Find SOC providers for your security needs
Compare what each provider does, and what your team still handles
What should the provider handle?
42 providers
Filter Environment
Arctic Wolf
24/7 MDR through Arctic Wolf's Aurora platform, Concierge Security Team guidance and supported Active Response containment workflows
SMB / Mid-Market · Endpoints
CrowdStrike Falcon Complete
24/7 triage, managed threat hunting and remote containment by CrowdStrike on the Falcon platform
Enterprise / Mid-Market · Endpoints
Huntress
Managed endpoint, identity, and SIEM monitoring with human SOC investigation, incident reports, and supported containment actions inside the Huntress platform.
SMB / MSP/MSSP · Endpoints
Red Canary
24/7 MDR that investigates supported security telemetry and can run response playbooks through existing tools
Mid-Market / Enterprise · Endpoints
Sophos MDR
24/7 managed detection, investigation, threat hunting and response through Sophos Central and supported integrations
SMB / Mid-Market · Endpoints
Adlumin
A co-managed security operations platform that combines SIEM-style log collection, UEBA, SOAR automation, compliance reporting and 24/7 MDR support
SMB / Mid-Market · Endpoints
Alert Logic
24/7 MDR over Alert Logic's own platform, with exposure management, log collection, SOC triage and optional Managed WAF coverage
SMB / Mid-Market · Endpoints
Armis Managed Threat Service
Threat hunting, suspicious-activity review, alert enrichment, risk-based policy tuning, weekly findings, trend reviews and investigation support around Armis Centrix.
Mid-Market / Enterprise · Endpoints
Barracuda Managed XDR
24/7 Managed XDR across selected Barracuda and third-party security controls, with SOC triage and scope-dependent automated response
SMB / Mid-Market · Endpoints
Binary Defense Co-Management
Binary Defense engineers and analysts help operate customer-owned SIEM, XDR and endpoint tools with 24/7 monitoring, detection tuning, alert triage, investigation, threat hunting context and response guidance.
Mid-Market / Enterprise · Endpoints
Bitdefender MDR
24/7 SOC investigation, threat hunting, reporting and pre-approved containment through Bitdefender GravityZone
SMB / Mid-Market · Endpoints
Blackpoint Cyber
24/7 managed detection and response through Blackpoint's CompassOne platform, with SOC investigation, endpoint and cloud coverage, active containment, MSP workflow integrations and optional posture, logging and application-control modules.
MSP/MSSP / SMB · Endpoints
BlueVoyant MDR
24/7 MDR and co-managed SOC support with alert triage, investigation, detection content, threat intelligence, approved response actions, portal visibility and Microsoft or Splunk operating support
Mid-Market / Enterprise · Endpoints
Blumira
Managed detections, cloud SIEM visibility, guided findings and edition-based containment actions in Blumira's own platform
SMB / Mid-Market · Endpoints
Bridewell Security Operations Center
Hybrid or fully outsourced SOC operation with 24/7 monitoring, alert investigation, threat hunting, threat intelligence, SIEM and SOAR enhancement, incident response leadership and detection improvement across agreed environments.
Mid-Market / Enterprise · Endpoints
BT Managed Sentinel
24x7 managed Microsoft Sentinel monitoring, rule tuning, SOC investigation, incident reporting and buyer guidance
Enterprise / Mid-Market · Network
Critical Start
24x7 MDR monitoring, investigation, false-positive reduction, alert resolution workflow, scoped response actions, coverage-gap visibility and SOC collaboration through CORR and MOBILESOC.
Mid-Market / Enterprise · Endpoints
Cyderes MDR
24/7 MDR with analyst investigation, AI-assisted correlation, identity and asset context through Meridian, customer-specific detection and response paths, optional tool management and approved containment actions.
Mid-Market / Enterprise · Endpoints
Darktrace Managed Detection and Response
24/7 SOC monitoring of the buyer's Darktrace environment, alert triage, investigations, containment-action escalation, analyst questions, monthly service reports, service-ready checks and optimization reviews.
Mid-Market / Enterprise · Network
Datadog Cloud SIEM
Cloud SIEM detection rules, security signals, notifications, cases, dashboards, threat intelligence context and workflow hooks inside Datadog
Enterprise / Mid-Market · Cloud Workloads
Deepwatch Guardian MDR Platform
24/7 co-managed MDR with alert validation, investigation, threat hunting, detection engineering, response workflow support, named experts and a shared Security Center layered over supported buyer tools.
Mid-Market / Enterprise · Endpoints
Dell Managed Detection and Response
24/7 Dell SOC monitoring, threat investigation, threat hunting and pre-approved platform response for supported XDR environments
Mid-Market / Enterprise · Endpoints
eSentire
24/7 MDR monitoring, threat hunting, alert validation, investigation, multi-signal correlation, containment actions, incident handling and reporting through eSentire Atlas XDR and eSentire's SOC team.
