MDR · SIEM-Standard
Foundation MDR for an existing SIEM
- 24/7 SOC monitoring on your existing SIEM
- Tier 1 + Tier 2 validated alerting
- 1-hour TTD SLA, 15+ min Critical SLA
- Customer Portal access (Jira)
- Monthly reporting + quarterly review

MANAGED CYBER SECURITY SERVICES
Your Extended Security Team. Built on Jira. Powered by AI.
MCSS is a fully integrated managed security service operated by 16 SOC analysts in Tel Aviv. Fixed price. No EPS overage. 1-hour TTD. The customer portal is your real-time view into every alert, investigation, and response action.
WHAT WE DELIVER
16 analysts across Tier 1, 2, 3 — staffed 24×7 in Tel Aviv.
Detection engineering that closes coverage gaps with AI + automation.
Built on Jira — real-time visibility into every alert and ticket.
Your SOC, in your pocket. Respond from anywhere.
DailyIOC: 250K+ verified indicators, refreshed every 3 hours.
1,000+ playbooks operating across SIEM, EDR, identity.
30+ best-of-breed partners. One operator. One bill.
Weekly, monthly, and ad-hoc reports with embedded SLA metrics.
HOW IT WORKS
Full gap analysis. Log sources, detection coverage, and runbooks audited week one.
Connect SIEM, EDR, identity, cloud — best-of-breed only. Custom rules tuned to you.
24/7 monitoring with 1-hour TTD and 15-min Critical SLA. Every alert validated by humans.
Weekly tuning, monthly reviews, quarterly threat-hunt campaigns. Coverage compounds.
AI-POWERED DETECTION ENGINEERING
AI accelerates our detection engineers — humans sign every Critical. Coverage spans seven dimensions of the modern attack surface.
AI-assisted authoring of QRadar/Splunk/Sentinel content tuned to your asset and identity model.
Custom CrowdStrike & Carbon Black detections, including IOA logic and behavioral patterns.
ITDR coverage across Entra ID/Okta — token theft, session hijack, OAuth grant abuse.
AWS/Azure/GCP runtime + control-plane detections, CSPM drift, and IAM lateral-movement patterns.
Phishing, BEC, malicious-link and attachment detections aligned to your Proofpoint/M365 stack.
NDR signals (Vectra/Corelight/Suricata) correlated with SIEM and EDR for kill-chain assembly.
ARMIS-driven asset visibility, ICS protocol decoding, and OT-specific behavioral baselines.
MOBILESOC · YOUR SOC, IN YOUR POCKET
The MobileSOC app gives security leadership full investigation visibility from iOS or Android — every Critical, every analyst comment, every containment action. Approve a token revocation in the elevator. Sign off on isolation from the airport. No VPN, no laptop, no excuses.
THE 8 KEY PRINCIPLES
Eight non-negotiables every MCSS customer gets — by contract.
16 SOC analysts. Tier 1, 2, 3. Validated alerts only.
AI-augmented rule authoring across 7 dimensions: SIEM, EDR, identity, cloud, email, network, OT.
Real-time visibility into every alert, ticket, and response action.
30+ vendors orchestrated by one operator. One bill. One throat to choke.
Your SOC, in your pocket. Respond from anywhere.
250K+ verified indicators, refreshed every 3 hours.
1,000+ playbooks across SIEM, EDR, identity, cloud.
Audit-grade reports with SLA metrics and evidence.
CUSTOMER PORTAL
The same ticketing system your engineers already know. Every alert, every action, every response — visible to your team in real time.
12 ADDITIONAL MANAGED SERVICES
Beyond the 24/7 SOC, every MCSS contract includes access to specialized practices.
LIVE OPERATIONS




MDR PACKAGES
Foundation MDR for an existing SIEM
Endpoint + Identity, with active containment
White-glove. Full-stack. Co-managed.
Everybody talks AI. We talk HI.
We combine the speed of automation with the judgment of experienced analysts. Every critical decision has a human behind it — an analyst who understands your environment, your crown jewels, and your risk tolerance.
FAQ
24/7 SOC monitoring, MDR, incident response, detection engineering, threat hunting, CTI (DailyIOC), and vulnerability management — operated by 16 analysts in Tel Aviv. Fixed price, no EPS or APM overage.
12 months. No 3-year lock-ins. Renewals are because customers want them.
15 minutes. A Tier 2+ analyst is engaged within 15 minutes of any Critical alert, 24×7. Fluent SLA target is 1 hour.
Yes. We operate CrowdStrike Falcon, IBM QRadar, Splunk, Microsoft Sentinel, and 24+ partner technologies. Bring your stack — we'll co-manage or take it over.
Explore more on our homepage page, see how our managed detection and response works, or browse support center.
READY WHEN YOU ARE
Book a 30-minute working session with a SOC engineer. Bring your alerts.