Darktrace Managed Detection and Response

MDR · XDR · Co-Managed SOC

Darktrace Managed Detection and Response is a managed service for organizations using Darktrace's AI security platform across network, cloud, OT, endpoint and SaaS telemetry. After an alert, Darktrace's SOC triages, investigates, reviews relevant RESPOND measures and can escalate threat-containment actions, while the buyer still owns Darktrace deployment scope, response authority, remediation, recovery and coverage outside the Darktrace environment.

Service
MDR
Handles
Co-manage the SOC
Price
No public MDR list price found.
  • Co-manage the SOC
  • Cambridge, United Kingdom
  • 1001-5000
  • Founded 2013
Visit website

Shortlist fit

Organizations already using or evaluating Darktrace for network, cloud, OT, endpoint, email or identity coverage

Provider handles

Service shares SOC workflow with your team or MSP while you keep control.

Check before buying

Deploying and tuning the relevant Darktrace modules and sensors across the environment

Also fits

  • Lean security teams that want expert help running Darktrace alerts and investigations around the clock
  • Buyers that need NDR or OT visibility alongside an existing EDR or SIEM program
  • Enterprises that want a co-managed service around Darktrace without outsourcing the entire SOC

Can replace

  • Some 24/7 monitoring and alert triage for deployed Darktrace modules
  • Some analyst time spent reviewing high-priority Darktrace alerts and AI Analyst findings
  • Some deployment optimization, model review and workflow tuning work around Darktrace
  • Some internal reporting on Darktrace alert trends, performance and operational efficiency

Coverage

Provider covers

  • 24/7 Darktrace SOC monitoring for significant anomalies in the customer's Darktrace environment
  • Analyst triage and investigation of high-priority Darktrace alerts
  • Review of related Darktrace RESPOND measures and escalation of supported containment actions

Your team still owns

  • Granting and governing response authority for Darktrace RESPOND or connected integrations
  • Remediating affected endpoints, identities, cloud workloads, OT systems and business processes
  • Covering telemetry and alerts outside the contracted Darktrace environment

Tradeoffs

Works well

  • Strong fit for buyers that already see Darktrace as a core detection and response platform
  • Official sources clearly describe 24/7 SOC triage, investigations, reporting and optimization support
  • Coverage can span network, cloud, OT, endpoint, SaaS, email and identity when the relevant modules are deployed

Watch out for

  • No usable public MDR price was found
  • Service value depends heavily on Darktrace deployment quality and module coverage
  • Not a full replacement for EDR, SIEM, identity administration or incident recovery

Reviews

Review synthesis

Public sentiment is strongest for Darktrace's NDR and broader platform rather than the exact MDR service. Gartner and G2 signals point to visibility, AI-led detection and support value, while community threads repeatedly caution about cost, tuning, false positives and not treating Darktrace alone as a full SOC or EDR replacement.

Customers like

  • Buyers value network and OT visibility that can complement endpoint and SIEM tooling
  • AI Analyst and SOC review can reduce some investigation and alert-prioritization workload
  • Darktrace's platform has substantial public review volume compared with the MDR listing itself
  • Marketplace and legal artifacts make enterprise procurement paths more visible than many smaller services

Watch out for

  • Exact MDR-service review volume is sparse, including no AWS Marketplace reviews
  • Community feedback is mixed on tuning burden, false positives, sales pressure and price
  • Value depends on deployment quality and whether Darktrace modules cover the buyer's critical assets
  • Buyers still need endpoint, identity, SIEM or ticketing context outside Darktrace scope

Pricing

Price
No public MDR list price found.
Billing
Custom
Proof of concept
Available
Onboarding
Depends on Darktrace module deployment, sensor coverage, cloud and SaaS connections, RESPOND configuration, alert-routing design, response approvals and service-ready review findings.

Questions to ask

  1. Which Darktrace modules, environments and alert types are included in MDR monitoring?
  2. Which response actions can Darktrace escalate or trigger without customer approval?
  3. How are platform licenses, MDR fees, implementation, reporting, retention and add-on services priced?

Integrations

SIEM
  • Darktrace ActiveAI Security Platform
  • Darktrace DETECT
EDR / Endpoint
  • Darktrace / ENDPOINT
Cloud
  • AWS
  • Azure
  • GCP
  • Microsoft 365
Other
  • Darktrace / NETWORK
  • Darktrace / CLOUD
  • Darktrace / OT
  • Darktrace / IDENTITY
  • Darktrace / EMAIL
  • Darktrace RESPOND

Editorial notes

Why co-managed SOC

Darktrace MDR includes 24/7 SOC triage, investigation, expert support, monthly reporting, operational reviews and escalation of response actions. It is still co-managed because the buyer keeps deployment scope, permissions, remediation and recovery.

Platform boundary

The service is explicitly tied to the buyer's Darktrace environment across deployed modules. Do not assume it monitors or responds inside unrelated SIEM, EDR, identity or ticketing tools unless the contract and integration design say so.

Response authority

Official material supports review of RESPOND measures and escalation of containment actions, but public sources do not prove universal autonomous containment. Buyers need a written response matrix by module, asset type and approval path.

Pricing boundary

AWS Marketplace shows a private-offer route and a $1 custom-offer placeholder. The public draft treats that as procurement evidence only, not a real MDR price.

Review boundary

Public review volume is meaningful for Darktrace / NETWORK and the broader platform, but exact MDR-service reviews are thin. The profile separates platform sentiment from managed-service proof.

Questions

Is Darktrace MDR a full SOC replacement?
No. It is best treated as a co-managed service around the Darktrace environment. Darktrace analysts triage, investigate, escalate response actions and advise on optimization, but the buyer still owns remediation, recovery, approvals and non-Darktrace coverage.
Can Darktrace contain threats for us?
Darktrace's platform includes autonomous response capabilities, and MDR material says the SOC can review RESPOND measures and escalate containment actions. Buyers should confirm exactly which actions are enabled, pre-approved and available for each module before relying on provider-led containment.
Does the service monitor tools outside Darktrace?
Public material scopes MDR to the customer's Darktrace environment across deployed areas such as network, cloud, OT, endpoints and SaaS. Any integration with existing SIEM, EDR, ticketing or identity tools should be documented in the statement of work.
Is Darktrace MDR pricing public?
No reliable public list price was found. AWS Marketplace supports private offers and shows a $1 custom-offer placeholder, but buyers need a scoped quote for actual pricing.