SMB / Mid-Market · Endpoints
Expel MDR
24/7 SOC monitoring, analyst investigation, Workbench visibility, cross-product correlation, remediation recommendations and pre-approved auto-remediation through supported tools.
Mid-Market / Enterprise · Endpoints
Field Effect MDR
24/7 MDR over Field Effect's endpoint, cloud and network telemetry, with AROs and policy-bound active response
SMB / MSP/MSSP · Endpoints
Forescout Assist for Threat Detection & Response
24/7 monitoring of Forescout TDR detections, suspicious-entity triage, incident case investigation, impact classification, customer escalation, proactive threat hunting, log-source monitoring and containment or remediation guidance.
Enterprise / Mid-Market · Endpoints
Kaseya MDR
24/7 SOC monitoring, analyst investigation, phone or email escalation and covered containment actions for licensed endpoints, Microsoft 365 and firewall signals
MSP/MSSP / SMB · Endpoints
Lumu Defender
Continuous compromise monitoring from network metadata with incident context, playbooks and buyer-configured response integrations
SMB / Mid-Market · Network
Mandiant Managed Defense
24/7 Mandiant MDR with alert triage, investigation, threat hunting, curated detections, investigation reports, supported technology integrations and scoped response actions through Google SecOps and partner tools.
Mid-Market / Enterprise · Endpoints
Microsoft Defender Experts for Hunting
24/7/365 Microsoft-managed threat hunting across eligible Defender telemetry, Defender Experts Notifications, Ask Defender Experts credits, reporting and remediation guidance for an existing SOC.
Mid-Market / Enterprise · Endpoints
Microsoft Defender Experts for XDR
24/7 Microsoft-managed triage, investigation, proactive hunting, managed response recommendations and scoped remediation actions for eligible Microsoft Defender XDR incidents.
Mid-Market / Enterprise · Endpoints
Netsurion Managed Open XDR
Co-managed Open XDR with managed SIEM, 24/7 SOC monitoring, workflow automation, threat hunting, log retention, compliance reporting and package-dependent endpoint, vulnerability and incident-support options.
SMB / Mid-Market · Endpoints
Ontinue ION MXDR
24/7 Microsoft-focused MXDR with ION automation, Sentinel and Defender operations, Cyber Defender investigation, threat hunting, Teams collaboration and Cyber Advisor posture work
Mid-Market / Enterprise · Endpoints
Orange Cyberdefense Managed Threat Detection and Response
24/7 managed detection, triage, investigation and contracted response through Orange Cyberdefense CyberSOCs, Core Fusion and supported EDR, NDR, SIEM, cloud and OT telemetry
Mid-Market / Enterprise · Endpoints
Pondurance
Outsourced SOC coverage with managed SIEM, MDR, threat hunting, triage and scoped containment across existing tools
Mid-Market / SMB · Endpoints
Proficio ProSOC MDR
24/7 SOC monitoring, analyst investigation, hosted or customer-owned SIEM operations, threat hunting, case management, guided remediation and optional Active Defense containment across supported tools.
Mid-Market / Enterprise · Endpoints
Rapid7 Managed Threat Complete
24/7 SOC monitoring, alert validation, investigation, exposure-informed prioritization, threat hunting, incident-response support, Rapid7 SIEM visibility, unlimited log ingestion in published packages, 13-month retention and configured Active Response containment.
Enterprise / Mid-Market · Endpoints
ReliaQuest GreyMatter
GreyMatter connects to enterprise security tools, normalizes alerts, supports investigation and hunting, runs approved response playbooks and gives the buyer a shared operating surface with ReliaQuest analysts and engineers.
Enterprise / Mid-Market · Endpoints
SecurityHQ Managed SOC
24/7 managed SOC coverage with monitoring, triage, investigation, threat hunting, containment playbooks, reporting, SHQ Response collaboration and optional managed protection or risk services
Mid-Market / Enterprise · Endpoints
SentinelOne Wayfinder MDR
24/7 SentinelOne-native MDR with alert monitoring, triage, investigation, managed response, threat hunting signals, analyst documentation, and containment or mitigation actions inside the contracted Singularity scope.
Mid-Market / Enterprise · Endpoints
Todyl MXDR
24/7 MXDR over Todyl's managed SIEM and security stack, with transparent cases, live analyst access and a dedicated DRAM
MSP/MSSP / SMB · Endpoints
Verizon Managed SIEM
24/7 SOC monitoring, SIEM alert investigation, incident classification and escalation for a SIEM the buyer already owns
Enterprise / Mid-Market · Network