MANAGED SERVICE - Add-On
Security add-ons.
Extend your MCSS with targeted add-on services designed to address specific threat vectors. Each add-on integrates directly into your existing MCSS deployment — no new contracts, no new portals.
ADD-ON CATALOG
MCSS add-ons. Tuned to your risk.
Extend your MCSS package with specialist practices — every add-on plugs into the same SOC, portal, and SLA.
Advanced Threat Hunting
Proactive analyst-led investigation beyond detection rules
Bi-monthly dedicated threat hunting engagements targeting your environment. QMasters hunters use hypothesis-driven methodologies aligned to the latest adversary TTPs affecting your industry, surfacing threats that rule-based detection and automated tools miss.
Pairs with:MCSS Extended & Enterprise- Bi-monthly threat hunting engagements
- MITRE ATT&CK technique coverage mapping
- Hypothesis-driven human investigation
- Full hunt report with findings and recommendations
- New detection rule creation from hunt findings
Exposure & Vulnerability Management
Continuous discovery, prioritization, and remediation tracking
Always-on scanning across your external attack surface, internal estate, and cloud workloads. QMasters correlates CVSS severity with real-world exploitability and your asset criticality, so your team fixes what attackers would actually reach first — not a 10,000-line spreadsheet.
Pairs with:MCSS Standard, Extended & Enterprise- Authenticated + unauthenticated vulnerability scanning
- External attack surface monitoring
- Risk-based prioritization (EPSS + asset criticality)
- Remediation SLA tracking with ticketing
- Monthly exposure trend reporting
Identity Threat Detection & Response (ITDR)
Stop account takeover, token theft, and privilege abuse
Dedicated monitoring of your Entra ID, Okta, and Active Directory control planes. We detect token replay, MFA fatigue, OAuth consent abuse, and privilege escalation, then contain compromised identities before lateral movement begins.
Pairs with:MCSS Extended & Enterprise- Entra ID / Okta / Active Directory monitoring
- Token theft & session hijack detection
- MFA fatigue and OAuth grant abuse alerts
- Privileged account behavior baselining
- Automated identity containment playbooks
Mobile Threat Defense
Extend SOC coverage to iOS and Android fleets
Managed mobile threat defense for corporate and BYOD devices. QMasters monitors for malicious apps, network attacks, OS exploits, and phishing on mobile endpoints, feeding detections into the same SOC pipeline as the rest of your estate.
Pairs with:MCSS Extended & Enterprise- iOS + Android threat monitoring
- Malicious app and sideload detection
- Network and man-in-the-middle attack alerts
- Mobile phishing (smishing) protection
- MDM/UEM integration and policy enforcement
Cyber Threat Intelligence (DailyIOC+)
Curated, industry-specific intelligence and takedowns
Beyond the 250K+ indicators in DailyIOC, this add-on delivers tailored intelligence on the threat actors targeting your sector, brand-abuse and credential-leak monitoring, and managed takedown of phishing domains impersonating your organization.
Pairs with:MCSS Standard, Extended & Enterprise- Sector-specific threat actor tracking
- Dark web credential and data leak monitoring
- Brand and domain impersonation detection
- Managed phishing-domain takedowns
- Monthly intelligence briefing for leadership
Incident Response Retainer
Guaranteed responders the moment a breach hits
A pre-contracted IR retainer with guaranteed response SLAs, named incident commanders, and prepaid hours that roll into proactive readiness when unused. When an incident escalates beyond the SOC, your responders are already onboarded to your environment.
Pairs with:All MCSS tiers & standalone- Guaranteed response-time SLA (1-hour activation)
- Named incident commander and forensics lead
- Prepaid hours, redeemable for readiness when unused
- Tabletop exercises and IR plan reviews
- Post-incident report with root-cause analysis
WHAT WE DELIVER
What's included. From day one.
Phishing Response
Automated phishing email analysis, quarantine, and employee notification. Our service receives reported phishing emails, analyzes headers and payloads, and executes takedowns within minutes.
- Automated mailbox remediation
- Multi-tenant phishing analysis
- Employee notification workflows
- Brand impersonation takedowns
Automation Workflows
Custom security playbooks that reduce response time from hours to seconds. Our automation engineers build, test, and maintain workflows tailored to your environment and tools.
- Custom SOAR playbook development
- Tines and Torq integration
- Ticket enrichment and routing
- Automated evidence collection
Data Leakage Detection
Monitor for sensitive data exposure across the web, dark web, and paste sites. Get instant alerts when your data — credentials, PII, IP — is found in the wild.
- Dark web monitoring
- Paste site scanning
- Code repository scanning (GitHub)
- Credential exposure alerting
QUESTIONS & ANSWERS
Security Add-ons. What you need to know.
Security Add-ons are optional, specialist capabilities that bolt onto your existing MCSS contract. Instead of buying a separate platform or service, you extend your managed SOC with exactly the coverage you need — operated by the same QMasters team.
Each add-on joins your active MCSS contract as an additional service line — same portal, same analysts, same SLAs and reporting. There's no separate integration or extra vendor to manage; the add-on simply switches on inside the SOC that already covers you.
Coverage spans areas like exposure and vulnerability management, identity protection, mobile monitoring, threat intelligence, proactive threat hunting, and incident response. Our team helps you pick the add-ons that match your specific risk profile and attack surface.
We start with a short scoping call to understand your environment, assets, and risks. Pricing is set by the add-ons you choose and their scope — you pay only for the coverage you switch on, with no upfront cost for a whole platform.
The same QMasters SOC team that runs your MCSS 24/7 — Tel Aviv analysts, with humans signing off on every critical event. Add-ons aren't a tool you run yourself; they're a fully managed, end-to-end service.
Add-ons run for the term of your MCSS contract. You can add them at any point during the contract, and scope can be adjusted as your needs change. Talk to us about the specific terms for the add-on you're interested in.
READY WHEN YOU ARE
Ready for Real Detection & Response?
Book a 30-minute working session with a SOC engineer. Bring your alerts.