Shortlist fit
MSPs standardizing security delivery across SMB and mid-market clients
Provider handles
Service shares SOC workflow with your team or MSP while you keep control.Check before buying
Selecting the Todyl package and deciding which modules, tenants and data sources are in scopeAlso fits
- Buyers that want SIEM, endpoint, SASE, SOAR, GRC and MXDR in one platform
- Teams that want a collaborative SOC workflow instead of a black-box alert escalation service
- Organizations willing to tune response actions and tenant policies inside Todyl
Can replace
- Some in-house tier 1 monitoring and escalation work for Todyl-managed tenants
- A separate managed SIEM plus MDR combination for MSP-delivered SMB security programs
- Manual cross-tool case assembly across endpoint, network, identity and SIEM signals
Coverage
Provider covers
- 24/7 MXDR analyst monitoring, investigation and response collaboration
- Dedicated Detection and Response Account Manager for each MXDR customer
- Transparent cases with event context, investigation status and MITRE ATT&CK mapping
Your team still owns
- Deploying and administering the Todyl agent, SIEM sources, SASE policies and endpoint controls
- Customer-facing communication, business recovery and follow-on remediation after incidents
- Verifying which response actions are automated, one-click, analyst-led or require MSP approval
Tradeoffs
Works well
- Strong fit for MSPs that want one platform across SIEM, endpoint, SASE, SOAR, GRC and MXDR
- DRAM model gives partners a named response and planning resource instead of only a shared queue
- Todyl exposes cases and response context in the platform, which helps MSPs explain incidents to clients
Watch out for
- Public pricing is quote-only despite published package names
- Review evidence is mostly for the full Todyl platform, so buyers should ask for MXDR-specific references
- The service is platform-centered; non-Todyl tools may be ingested without the same response depth
Reviews
Review synthesis
G2 reviews are generally positive for Todyl's MSP-focused platform, with users praising tool consolidation, SOC/MXDR help and responsive support. The caution is that review evidence is platform-wide: G2 and Reddit comments also mention setup complexity, clunky navigation or reporting, integration issues, SASE/DNS friction and at least one detailed complaint about missed identity-theft activity.Customers like
- G2 reviewers often value the all-in-one MSP console and one deployed agent
- Several users describe the SOC or MXDR team as helpful for alert evaluation and first actions
- TrustRadius and SoftwareFinder show limited but positive review volume
- MSP community posts include users who like the SIEM, SASE and MXDR combination when configured well
Watch out for
- G2 cautions include setup complexity, reporting/dashboard limits and integration issues
- Reddit threads include serious complaints about missed token-theft behavior and support quality
- Community discussions repeatedly mention SASE, DNS, tunnel or agent friction
- Review surfaces do not cleanly isolate MXDR from the broader Todyl platform
Pricing
- Price
- Quote-based package pricing
- Billing
- Tiered, Custom
Questions to ask
- Which response actions can Todyl take for endpoint, identity and SASE events without waiting for MSP approval?
- How are DRAM coverage, after-hours escalation and client communication handled for each tenant?
- Which package includes the retention, SOAR playbooks, static IPs, tunnels and compliance frameworks we need?
Integrations
- SIEM
- Todyl Managed Cloud SIEM
- EDR / Endpoint
- Todyl Endpoint Security
- Cloud
- Microsoft 365
- Other
- Todyl SASE
- Todyl SOAR
- Todyl GRC
- Slack
- Microsoft Teams
Editorial notes
Why co-managed SOC
Todyl MXDR is more than alert notification because official material describes 24/7 analysts, investigations, proactive outreach, a dedicated DRAM, case visibility, response playbooks and threat mitigation. It is still co-managed because the service is built around partner transparency, collaboration and MSP/customer oversight rather than Todyl quietly owning every daily SOC decision.
Platform boundary
MXDR is tightly coupled to the Todyl platform. Official FAQs say MXDR runs from Todyl Managed Cloud SIEM and gains full insight when paired with Todyl SASE, Endpoint Security, SOAR and other modules. Buyers using another EDR, SIEM or SASE stack should confirm what Todyl only ingests versus what Todyl can act on.
Pricing boundary
Todyl now publishes Essentials, Advanced and Complete package structures, but each package points buyers to sales for pricing. Avoid comparing it against MDR providers on list price alone until the quote shows package tier, retention, SOAR limits, SASE ratios, tunnel needs and MSP margin.
Review boundary
Public reviews are strongest for the Todyl platform as a whole, not MXDR alone. G2 reviews praise MSP-friendly consolidation and SOC help, while Reddit discussions include serious complaints about missed identity events, configuration sensitivity, SASE or DNS friction and support variability.