Shortlist fit
Regulated mid-market and enterprise buyers that need a UK-centered SOC partner
Provider handles
Service owns most day-to-day SOC operations inside the contracted scope.Check before buying
Defining whether the engagement is hybrid, fully outsourced or limited to a specific SOC functionAlso fits
- Organizations deciding between a hybrid SOC extension and a fully outsourced SOC
- Microsoft Sentinel or Defender XDR buyers that want managed SOC operation around that stack
- Buyers with cloud, on-premises, OT or ICS environments that need scoped coverage boundaries
Can replace
- Most day-to-day SOC monitoring and alert investigation when the fully outsourced model is contracted
- Some SIEM operation, detection tuning, threat hunting and response coordination workload
- Some after-hours security operations coverage for connected tools and agreed environments
Coverage
Provider covers
- Hybrid or fully outsourced SOC operation with 24/7 monitoring and early SOC onboarding
- Alert investigation, threat hunting, threat intelligence and intrusion analysis
- SIEM and SOAR enhancement, detection content development and MITRE ATT&CK coverage mapping
Your team still owns
- Keeping tenant access, SIEM, EDR, XDR, cloud and OT telemetry in scope and correctly connected
- Setting which containment and remediation actions Bridewell can take without extra approval
- Handling business-owner decisions, user communication, IT remediation and recovery work
Tradeoffs
Works well
- Fits buyers that want a managed SOC rather than a narrow endpoint-only MDR service
- Fully outsourced model can move daily SOC ownership to Bridewell inside the contracted scope
- Hybrid model lets internal teams keep context while Bridewell adds 24/7 analysts and process
Watch out for
- Buyers need the contract to separate hybrid support from fully outsourced SOC ownership
- Response authority depends on agreed playbooks, tool permissions and approval rules
- Public pricing is procurement-specific and still varies by users, servers, service tier and deployment work
Pricing
- Price
- Indicative G-Cloud references start at £5.25 per user and £3.04 per server per month
- Billing
- Per-user, Per-asset, Custom
Questions to ask
- Which SOC tasks are fully outsourced, and which still sit with our internal team?
- Which containment and remediation actions can Bridewell take without waiting for approval?
- Are Microsoft Sentinel deployment, SIEM tuning, OT or ICS coverage and incident response included in the quoted scope?
Integrations
- SIEM
- Microsoft Sentinel
- Cloud SIEM
- Supported SIEM tools
- EDR / Endpoint
- Microsoft Defender XDR
- Supported EDR and XDR tools
- Cloud
- Other
- Bridewell Cybiquity
- SIEM and SOAR tooling
- Threat intelligence feeds
- MITRE ATT&CK mapping
Editorial notes
Why Run the SOC
Bridewell's SOC page says the service can be hybrid or fully managed, and says the fully outsourced model takes complete ownership and responsibility for security operations. That supports Run the SOC when the contract covers the fully outsourced SOC model.
Hybrid boundary
The same offer can also operate as a hybrid SOC. Buyers should not assume Bridewell owns every SOC task unless the statement of work names covered tools, alert queues, response authority, reporting and handoff paths.
Stack boundary
Official material supports Microsoft Sentinel deployment, Microsoft Defender XDR expertise, cloud SIEM, supported EDR and XDR integration, SIEM and SOAR enhancement, and monitoring tools deployed as code in the buyer tenant. The public profile avoids implying every third-party tool has equal support.
Pricing boundary
Bridewell does not publish a normal commercial price list on the service page. UK G-Cloud material gives public procurement ranges by user, server, term, service tier and deployment work, so the profile treats pricing as indicative and quote-dependent.
Customer evidence
Public customer stories support use cases in regulated and high-context environments, but they are vendor-controlled. Independent Bridewell SOC or MDR review depth on Gartner, G2, PeerSpot, TrustRadius and Reddit is thin, so no public customer-sentiment section is included.