Todyl MXDR

Co-Managed SOC · MDR · XDR

Todyl MXDR is a co-managed SOC service for MSPs, MSSPs and mid-market teams that use Todyl's SIEM, endpoint, SASE, SOAR and GRC platform. After an alert, Todyl analysts investigate, collaborate in the portal and communication channels, and can use remediation guidance, on-click response actions or automation playbooks, while the buyer or MSP still owns tenant configuration, customer communication, recovery decisions and work outside the Todyl stack.

Service
Co-Managed SOC
Handles
Co-manage the SOC
Price
Quote-based package pricing
  • Co-manage the SOC
  • Denver, Colorado
  • 51-200
  • Founded 2015
Visit website

Shortlist fit

MSPs standardizing security delivery across SMB and mid-market clients

Provider handles

Service shares SOC workflow with your team or MSP while you keep control.

Check before buying

Selecting the Todyl package and deciding which modules, tenants and data sources are in scope

Also fits

  • Buyers that want SIEM, endpoint, SASE, SOAR, GRC and MXDR in one platform
  • Teams that want a collaborative SOC workflow instead of a black-box alert escalation service
  • Organizations willing to tune response actions and tenant policies inside Todyl

Can replace

  • Some in-house tier 1 monitoring and escalation work for Todyl-managed tenants
  • A separate managed SIEM plus MDR combination for MSP-delivered SMB security programs
  • Manual cross-tool case assembly across endpoint, network, identity and SIEM signals

Coverage

Provider covers

  • 24/7 MXDR analyst monitoring, investigation and response collaboration
  • Dedicated Detection and Response Account Manager for each MXDR customer
  • Transparent cases with event context, investigation status and MITRE ATT&CK mapping

Your team still owns

  • Deploying and administering the Todyl agent, SIEM sources, SASE policies and endpoint controls
  • Customer-facing communication, business recovery and follow-on remediation after incidents
  • Verifying which response actions are automated, one-click, analyst-led or require MSP approval

Tradeoffs

Works well

  • Strong fit for MSPs that want one platform across SIEM, endpoint, SASE, SOAR, GRC and MXDR
  • DRAM model gives partners a named response and planning resource instead of only a shared queue
  • Todyl exposes cases and response context in the platform, which helps MSPs explain incidents to clients

Watch out for

  • Public pricing is quote-only despite published package names
  • Review evidence is mostly for the full Todyl platform, so buyers should ask for MXDR-specific references
  • The service is platform-centered; non-Todyl tools may be ingested without the same response depth

Reviews

Review synthesis

G2 reviews are generally positive for Todyl's MSP-focused platform, with users praising tool consolidation, SOC/MXDR help and responsive support. The caution is that review evidence is platform-wide: G2 and Reddit comments also mention setup complexity, clunky navigation or reporting, integration issues, SASE/DNS friction and at least one detailed complaint about missed identity-theft activity.

Customers like

  • G2 reviewers often value the all-in-one MSP console and one deployed agent
  • Several users describe the SOC or MXDR team as helpful for alert evaluation and first actions
  • TrustRadius and SoftwareFinder show limited but positive review volume
  • MSP community posts include users who like the SIEM, SASE and MXDR combination when configured well

Watch out for

  • G2 cautions include setup complexity, reporting/dashboard limits and integration issues
  • Reddit threads include serious complaints about missed token-theft behavior and support quality
  • Community discussions repeatedly mention SASE, DNS, tunnel or agent friction
  • Review surfaces do not cleanly isolate MXDR from the broader Todyl platform

Pricing

Price
Quote-based package pricing
Billing
Tiered, Custom

Questions to ask

  1. Which response actions can Todyl take for endpoint, identity and SASE events without waiting for MSP approval?
  2. How are DRAM coverage, after-hours escalation and client communication handled for each tenant?
  3. Which package includes the retention, SOAR playbooks, static IPs, tunnels and compliance frameworks we need?

Integrations

SIEM
  • Todyl Managed Cloud SIEM
EDR / Endpoint
  • Todyl Endpoint Security
Cloud
  • Microsoft 365
  • Azure
  • AWS
Other
  • Todyl SASE
  • Todyl SOAR
  • Todyl GRC
  • Slack
  • Microsoft Teams

Editorial notes

Why co-managed SOC

Todyl MXDR is more than alert notification because official material describes 24/7 analysts, investigations, proactive outreach, a dedicated DRAM, case visibility, response playbooks and threat mitigation. It is still co-managed because the service is built around partner transparency, collaboration and MSP/customer oversight rather than Todyl quietly owning every daily SOC decision.

Platform boundary

MXDR is tightly coupled to the Todyl platform. Official FAQs say MXDR runs from Todyl Managed Cloud SIEM and gains full insight when paired with Todyl SASE, Endpoint Security, SOAR and other modules. Buyers using another EDR, SIEM or SASE stack should confirm what Todyl only ingests versus what Todyl can act on.

Pricing boundary

Todyl now publishes Essentials, Advanced and Complete package structures, but each package points buyers to sales for pricing. Avoid comparing it against MDR providers on list price alone until the quote shows package tier, retention, SOAR limits, SASE ratios, tunnel needs and MSP margin.

Review boundary

Public reviews are strongest for the Todyl platform as a whole, not MXDR alone. G2 reviews praise MSP-friendly consolidation and SOC help, while Reddit discussions include serious complaints about missed identity events, configuration sensitivity, SASE or DNS friction and support variability.

Questions

Is Todyl MXDR a full outsourced SOC?
Not exactly. Todyl MXDR provides 24/7 analyst coverage, response collaboration, dedicated DRAM support and platform response actions, but the MSP or buyer still owns tenant policy, customer communication, recovery decisions and the operating model around Todyl.
Does Todyl MXDR require the Todyl platform?
Yes, for the normal service model. Todyl says MXDR operates out of Todyl Managed Cloud SIEM and is strongest when combined with Todyl SASE, Endpoint Security, SOAR and related modules. Existing tools can be integrated into the SIEM, but buyers should confirm whether Todyl can act on those sources or only investigate them.
How is Todyl MXDR priced?
Todyl publishes Essentials, Advanced and Complete packages that include SASE, Endpoint Security, SIEM, MXDR and GRC, but each package says to contact sales for pricing. Ask for the package tier, retention, SOAR playbook limits, SASE device ratios, tunnel limits and any MSP channel margin assumptions.