Shortlist fit
Buyers that want to outsource most day-to-day SOC monitoring, triage and response workflow
Provider handles
Service owns most day-to-day SOC operations inside the contracted scope.Check before buying
Keeping the agreed log sources, cloud accounts, endpoint agents and business context currentAlso fits
- Global or regulated organizations that need regional SOC coverage and documented escalation
- Teams that want managed SIEM and SOAR workflow around Azure Sentinel, QRadar or existing security tools
- Buyers that may also need managed firewall, email, endpoint, SASE, cloud posture or risk services from the same provider
Can replace
- Staffing a 24/7 SOC for many mid-market and enterprise environments
- Some SIEM monitoring, triage, threat hunting, reporting and containment workflow
- Separate monitoring and managed administration vendors when the contract includes protection services
- Some after-hours incident coordination and escalation work
Coverage
Provider covers
- 24/7 monitoring, triage, investigation and response from 6 global SOC regions
- SHQ Response platform for incident management, collaboration, reporting and risk workflow
- SIEM detection and response using Azure Sentinel, IBM QRadar or customer-supported SIEM scope
Your team still owns
- Defining which containment actions can run automatically and which need approval
- Owning internal IT remediation, recovery, user communication and business-owner decisions
- Maintaining any customer-owned SIEM, EDR, cloud or identity licenses outside the quoted service
Tradeoffs
Works well
- Clearer full-SOC fit than endpoint-only MDR because the offer spans defense, risk, protection, platform and SOC operations
- Public sources explain containment, SOAR, reporting, collaboration and regional SOC coverage in operational terms
- Works with buyer tooling or SecurityHQ-managed technology, which helps buyers avoiding a full stack replacement
Watch out for
- Buyers need a detailed scope because SecurityHQ's portfolio includes many separately scoped services
- Pricing is quote-based outside public G-Cloud guidance examples
- Review volume is small compared with larger managed security providers
Reviews
Review synthesis
Gartner reviewers describe SecurityHQ Managed Security Services as useful for monitoring, triage, onboarding, custom rules and after-hours coverage. The visible cautions are small review volume, desire for more services at the price and occasional process or repository friction, so buyers should request references for the exact managed SOC scope.Customers like
- Review excerpts mention monitoring, triage and threat hunting support
- Customers call out onboarding and communication customization
- Reddit discussion includes SecurityHQ as a managed SOC/MSSP recommendation, but with limited detail
Watch out for
- Gartner shows 4 public ratings, so review depth is limited
- One visible critique mentions defined procedures not always being followed
- Managed SOC Reddit threads repeatedly stress escalation paths and full-stack visibility, not only alert monitoring
Pricing
- Price
- G-Cloud examples from £30,664.70 to £297,154 per year
- Billing
- Tiered, Custom
Questions to ask
- Which daily SOC tasks does SecurityHQ own versus notify or assign back to our team?
- Which containment playbooks can block IPs, suspend users or isolate machines without waiting for approval?
- Does the quote include SIEM management, SOAR playbooks, endpoint response, firewall or email administration, DFIR and log retention?
Integrations
- SIEM
- SHQ Response Platform
- IBM QRadar
- Azure Sentinel
- Customer SIEM
- EDR / Endpoint
- SentinelOne
- Customer EDR
- Cloud
- Microsoft 365
- Oracle Cloud
- Other
- IBM Resilient
- ITSM integration
- SIEM, EDR and SOAR workflows
- Datadog managed security services
- Microsoft managed security services
Editorial notes
Why run the SOC
SecurityHQ's official material and AWS Marketplace listing describe 24/7 defense, risk and protection services, global SOCs, SIEM and SOAR workflow, triage, investigation, containment, reporting and customer collaboration. That supports Run the SOC when the contract covers the managed SOC bundle.
Scope boundary
SecurityHQ sells multiple service families. The public profile covers managed SOC and managed security services, not every risk, protection, advisory, offensive security or DFIR service unless it is included in the buyer's quote.
Response boundary
Public material supports containment playbooks, automated blocking, user suspension and machine isolation. Buyers still need rules of engagement because sensitive actions, restoration and business decisions can require internal approval.
Pricing boundary
The AWS Marketplace listing is private-offer only. The G-Cloud 14 pricing document gives useful annual examples for Managed SIEM and SOC, but it says those prices are guidance and final pricing depends on technical and commercial scope.