MANAGED SERVICE - Add-On

Security add-ons.

Extend your MCSS with targeted add-on services designed to address specific threat vectors. Each add-on integrates directly into your existing MCSS deployment — no new contracts, no new portals.

ADD-ON CATALOG

MCSS add-ons. Tuned to your risk.

Extend your MCSS package with specialist practices — every add-on plugs into the same SOC, portal, and SLA.

Advanced Threat Hunting

Proactive analyst-led investigation beyond detection rules

Bi-monthly dedicated threat hunting engagements targeting your environment. QMasters hunters use hypothesis-driven methodologies aligned to the latest adversary TTPs affecting your industry, surfacing threats that rule-based detection and automated tools miss.

Pairs with:MCSS Extended & Enterprise
WHAT'S INCLUDED
  • Bi-monthly threat hunting engagements
  • MITRE ATT&CK technique coverage mapping
  • Hypothesis-driven human investigation
  • Full hunt report with findings and recommendations
  • New detection rule creation from hunt findings

Exposure & Vulnerability Management

Continuous discovery, prioritization, and remediation tracking

Always-on scanning across your external attack surface, internal estate, and cloud workloads. QMasters correlates CVSS severity with real-world exploitability and your asset criticality, so your team fixes what attackers would actually reach first — not a 10,000-line spreadsheet.

Pairs with:MCSS Standard, Extended & Enterprise
WHAT'S INCLUDED
  • Authenticated + unauthenticated vulnerability scanning
  • External attack surface monitoring
  • Risk-based prioritization (EPSS + asset criticality)
  • Remediation SLA tracking with ticketing
  • Monthly exposure trend reporting

Identity Threat Detection & Response (ITDR)

Stop account takeover, token theft, and privilege abuse

Dedicated monitoring of your Entra ID, Okta, and Active Directory control planes. We detect token replay, MFA fatigue, OAuth consent abuse, and privilege escalation, then contain compromised identities before lateral movement begins.

Pairs with:MCSS Extended & Enterprise
WHAT'S INCLUDED
  • Entra ID / Okta / Active Directory monitoring
  • Token theft & session hijack detection
  • MFA fatigue and OAuth grant abuse alerts
  • Privileged account behavior baselining
  • Automated identity containment playbooks

Mobile Threat Defense

Extend SOC coverage to iOS and Android fleets

Managed mobile threat defense for corporate and BYOD devices. QMasters monitors for malicious apps, network attacks, OS exploits, and phishing on mobile endpoints, feeding detections into the same SOC pipeline as the rest of your estate.

Pairs with:MCSS Extended & Enterprise
WHAT'S INCLUDED
  • iOS + Android threat monitoring
  • Malicious app and sideload detection
  • Network and man-in-the-middle attack alerts
  • Mobile phishing (smishing) protection
  • MDM/UEM integration and policy enforcement

Cyber Threat Intelligence (DailyIOC+)

Curated, industry-specific intelligence and takedowns

Beyond the 250K+ indicators in DailyIOC, this add-on delivers tailored intelligence on the threat actors targeting your sector, brand-abuse and credential-leak monitoring, and managed takedown of phishing domains impersonating your organization.

Pairs with:MCSS Standard, Extended & Enterprise
WHAT'S INCLUDED
  • Sector-specific threat actor tracking
  • Dark web credential and data leak monitoring
  • Brand and domain impersonation detection
  • Managed phishing-domain takedowns
  • Monthly intelligence briefing for leadership

Incident Response Retainer

Guaranteed responders the moment a breach hits

A pre-contracted IR retainer with guaranteed response SLAs, named incident commanders, and prepaid hours that roll into proactive readiness when unused. When an incident escalates beyond the SOC, your responders are already onboarded to your environment.

Pairs with:All MCSS tiers & standalone
WHAT'S INCLUDED
  • Guaranteed response-time SLA (1-hour activation)
  • Named incident commander and forensics lead
  • Prepaid hours, redeemable for readiness when unused
  • Tabletop exercises and IR plan reviews
  • Post-incident report with root-cause analysis

WHAT WE DELIVER

What's included. From day one.

Email Security

Phishing Response

Automated phishing email analysis, quarantine, and employee notification. Our service receives reported phishing emails, analyzes headers and payloads, and executes takedowns within minutes.

  • Automated mailbox remediation
  • Multi-tenant phishing analysis
  • Employee notification workflows
  • Brand impersonation takedowns
SOAR

Automation Workflows

Custom security playbooks that reduce response time from hours to seconds. Our automation engineers build, test, and maintain workflows tailored to your environment and tools.

  • Custom SOAR playbook development
  • Tines and Torq integration
  • Ticket enrichment and routing
  • Automated evidence collection
DLP

Data Leakage Detection

Monitor for sensitive data exposure across the web, dark web, and paste sites. Get instant alerts when your data — credentials, PII, IP — is found in the wild.

  • Dark web monitoring
  • Paste site scanning
  • Code repository scanning (GitHub)
  • Credential exposure alerting

QUESTIONS & ANSWERS

Security Add-ons. What you need to know.

  • Security Add-ons are optional, specialist capabilities that bolt onto your existing MCSS contract. Instead of buying a separate platform or service, you extend your managed SOC with exactly the coverage you need — operated by the same QMasters team.

READY WHEN YOU ARE

Ready for Real Detection & Response?

Book a 30-minute working session with a SOC engineer. Bring your alerts.

F-003 · CONSULTATION

Book 30 minutes. No slides.

A real working session with a SOC engineer — bring your alerts.