socproviders.com
Last update: 2 Jun 2026

Bridewell Security Operations Center

Bridewell Security Operations Center is a managed SOC service that can run as a hybrid extension of an internal team or as a fully outsourced SOC. After an alert, Bridewell monitors, investigates, hunts, tunes detections and can lead containment and incident response inside agreed playbooks, while the buyer still owns tenant permissions, telemetry coverage, approval rules, business remediation and recovery.

Service
Managed SOC / MDR / managed SIEM
Response
Run the SOC
Visit website

Best for

Regulated mid-market and enterprise buyers that need a UK-centered SOC partner

Usually replaces

Most day-to-day SOC monitoring and alert investigation when the fully outsourced model is contracted

Response role

Service owns most day-to-day SOC operations inside the contracted scope.

Check first

Defining whether the engagement is hybrid, fully outsourced or limited to a specific SOC function

Coverage

Covers

  • Hybrid or fully outsourced SOC operation with 24/7 monitoring and early SOC onboarding
  • Alert investigation, threat hunting, threat intelligence and intrusion analysis
  • SIEM and SOAR enhancement, detection content development and MITRE ATT&CK coverage mapping

Your team still owns

  • Keeping tenant access, SIEM, EDR, XDR, cloud and OT telemetry in scope and correctly connected
  • Setting which containment and remediation actions Bridewell can take without extra approval
  • Handling business-owner decisions, user communication, IT remediation and recovery work

Tradeoffs

Works well

  • Fits buyers that want a managed SOC rather than a narrow endpoint-only MDR service
  • Fully outsourced model can move daily SOC ownership to Bridewell inside the contracted scope
  • Hybrid model lets internal teams keep context while Bridewell adds 24/7 analysts and process

Watch out for

  • Buyers need the contract to separate hybrid support from fully outsourced SOC ownership
  • Response authority depends on agreed playbooks, tool permissions and approval rules
  • Public pricing is procurement-specific and still varies by users, servers, service tier and deployment work

Pricing

Price signal
Indicative G-Cloud references start at £5.25 per user and £3.04 per server per month
Billing model
Per-user, Per-asset, Custom

Ask before buying

  1. Which SOC tasks are fully outsourced, and which still sit with our internal team?
  2. Which containment and remediation actions can Bridewell take without waiting for approval?
  3. Are Microsoft Sentinel deployment, SIEM tuning, OT or ICS coverage and incident response included in the quoted scope?

Connects with

SIEM
  • Microsoft Sentinel
  • Cloud SIEM
  • Supported SIEM tools
EDR / Endpoint
  • Microsoft Defender XDR
  • Supported EDR and XDR tools
Cloud
  • Azure
Other
  • Bridewell Cybiquity
  • SIEM and SOAR tooling
  • Threat intelligence feeds
  • MITRE ATT&CK mapping

Notes

Why Run the SOC

Bridewell's SOC page says the service can be hybrid or fully managed, and says the fully outsourced model takes complete ownership and responsibility for security operations. That supports Run the SOC when the contract covers the fully outsourced SOC model.

Hybrid boundary

The same offer can also operate as a hybrid SOC. Buyers should not assume Bridewell owns every SOC task unless the statement of work names covered tools, alert queues, response authority, reporting and handoff paths.

Stack boundary

Official material supports Microsoft Sentinel deployment, Microsoft Defender XDR expertise, cloud SIEM, supported EDR and XDR integration, SIEM and SOAR enhancement, and monitoring tools deployed as code in the buyer tenant. The public profile avoids implying every third-party tool has equal support.

Pricing boundary

Bridewell does not publish a normal commercial price list on the service page. UK G-Cloud material gives public procurement ranges by user, server, term, service tier and deployment work, so the profile treats pricing as indicative and quote-dependent.

Customer evidence

Public customer stories support use cases in regulated and high-context environments, but they are vendor-controlled. Independent Bridewell SOC or MDR review depth on Gartner, G2, PeerSpot, TrustRadius and Reddit is thin, so no public customer-sentiment section is included.

Questions

Does Bridewell run the SOC?
It can, when the buyer contracts the fully outsourced SOC model. Bridewell also offers a hybrid SOC model, so buyers should confirm which daily SOC tasks, tools and response decisions Bridewell owns.
Is Bridewell Security Operations Center the same as MDR?
No. Bridewell sells MDR as part of its managed security portfolio, but this profile is for its Security Operations Center service, which can include managed SOC, managed SIEM, detection tuning, hunting and response workflow.
Is Bridewell pricing public?
Not as a standard commercial price list. UK G-Cloud material gives indicative per-user and per-server references, but final pricing depends on users, servers, service tier, tooling and deployment scope.

Categories

Co-Managed SOC ProvidersManaged Security Service ProvidersMDR ProvidersSOCaaS ProvidersEnterprise SOC ProvidersMid-Market SOC Providers