The full service

What's included in the 247 MDR solution

One service, six capabilities, and a 24/7 UK team accountable for all of it. Everything below is included in the monthly fee and scoped to your environment.

What our MDR solution covers

Our MDR solution combines the six capabilities a real 24/7 security operation needs, delivered by UK analysts working as an extension of your team. Nothing below is an optional extra hidden behind a quote.

3D illustration of 24/7 threat detection monitoring by UK SOC analysts

24/7 Threat Detection & Triage

UK analysts on shift around the clock, watching the telemetry from your endpoints, identities, email, cloud and network. Every alert is triaged by a person: noise is closed at source, and genuine signals are investigated immediately, whatever the hour.

3D illustration of expert incident response containing a cyber attack

Incident Response & Containment

When a threat is real, the SOC acts on pre-authorised response plans: isolating hosts, revoking sessions, resetting credentials and cutting off attacker access. You get a clear account of what happened and what we did, then support through recovery.

3D illustration of proactive threat hunting uncovering hidden signs of compromise

Proactive Threat Hunting

Scheduled hunts across your environment for the quiet indicators automated rules miss, guided by current intelligence on how attackers operate against UK businesses. Findings feed straight back into new detections.

3D illustration of SIEM deployment and tuning including managed Microsoft Sentinel

SIEM Deployment & Management

Your log sources onboarded into a modern SIEM, including managed Microsoft Sentinel, with correlation rules written for your environment and tuned continuously. The platform work is included, not sold as a separate project.

3D illustration of compliance-ready MDR reporting for boards and auditors

Compliance-Ready Reporting

Monthly service reports covering what was seen, what was done and where your risk is moving, written so you can hand them to a board, an auditor or an insurer as evidence of monitoring and response capability.

3D illustration of continuous optimisation sharpening detection month after month

Continuous Service Improvement

Detection rules, escalation paths and coverage reviewed on a fixed cadence with your named service lead. Every incident and every hunt makes the service sharper; the longer it runs, the better it knows your business.

From signal to resolution

How the pipeline runs, end to end

Every signal your environment produces moves through the same six stages, run by the SOC on your behalf.

24/7 Security Operations Centre

UK analysts on shift around the clock, running every stage of the pipeline below for your business

1. Collect

  • Endpoint and server telemetry (EDR)
  • Identity and sign-in events
  • Microsoft 365 and email activity
  • Cloud platform audit logs
  • Network, firewall, VPN and DNS logs
  • All onboarded into a tuned SIEM

2. Detect

  • Correlation rules written for your environment
  • Vendor detections from your existing tooling
  • Behavioural analytics and anomaly detection
  • Threat intelligence matching
  • Continuous tuning to cut false positives

3. Triage

  • Every alert reviewed by a UK analyst
  • Noise and false positives closed at source
  • Genuine signals enriched with context
  • Severity and business impact assessed
  • Escalation decision within agreed targets

4. Investigate

  • Timeline reconstruction across sources
  • Scope established: what else is affected
  • Root cause identified where telemetry allows
  • Attacker techniques mapped and documented
  • A clear account, not a forwarded alert

5. Respond

  • Hosts isolated and sessions revoked
  • Credentials reset, attacker access removed
  • Actions pre-authorised by you at onboarding
  • Your team engaged via agreed escalation paths
  • Handover to incident response where needed

6. Improve

  • Proactive threat hunts on the quiet signals
  • New detections written from every incident
  • Monthly reporting: what we saw, what we did
  • Coverage gaps identified and closed
  • Service reviews with your named lead

How it's delivered

Built around your business

3D illustration of a named MDR service lead

A named service lead

One person who knows your environment and stays accountable for the service, not a rotating cast behind a ticket queue.

3D illustration of the wider CyPro specialist team behind the SOC

The wider CyPro team

Penetration testers, security architects and incident responders from the wider consultancy, on tap when an incident or a finding demands depth.

3D illustration of MDR built on the security tooling a business already owns

Your tooling, not ours

Built on the sensors you already own, from Microsoft Defender and Sentinel to third party EDR. No rip and replace, no shelfware.

3D illustration of response authority agreed at MDR onboarding

Agreed response authority

What we contain automatically and what we call you about first is agreed at onboarding, so at 3am nobody is improvising.

Every engagement is shaped in a scoping conversation, so you pay for the coverage you need and nothing you do not. See pricing for how that translates into a monthly fee.

3D rocket illustration for booking a free MDR discovery call

Take the first step

Put a 24/7 SOC behind your business

Book a free 45 minute discovery call to talk through your environment and see exactly how managed detection and response would work for your business. No obligation, no hard sell.