The full service
What's included in the 247 MDR solution
One service, six capabilities, and a 24/7 UK team accountable for all of it. Everything below is included in the monthly fee and scoped to your environment.
What our MDR solution covers
Our MDR solution combines the six capabilities a real 24/7 security operation needs, delivered by UK analysts working as an extension of your team. Nothing below is an optional extra hidden behind a quote.
24/7 Threat Detection & Triage
UK analysts on shift around the clock, watching the telemetry from your endpoints, identities, email, cloud and network. Every alert is triaged by a person: noise is closed at source, and genuine signals are investigated immediately, whatever the hour.
Incident Response & Containment
When a threat is real, the SOC acts on pre-authorised response plans: isolating hosts, revoking sessions, resetting credentials and cutting off attacker access. You get a clear account of what happened and what we did, then support through recovery.
Proactive Threat Hunting
Scheduled hunts across your environment for the quiet indicators automated rules miss, guided by current intelligence on how attackers operate against UK businesses. Findings feed straight back into new detections.
SIEM Deployment & Management
Your log sources onboarded into a modern SIEM, including managed Microsoft Sentinel, with correlation rules written for your environment and tuned continuously. The platform work is included, not sold as a separate project.
Compliance-Ready Reporting
Monthly service reports covering what was seen, what was done and where your risk is moving, written so you can hand them to a board, an auditor or an insurer as evidence of monitoring and response capability.
Continuous Service Improvement
Detection rules, escalation paths and coverage reviewed on a fixed cadence with your named service lead. Every incident and every hunt makes the service sharper; the longer it runs, the better it knows your business.
From signal to resolution
How the pipeline runs, end to end
Every signal your environment produces moves through the same six stages, run by the SOC on your behalf.
24/7 Security Operations Centre
UK analysts on shift around the clock, running every stage of the pipeline below for your business
1. Collect
- Endpoint and server telemetry (EDR)
- Identity and sign-in events
- Microsoft 365 and email activity
- Cloud platform audit logs
- Network, firewall, VPN and DNS logs
- All onboarded into a tuned SIEM
2. Detect
- Correlation rules written for your environment
- Vendor detections from your existing tooling
- Behavioural analytics and anomaly detection
- Threat intelligence matching
- Continuous tuning to cut false positives
3. Triage
- Every alert reviewed by a UK analyst
- Noise and false positives closed at source
- Genuine signals enriched with context
- Severity and business impact assessed
- Escalation decision within agreed targets
4. Investigate
- Timeline reconstruction across sources
- Scope established: what else is affected
- Root cause identified where telemetry allows
- Attacker techniques mapped and documented
- A clear account, not a forwarded alert
5. Respond
- Hosts isolated and sessions revoked
- Credentials reset, attacker access removed
- Actions pre-authorised by you at onboarding
- Your team engaged via agreed escalation paths
- Handover to incident response where needed
6. Improve
- Proactive threat hunts on the quiet signals
- New detections written from every incident
- Monthly reporting: what we saw, what we did
- Coverage gaps identified and closed
- Service reviews with your named lead
How it's delivered
Built around your business
A named service lead
One person who knows your environment and stays accountable for the service, not a rotating cast behind a ticket queue.
The wider CyPro team
Penetration testers, security architects and incident responders from the wider consultancy, on tap when an incident or a finding demands depth.
Your tooling, not ours
Built on the sensors you already own, from Microsoft Defender and Sentinel to third party EDR. No rip and replace, no shelfware.
Agreed response authority
What we contain automatically and what we call you about first is agreed at onboarding, so at 3am nobody is improvising.
Every engagement is shaped in a scoping conversation, so you pay for the coverage you need and nothing you do not. See pricing for how that translates into a monthly fee.
Take the first step
Put a 24/7 SOC behind your business
Book a free 45 minute discovery call to talk through your environment and see exactly how managed detection and response would work for your business. No obligation, no hard sell.