Shortlist fit
MSPs that want a channel-friendly MDR platform for SMB and mid-market clients
Provider handles
Service can take or orchestrate containment actions within the approved scope.Check before buying
Deploying and maintaining agents, cloud connectors and supported integrationsAlso fits
- Businesses that want Blackpoint to contain confirmed endpoint or identity threats, not only send alerts
- Microsoft 365, Google Workspace and endpoint-heavy environments that can deploy the required connectors and agents
- Buyers that want MDR plus posture, logging or application-control modules in one vendor platform
Can replace
- Some after-hours endpoint and identity alert triage
- Some initial containment work for confirmed threats
- Some MSP-side logging, reporting and evidence collection when LogIC is in scope
Coverage
Provider covers
- 24/7/365 human-led SOC for MDR monitoring, investigation and containment
- CompassOne MDR context across endpoint, identity, cloud, asset, vulnerability and threat signals
- Endpoint and Cloud MDR Essentials options with active response and partner or tenant access to reports and dashboards
Your team still owns
- Setting response authority, notification preferences and tenant-specific policies
- Handling remediation, recovery, user communication and business-owner decisions after containment
- Managing MSP-client packaging, billing and service-level expectations
Tradeoffs
Works well
- Strong fit for MSPs that need multi-tenant MDR rather than an enterprise-only service model
- Public material supports real containment action, not just notification
- CompassOne can consolidate MDR, cloud posture, asset inventory, vulnerability context, application control and logging
Watch out for
- Public pricing is not listed, and partner-channel quotes can vary by package, volume and commitment
- Buyers need to verify which modules and integrations are included because CompassOne capabilities vary by package
- The service does not remove buyer or MSP ownership of remediation, recovery and tenant-specific policy decisions
Reviews
Review synthesis
Public review evidence is positive but channel-skewed. G2 reviewers commonly praise response speed, support, deployment and MSP fit, while recurring caveats include portal navigation, reporting, integration issues and price. Gartner CompassOne review volume is very small, so it should be treated as directional only.Customers like
- G2 reviewers frequently cite fast SOC response, useful support and ease of deployment
- MSP-oriented reviewers value multi-tenant workflow and integrations
- Public review text supports endpoint, cloud and compliance-reporting use cases
Watch out for
- G2 caveats mention portal usability, reporting, integration issues and cost
- Gartner CompassOne review volume is too small to use as broad market validation
- Reddit/community comments are mostly MSP anecdotes and older pricing discussions
Pricing
- Billing
- Custom, Tiered
Blackpoint says it primarily sells through MSPs and does not list public rates to preserve partner pricing confidentiality. MDR Essentials material says endpoint and cloud editions can be month-to-month, with tiered volume pricing available from 50 endpoints for at least a one-year commitment.
Questions to ask
- Which containment actions can Blackpoint run automatically for our tenants or environment?
- Which endpoint, identity, cloud and PSA integrations are included in the quoted package?
- How do MDR Essentials, Core, Standard and add-on modules change coverage, retention and commitment terms?
Integrations
- SIEM
- CompassOne LogIC
- EDR / Endpoint
- Blackpoint EDR
- Microsoft Defender for Endpoint
- Supported endpoint integrations
- Cloud
- Microsoft 365
- Google Workspace
- Azure SSO
- Cisco Duo
- Other
- CompassOne
- ConnectWise Manage
- Ubiquiti UniFi
- ConnectSecure
- Pax8 Marketplace
Editorial notes
Why contain threats
Official MDR, SOC and datasheet pages support 24/7 investigation plus active containment, including endpoint isolation and account disabling. That goes beyond alert-only or advice-only MDR, but it still depends on connected systems and agreed response rules.
Why not full SOC
Blackpoint operates its own SOC and can take response actions, but the scoped offer is a managed MDR platform for partners and customers. Buyers still own tenant administration, remediation, recovery, policy choices and broader security-program decisions.
Pricing boundary
Blackpoint's pricing page says public rates are not listed because services are primarily delivered through MSPs. The profile therefore uses quote-based channel pricing and avoids legacy per-endpoint dollar ranges from indirect sources.
Compliance boundary
The profile keeps SOC 2, GDPR and HIPAA because Blackpoint's Trust Center supports those company/service commitments. It does not treat LogIC reporting for PCI, CMMC, CIS or NIST as proof that the MDR service itself certifies those frameworks.
Customer evidence
G2 has a large Blackpoint review set with themes around fast response, support and deployment ease, but reviews are heavily MSP and small-business weighted. Gartner's CompassOne page has very limited review volume, so sentiment is useful but not definitive.