about MDR services
What is MDR in one sentence?

MDR (managed detection and response) is a service where expert analysts monitor your systems 24/7, investigate suspicious activity and respond to genuine attacks on your behalf, so threats are contained whether or not your team is awake.

MDR explained in full

How much does MDR cost per month?

Our tiers run at REPLACE_WITH_PRICE_RANGE per month, scoped by your endpoint count, data sources and the coverage you choose, with the per-endpoint maths published in full. Most UK providers only price by quote; we publish ours so you can budget before you ever speak to us.

See the full pricing breakdown

Is MDR worth it for a business our size?

If you have data worth stealing, systems worth encrypting or customers who ask about security, then someone should be watching around the clock, and building that capability in-house is out of reach for most mid-sized businesses. MDR is how businesses without an in-house SOC get genuine 24/7 detection and response for a predictable monthly fee.

The common triggers we see: an incident or near miss, an insurer or enterprise customer asking who monitors your systems, a compliance push like ISO 27001, or an IT team drowning in alerts nobody has time to investigate.

What is the difference between MDR and SOC as a Service?

Very little in substance: MDR names the outcome (threats detected and responded to for you) and SOC as a Service names the delivery (a security operations centre on subscription). Both mean a provider's analysts watching your systems 24/7. Compare coverage and response authority between providers, not the label.

Compare the models in full

Do we still need our own IT team or MSP alongside MDR?

Yes. Your IT team or MSP runs the infrastructure; we watch it for attacks and handle security incidents. The relationship is complementary, and we agree escalation paths with your IT provider during onboarding so responsibilities are clear before anything happens.

What is your response time when something is detected?

Triage starts as soon as an alert fires, around the clock: a UK analyst reviews it, closes it if it is noise, and investigates immediately if it is not. Genuine threats are contained using response actions you pre-authorised at onboarding, and the escalation targets we commit to are agreed in your service schedule rather than buried in small print.

Where are your analysts based and who sees our data?

The service is delivered from the UK by named CyPro practitioners. Your telemetry stays in your own tenant wherever the tooling allows, notably with Microsoft Sentinel, and we are explicit at onboarding about exactly what data the SOC can see and where it is processed.

Do you replace our existing EDR or antivirus tooling?

No, we build on it. Sensors you already own, such as Microsoft Defender or a third party EDR, become the telemetry the SOC watches, and we tell you honestly where your coverage has gaps before proposing anything new. MDR without decent sensors is monitoring with one eye shut.

MDR vs EDR vs XDR, untangled

How long does onboarding take?

Most environments are streaming telemetry to the SOC within days: sensors validated, log sources connected and escalation paths agreed. Tuning continues over the first weeks as the detections learn what normal looks like in your business, but you are covered from the moment the data flows.

See the six onboarding steps

Do we need a SOC if we already have Microsoft Defender?

Defender is an excellent sensor, but it does not investigate its own alerts at 2am. Someone still has to triage what it raises, work out what is real and act before the attack spreads. MDR puts that team behind the Defender licensing you already pay for, which is often the fastest route to real coverage.

What actually happens out of hours?

Exactly what happens in hours: analysts on shift triage every alert, investigate genuine signals and contain real threats using the response actions you pre-authorised. You are woken only when a decision genuinely needs you, and you get a full account of what happened and what we did.

What contract length and exit terms do you offer?

Rolling annual terms are typical, and the working detail is agreed in the discovery conversation. More importantly, we document detections, runbooks and reporting as we go, so if you ever insource or switch provider the operation transfers cleanly. A service you cannot leave is a service you cannot trust.

3D rocket illustration for booking a free MDR discovery call

One question left?

Ask it on a free discovery call

Forty-five minutes, no obligation, and you will leave with an honest read of your detection coverage either way.