Skip to content
Header-MDR Header-MDR Header-MDR-Mobile

Managed Detection & Response

Our Swiss SOC offers comprehensive threat detection and quick response to protect your company's critical business assets and your reputation.

Arrange a briefing

Why do you need a MDR solution?

Because it is your answer to risks and threats.
While attack figures are still rising, MDR supports you to proactively address cyber risks. Prompt detection and response to threats are critical elements. We accomplish this by monitoring your IT infrastructure and combining modern tools with our expert's knowledge.

The added value of MDR

3035 3035
MDR reduces cyber incidents by continuous monitoring and rapid threat detection.
3035 3035
By responding faster the financial impact of an attack is minimized and your business continuity is ensured.
3035 3035
In case of staff shortage you can rely on our experts with the fully managed solution. Stay flexibel by adapting the level of service to your resources.
3035 3035
Cost-effective as you don't need to finance a SOC by your own to protect your company and yearly costs are easy to calculate.

Quicklinks

Anchor: our-competencies

Toolbox for Managed Detection & Response

With all our MDR services you will benefit from a toolbox for core protection, a proven selection of functions to ensure your security. Depending on your needs features can be customized if you look for different alerting options or various SLA settings. 

Threat Detection

Threat Detection

Immediate benefit from day one without burden your internal staff resources. We reduce your risk exposure. 

Vulnerability Scanning

Vulnerability Scanning

External scanning included in essential package offering risk based priorization and scalable architecture. 

Remediation

Remediation

Fully automated by SOAR as a service including host isolation and multi-factor-authentication reset.

Threat Intelligence

Threat Intelligence

Automated feeds providing real-time data for information on threats and indicators of compromise.

Use Case Catalogue

Use Cases Catalogue

We use various pre-defined use cases based on Splunk, Microsoft Sentinel and our own Use Case Management App.

Digital Risk Monitoring

Digital Risk Monitoring

Monitoring your footprint and dark web presence as a self-service, will identify leaked information about your company.

Hotline for alerting and support

Alerting & Support

Our alerts include remediation recommendations by our experts. Advice provided based on yearly credits. 

Security Data Sources

Data Sources

For better transparency we use different log collectors like identity providers, EDR, IDS, honeypot and more.

Security Sensors

Our Security Sensors

Sensors developed to provide visibility to your network. All-in-one solution for IDS, log collection, honeypots and vulnerability scans. 

Sandbox Honeypot Canaries

Sandbox Honeypot Canaries

These will make an attacker's approach visible before real damage occurs. Available via the Customer Portal.

Security Management Reporting

Reporting

Automated monthly reports available via Customer Portal. A yearly Threat Intelligence Report can be shared with your stakeholders.

MDR Packages for different needs

Our Cyber Defense Center offers pre-defined packages for a quick project start. All packages include the MDR toolbox. Different companies have different security requirements depending on:

  • the size of their organization

  • the availability of skilled staff

  • the desired level of security

  • compliance or other regulations they need to obey

Managed Detection and Response service packages for different needs
Anchor: mdr-packages

Our packages grow with your business requirements

If your business grows or your geographic reach expands, your IT will become more complex and you might need to fulfill even more guidelines (GRC). Our packages - from fully managed to co-managed - will grow with your IT infrastructure, easy to adjust to new needs.

MDR Essential (XDR)

  • Best for small organizations with 1 to 2 Security FTE.

  • Fully managed by Swiss Post Cybersecurity.

  • Designed for fundamental cybersecurity protection.

  • Includes the complete MDR tool box.
  • Cost-effective solution for smaller budgets.
  • No in-house skills required. You benefit from our security professionals.

MDR Advanced (SIEM)

  • Best for medium organizations with 3 to 5 Security FTE.

  • Includes all features of the MDR Essential.

  • For a wider range of challenges and more complex IT infrastructure.

  • Additional data sources, use cases & playbooks.

  • Internal Vulnerability Scanning included.

  • Steering meetings, workshops & additional support credits.

  • Better response time with expert's guidance.

MDR Premium (Extended SIEM)

  • Best for large organizations with 6+ Security FTE.

  • Co-managed by customer & our team.

  • Includes all features of MDR Advanced.

  • Ultimate protection for enterprise-level security.

  • Enhanced Service Level Agreement for rapid Incident Response.

  • Dedicated Customer Success Manager.

  • CSIRT 7x24 and personalized support.

How our SOC works

Our MDR Services are provided by our Swiss SOC based in Aarau and Morges. 

MDR-process

 

If you are looking for ultimate resilience and confidence in your cybersecurity posture, our MDR Packages will support you achieving your goal.  We offer comprehensive protection, defense against even advanced threats and quick response.

headset-abstract-illustration headset-abstract-illustration

Get in touch with us

Is your organization exposed to risks?
Get in touch with us today to protect your business against cyber threats.

