Shortlist fit
Dell customers that want a large technology services provider to operate MDR around a supported XDR platform
Provider handles
Service can take or orchestrate containment actions within the approved scope.Check before buying
Pre-approving which threat response actions Dell may take in the platformAlso fits
- Midmarket and enterprise teams comparing CrowdStrike, Microsoft or Secureworks-based managed response options
- Buyers that can define response authority during onboarding and keep platform integrations healthy
- Teams that want included remote incident response initiation, not a full incident response retainer
Can replace
- Some 24/7 alert monitoring and analyst investigation work for covered endpoints and platform telemetry
- Manual first response for pre-approved platform containment actions
- Some quarterly alert trend review and security posture guidance
Coverage
Provider covers
- 24/7 access to Dell security analysts
- Threat detection and investigation inside the supported XDR platform
- Threat hunting based on telemetry available through the platform
Your team still owns
- Keeping endpoint sensors, integrations, bandwidth, credentials and authorized contacts current
- Providing business context, files, logs and access during investigations
- Handling remediation beyond included threat response, security configuration and incident response hours
Tradeoffs
Works well
- Clear contract language for onboarding, detection, response, quarterly reporting and incident response initiation
- Supports service-only buying when the customer already licenses required platform components
- Pre-approved platform response actions make the service more active than alert-only monitoring
Watch out for
- Public pricing does not show a numeric list price
- Service scope depends heavily on the platform and modules named in the order form
- Customers must maintain endpoint deployment, integrations, authorizations and investigation context
Pricing
- Price
- Quote-based, per managed endpoint
- Billing
- Per-endpoint, Custom
Questions to ask
- Which platform version is in scope, and are CrowdStrike, Microsoft or Secureworks licenses included in the quote?
- Which response actions are pre-approved, and who can approve changes to those actions after onboarding?
- What happens after the included quarterly response support or annual incident response hours are used?
Integrations
- SIEM
- CrowdStrike Falcon Next-Gen SIEM
- Microsoft Sentinel
- Secureworks Taegis XDR
- EDR / Endpoint
- CrowdStrike Falcon
- Microsoft Defender for Endpoint
- Secureworks XDR Endpoint Agent
- Cloud
- Microsoft Azure
- Other
- Microsoft Defender XDR
- CrowdStrike Falcon Data Replicator
- Dell ITSM portal
- Email notification
- Supported XDR platform integrations
Editorial notes
Why contain-threats lane
Dell service descriptions support analyst investigation plus pre-approved threat response actions in the platform. Public examples include host isolation and file blocking, so this goes beyond advice, but it is still narrower than co-managing the buyer's whole SOC.
Platform boundary
The service depends on the supported XDR or EDR platform in the order form. Buyers should not assume all Dell security products, backup security, vulnerability management or incident recovery retainers are included unless those services appear in the quote.
Response boundary
Dell can take agreed platform actions, but the customer still has to deploy sensors, maintain integrations, supply investigation context and handle work outside the included response and configuration hours.
Review evidence
Public customer review depth for Dell MDR is thin. G2 has only a small broad Dell Security review base, Gartner and TrustRadius category pages did not expose Dell MDR as a reviewed product and Reddit evidence was mostly category-level MDR buying advice.