socproviders.com
Last update: 2 Jun 2026

Kaseya MDR

Kaseya MDR is the current managed detection and response service behind the former RocketCyber managed SOC offer for MSPs and IT teams. After an alert, Kaseya SOC analysts investigate, validate and can isolate covered devices under the response guide, while the MSP or buyer still owns coverage, contact readiness, remediation decisions and customer-side recovery.

Service
MSP-channel MDR / managed SOC
Response
Contain threats
Visit website

Best for

MSPs that want a white-labeled SOC service connected to PSA and RMM workflows

Usually replaces

Some after hours endpoint, Microsoft 365 and firewall alert triage

Response role

Service can take or orchestrate containment actions within the approved scope.

Check first

Licensing every endpoint and Microsoft 365 account that needs MDR coverage

Coverage

Covers

  • 24/7 SOC monitoring and analyst triage for covered endpoint, Microsoft 365 and firewall activity
  • Phone, email and PSA incident escalation with recommended remediation steps
  • Device isolation for covered RocketCyber or Datto EDR agents when the response guide allows it

Your team still owns

  • Keeping alert contacts, permissions and special instructions current
  • Handling customer communication, business approvals and recovery work
  • Remediating gaps that sit outside covered isolation, file deletion or antivirus actions

Tradeoffs

Works well

  • Clear fit for MSPs that want an MDR service tied into PSA and RMM workflows
  • Official response guides explain when the SOC can isolate devices and how partner instructions affect action
  • Kaseya 365 Endpoint Pro can bundle MDR/SOC with endpoint management, EDR, backup and automation

Watch out for

  • Not a full outsourced SOC for every security workflow
  • Public pricing is quote-based and depends on endpoint, Microsoft 365 and bundle scope
  • The MSP or buyer still owns contact readiness, remediation, recovery and client communication

What customers say

G2 and Capterra reviews describe RocketCyber as useful for MSP-led monitoring, Kaseya stack integration and 24/7 SOC calls. Critical reviews and Reddit threads raise integration limits, dashboard noise, support delays, pricing opacity and broader Kaseya contract concerns, so buyers should test the exact response workflow before standardizing on it.

Reported benefits

  • Reviewers often mention fast SOC contact and easier setup inside Kaseya environments
  • MSP users describe one portal for endpoint, Microsoft 365, firewall and customer security visibility
  • Positive comments emphasize value for SMB client coverage without hiring a SOC

Reported limits

  • Some reviewers report limited integrations, false positives or slow interface behavior
  • Capterra includes support and log-capture concerns in lower-rated reviews
  • Reddit threads show recurring friction around Kaseya ownership, pricing clarity and contract terms
G2 RocketCyber reviewsCapterra RocketCyber reviewsReddit MSP discussion

Pricing

Price signal
Quote-based, by endpoint and Microsoft 365 coverage
Billing model
Per-endpoint, Per-user, Custom

Ask before buying

  1. Which response actions can the SOC take without approval, and how do opt-out instructions change that behavior?
  2. Does the quote cover RocketCyber, Kaseya MDR or Kaseya 365 Endpoint Pro, and what retention applies to each service?
  3. Which endpoint, Microsoft 365, firewall, PSA and RMM integrations are included before onboarding fees or extra services apply?

Connects with

SIEM
  • RocketCyber platform
  • SIEMless log monitoring
EDR / Endpoint
  • Datto EDR
  • Windows Defender
  • SentinelOne
  • Malwarebytes EDR
  • Sophos
  • Bitdefender
  • Webroot
Cloud
  • Microsoft 365
  • Microsoft Entra ID
Other
  • Datto RMM
  • Kaseya VSA
  • Datto Autotask
  • Kaseya BMS
  • ConnectWise Manage
  • Syncro
  • Cisco Meraki
  • Fortinet
  • Palo Alto Networks
  • Graphus

Notes

Why contain-threats lane

Official Kaseya and RocketCyber sources support analyst investigation, validation, phone or email escalation and device isolation for covered assets. That is more than guided advice, but it does not prove Kaseya owns full SOC operations or post-incident recovery.

MSP channel boundary

The service is built for MSP and SMB operating models. MSPs can buy license pools, connect PSA tools and white-label the service, but they still own client communication, remediation coordination and commercial packaging.

Pricing boundary

Kaseya publishes a pricing request path and terms that describe endpoint and Microsoft 365 license units. Reddit mentions historical endpoint prices, but those signals are unofficial, bundle-dependent and not reliable enough for public numeric pricing.

Retention boundary

Kaseya MDR marketing refers to newer capabilities, while RocketCyber's data retention policy lists 30 days online, 30 days nearline and 12 months archive for Managed SOC app results. Buyers should confirm the retention policy for the exact SKU they buy.

Questions

Is Kaseya MDR the same as RocketCyber?
Kaseya says Kaseya MDR is the evolution of RocketCyber. This profile treats Kaseya MDR as the current offer and uses RocketCyber documentation where Kaseya links the services or where the RocketCyber managed SOC guide defines response behavior.
Does Kaseya MDR take response actions?
Yes, within covered scope. Official response documentation says the SOC can isolate covered devices with RocketCyber or Datto EDR agents and can support actions such as file deletion or Defender scans where integrations allow them. Buyers should confirm approval rules and opt-out instructions.
Is Kaseya MDR priced publicly?
No numeric list price was visible in public sources. Kaseya provides a quote request path and terms that describe endpoint and Microsoft 365 account license units, monthly fees, committed service terms and possible onboarding charges.

Categories

MDR ProvidersBest for Small BusinessProviders That Bring Their Own PlatformProviders That Respond For YouMid-Market SOC ProvidersSMB SOC Providers