Anchor: mdr-faq

FAQ

Here you will find answers to frequently asked questions about MDR.
What does MDR mean?

MDR stands for Managed Detection and Response and is used to detect and react on threats to protect your company. MDR as a cybersecurity service is provided by a SOC or Cyber Defense Center 24/7 and combines technologies with human expertise. Managed refers to the level of outsourcing to a security service provider. 

Which technologies are used for MDR?

MDR uses a lot of different technologies to protect your IT infrastructure like IDS, SIEM, log correllation, EDR/XDR but also Vulnerability Scanning, Threat Intelligence and SOAR. Contact us to receive a complete list.

Can I use MDR without having my own security team?

Yes you can. MDR is available for different levels of outsourcing. Depending on knowledge and staff you can decide which level you need and adapt it over the time.

  • Fully managed means that we provide (nearly) everything for your organization.

  • Co-managed means that tasks are shared between your company and our security professionals. 

What is the difference between MDR and traditional monitoring?

  • Pure security monitoring normally ends as soon as a threat has been detected and the alert has been created.

  • MDR is much more pro-active and includes investigations and human experts taking immediate action if needed. MDR uses modern technology like AI to also mitigate the cyber attack.

Which platforms are supported?

We can collect logs from almost any platform. Our collectors can read the following formats, among others: syslog, flat files, e-mails, etc. This includes, among others:

  • Operating systems: Windows, Linux, Sun, ...
  • Security devices: Firewall, proxies, sandboxing solutions, IPS, ...
  • Endpoint solutions: Antivirus, HIPS
  • Network equipment: switches, routers, ...
Where is our data stored?

Our solutions - in particular our Cyber Defense Center - are developed, operated and provided entirely in Switzerland where data are stored.

Anchor: cdc-get-in-touch

Let's plan the next steps together

Get in touch with us

Cyber Blog

On the Cyber Blog you will find the current insights, expert articles, and practical tips on the latest cyber threats and security solutions to enhance your company's digital security.

Go to the Blog
Dark circles on light blue background
New Microsoft Advance Partner Certifications
This dual specialization from Microsoft confirms our ability to deliver high-quality solutions and services to protect our customers from cyber...
Read more
Do my new use cases keep their promise?
Do my new use cases keep their promise?
Use Case Testing Preparation The first step is to analyze which types of logs exist and which could be used to detect the suspicious behavior. How is...
Read more
Pay more attention to your vulnerability management
Pay more attention to your vulnerability management
Vulnerability versus configuration management Nowadays, IT professionals are inundated with reports of vulnerabilities. In most cases, these are...
Read more
Unexpected benefits when setting up a SIEM
Unexpected benefits when setting up a SIEM
Definition: What is a SIEM? SIEM stands for Security Information and Event Management System. Before we look at the additional benefits of an SIEM,...
Read more
5 Steps to Cybersecurity Risk Assessment
5 Steps to Cybersecurity Risk Assessment
Below are 5 basic steps for #cyber #riskassessment of an organization:
Read more
Swiss Post Cybersecurity @ ElasticON 2024 in Munich
Swiss Post Cybersecurity @ ElasticON 2024 in Munich
The event took place in the Motorworld, at Munich, the 14th of November 2024. Even if you are not an absolute fan of motor sports, or even nice cars,...
Read more
Swiss Post Cybersecurity@ DEF CON 32 in Las Vegas
Swiss Post Cybersecurity@ DEF CON 32 in Las Vegas
Navigating the Broad Landscape of Cybersecurity in Nevada DEFCON32 offers something for everyone in cybersecurity, from hands-on workshops and CTF...
Read more
Hacknowledge’s Journey to Splunk EMEA BOTS 2024
Hacknowledge’s Journey to Splunk EMEA BOTS 2024
Two Swiss Post Cybersecurity (formerly known as Hacknowledge) teams travelled from Morges to Zurich to represent the company at Splunk EMEA BOTS...
Read more
What a week for the Analytics Team! (and it was only Wednesday)
What a week for the Analytics Team! (and it was only Wednesday)
The team was invited to the Splunk Partner Tech Day in Splunk’s premises in Zurich where amazing tech talks were given by @Alex Piger and others:
Read more
Splunk Cloud: A (Hopefully) Comprehensive and Technical Review
Splunk Cloud: A (Hopefully) Comprehensive and Technical Review
Disclaimer These are key points on the difference and benefits/drawbacks from its author’s perspective and this do not reflect the opinion of...
Read more

Other solutions that might interest you

Incident bell icon

Immediate reaction

Do you need immediate reaction in front of a Cyber attack? Just call us.
+41 21 519 05 01

Our support team is available Monday to Friday, 8:00 AM to 6:00 PM. Customers with an active SLA benefit from 24/7 access. 

Please note: We exclusively support companies and organizations — private individuals are kindly asked to contact their service provider or the local authorities.