Blackpoint Cyber

MDR ยท SOCaaS

Blackpoint Cyber CompassOne MDR is a managed detection and response service for MSPs and businesses that want Blackpoint's SOC to monitor endpoint, identity and cloud activity. After an alert, Blackpoint investigates and can contain threats through actions such as endpoint isolation and account disabling, while the buyer or MSP still owns connected-tool coverage, policy decisions, remediation, recovery and client communication.

Service
MDR
Handles
Contain threats
Price
Quote-based MSP/channel pricing
  • Contain threats
  • Denver, Colorado
  • 51-200
  • Founded 2014
Visit website

Shortlist fit

MSPs that want a channel-friendly MDR platform for SMB and mid-market clients

Provider handles

Service can take or orchestrate containment actions within the approved scope.

Check before buying

Deploying and maintaining agents, cloud connectors and supported integrations

Also fits

  • Businesses that want Blackpoint to contain confirmed endpoint or identity threats, not only send alerts
  • Microsoft 365, Google Workspace and endpoint-heavy environments that can deploy the required connectors and agents
  • Buyers that want MDR plus posture, logging or application-control modules in one vendor platform

Can replace

  • Some after-hours endpoint and identity alert triage
  • Some initial containment work for confirmed threats
  • Some MSP-side logging, reporting and evidence collection when LogIC is in scope

Coverage

Provider covers

  • 24/7/365 human-led SOC for MDR monitoring, investigation and containment
  • CompassOne MDR context across endpoint, identity, cloud, asset, vulnerability and threat signals
  • Endpoint and Cloud MDR Essentials options with active response and partner or tenant access to reports and dashboards

Your team still owns

  • Setting response authority, notification preferences and tenant-specific policies
  • Handling remediation, recovery, user communication and business-owner decisions after containment
  • Managing MSP-client packaging, billing and service-level expectations

Tradeoffs

Works well

  • Strong fit for MSPs that need multi-tenant MDR rather than an enterprise-only service model
  • Public material supports real containment action, not just notification
  • CompassOne can consolidate MDR, cloud posture, asset inventory, vulnerability context, application control and logging

Watch out for

  • Public pricing is not listed, and partner-channel quotes can vary by package, volume and commitment
  • Buyers need to verify which modules and integrations are included because CompassOne capabilities vary by package
  • The service does not remove buyer or MSP ownership of remediation, recovery and tenant-specific policy decisions

Reviews

Review synthesis

Public review evidence is positive but channel-skewed. G2 reviewers commonly praise response speed, support, deployment and MSP fit, while recurring caveats include portal navigation, reporting, integration issues and price. Gartner CompassOne review volume is very small, so it should be treated as directional only.

Customers like

  • G2 reviewers frequently cite fast SOC response, useful support and ease of deployment
  • MSP-oriented reviewers value multi-tenant workflow and integrations
  • Public review text supports endpoint, cloud and compliance-reporting use cases

Watch out for

  • G2 caveats mention portal usability, reporting, integration issues and cost
  • Gartner CompassOne review volume is too small to use as broad market validation
  • Reddit/community comments are mostly MSP anecdotes and older pricing discussions

Pricing

Billing
Custom, Tiered

Blackpoint says it primarily sells through MSPs and does not list public rates to preserve partner pricing confidentiality. MDR Essentials material says endpoint and cloud editions can be month-to-month, with tiered volume pricing available from 50 endpoints for at least a one-year commitment.

Questions to ask

  1. Which containment actions can Blackpoint run automatically for our tenants or environment?
  2. Which endpoint, identity, cloud and PSA integrations are included in the quoted package?
  3. How do MDR Essentials, Core, Standard and add-on modules change coverage, retention and commitment terms?

Integrations

SIEM
  • CompassOne LogIC
EDR / Endpoint
  • Blackpoint EDR
  • Microsoft Defender for Endpoint
  • Supported endpoint integrations
Cloud
  • Microsoft 365
  • Google Workspace
  • Azure SSO
  • Cisco Duo
Other
  • CompassOne
  • ConnectWise Manage
  • Ubiquiti UniFi
  • ConnectSecure
  • Pax8 Marketplace

Editorial notes

Why contain threats

Official MDR, SOC and datasheet pages support 24/7 investigation plus active containment, including endpoint isolation and account disabling. That goes beyond alert-only or advice-only MDR, but it still depends on connected systems and agreed response rules.

Why not full SOC

Blackpoint operates its own SOC and can take response actions, but the scoped offer is a managed MDR platform for partners and customers. Buyers still own tenant administration, remediation, recovery, policy choices and broader security-program decisions.

Pricing boundary

Blackpoint's pricing page says public rates are not listed because services are primarily delivered through MSPs. The profile therefore uses quote-based channel pricing and avoids legacy per-endpoint dollar ranges from indirect sources.

Compliance boundary

The profile keeps SOC 2, GDPR and HIPAA because Blackpoint's Trust Center supports those company/service commitments. It does not treat LogIC reporting for PCI, CMMC, CIS or NIST as proof that the MDR service itself certifies those frameworks.

Customer evidence

G2 has a large Blackpoint review set with themes around fast response, support and deployment ease, but reviews are heavily MSP and small-business weighted. Gartner's CompassOne page has very limited review volume, so sentiment is useful but not definitive.

Questions

Does Blackpoint Cyber only alert customers?
No. This profile classifies Blackpoint as Contain threats because official MDR and SOC pages support human-led active response, including containment actions such as endpoint isolation and account disabling when those actions are in scope.
Is Blackpoint Cyber pricing public?
No. Blackpoint says it primarily offers products and services through MSPs and does not publish rates on its website. Buyers should expect quote-based channel pricing, with package, volume and commitment terms confirmed by the partner or Blackpoint.
Does Blackpoint Cyber replace a full SOC?
Not by itself. Blackpoint provides 24/7 MDR monitoring, investigation and containment through its SOC, but the buyer or MSP still owns deployment, connected telemetry, response authority, remediation, recovery and client or business communication.