24/7 SOC



union-jack (1)







Managed Detection and Response Service

Around-the-clock expert monitoring to defend against threats and stop attackers in their tracks

As environments sprawl and complexity mounts in the security space, many security teams are shifting from a prevention only mindset to a focus on early detection and accelerated response. The earlier attackers are detected in the attack chain, the greater chance security teams can eliminate threats before they become catastrophic. At the core of implementing such a strategy is tapping into the right level of visibility to capture actionable insights, without getting bogged down in more noise and unmanageable data.

Our focus is on improving your current cybersecurity posture and maturity level in incident detection and response. Many organisations are solely focused on preventative measures which is always the number one choice. You would always rather prevent an attack from happening.

The danger comes when you have layers of defence and no one monitoring and making vital use of the data come from the endpoint and firewalls and various other data generation points. The biggest issue is not being able to detect a breach or an attack and then respond when you are alerted.

Organisations need to have a balance between defensive measures but also invest in a security team that can perform the detection and response. The quicker you can detect, react and remediate to the threat the more you reduce the possible damage that can be caused.

We have a three-pronged approach at Wizard Cyber to achieving this which consists of people, technology and process.

Detect advanced threats

Multiple advanced detection methods including behavioral analytics and human threat hunts find evil in your environment.

Stop attackers in their tracks

Instantly contain, remediate, and mitigate risks with detailed reporting and guidance tailored to your business.

Accelerate your security program

Leverage a team of experts – from your security advisor to the SOC – to mature your program and strengthen your posture.

MDR Service Overview

Our focus is on advancing your current cybersecurity posture and maturity level in incident detection and response layers. Many organisations are solely focused on preventative measures which is correct because you would always rather prevent an attack from happening. What happens if you do not have the means to detect & respond and you are assuming you cannot be breached. Then you have already committed yourself to fail because you need the ability to detect and respond to an attack or when it occurs. The quicker you can detect, react and remediate to the threat the more you reduce the possible damage that can be caused.

We have a three-pronged approach at Wizard Cyber to achieving this which consists of people, technology and process.

  • Dedicated security advisor
  • Proactive threat hunting
  • User Behavioural analytics detection (UBA)
  • Attacker analytics detection (ABA)
  • Deception Technology
  • Unlimited Guidance for Cyber Improvements
  • Simplify Regulatory compliance
  • 24×7 SOC monitoring
  • Threat Intelligence Infrastructure
  • Incident Management and Response Support
  • Unlimited Event Source and Data Ingestion
  • Real-time incident validation

Security Operations Centre Visibility Triad

Reduce Attacker Success with Accelerated Threat Detection and Response

Many competitors lack comprehensive coverage across all three of these datasets and/or require tedious configuration and alert tuning; point solutions fall short on their own and create more noise and complexity.

Leveraging insights from our threat intelligence, research teams, and Managed Detection and Response (MDR) team, we have created finely tuned alerts across each of these three pillars, generating high context, reliable, and actionable detections from Day 1.

Efficiency for Successful Detection and Response

With this visibility SOC triad at its core, we accelerate detection and response. We get faster, more accurate alerts, and have the context and tools needed to respond quickly and confidently. According to the SANS Institute, EDR detects only 26 percent of initial vectors of attack. CYBERSHIELD is a next-generation security service that has SIEM, EDR and NDR functionality built-in. Gaining comprehensive visibility into these three pillars of security operations makes all the difference in enabling our security team to catch attacks early on.


The three pillars of the SOC Visibility Triad

The SOC Visibility Triad model leverages data from three core pillars:

  • Logs/user and entity behavior through security information and event management (SIEM)
  • Network traffic through network detection and response (NDR)
  • Endpoint detection and response (EDR)

Accomplish More with CYBERSHIELD

CYBERSHIELD combines SIEM, EDR and NDR technologies and has a full turnkey solution that can be deployed and starts producing value from day 1. Most organisations have hybrid infrastructures and how solution connects to any on-premise device, service, application as well as connecting to AWS, Google Cloud Platform (GCP) and Azure. We can also extract security logs directly from Office 365 which negates the need for expensive security licensing.

The CYBERSHIELD Endpoint Agent receives information directly from the endpoint whether it be inside or outside the network. If the Agent is unable to send logs via the onsite collector it connects directly to our cloud services to communicate with the SIEM.


Detection Methodologies


Analyst Validation

All events are validated by our SOC analyst team prior to reporting any alert to you. With human validation from our Spotters or Hunters, our MDR service removes benign, unnecessary, or redundant alerts from your Findings Reports.

Proactive Threat Hunting

Wizard Cyber’s MDR team leverages Agent data and specialised views to perform scheduled and ad-hoc threat hunts in your environment. The nature of the hunts varies over time and is based on trends in the threat landscape. The results of these hunts are sent to your team in the form of the monthly Hunt Reports..

Endpoint Detection and Visibility

Our SOC team is armed with high-fidelity endpoint data to identify novel variations of new attacker techniques from endpoint behaviour. Our team has deep visibility across your network, including remote workers and cloud services, and can spot anomalous running processes, risky user behaviour, and malicious activity—all in real-time.

User Behavior Analytics (UBA)

User Behavior Analytics (UBA) enables our SOC team to determine if a potential threat is an attacker impersonating an employee or an employee who presents some kind of risk. Our SOC leverages these UBA indicators to dynamically prioritize and rank alert criticality based on the presence or absence of notable behaviours.

Threat Intelligence-Based Detections

We leverage proprietary threat intelligence derived from research, previous investigations, monitoring findings, and third-party sources. The MDR Threat Intelligence team is responsible for maintaining this intelligence and working alongside our SOC analysts to constantly apply these learnings across all MDR customer environments.

Intruder Traps

Set up easy-to-deploy deception technologies like honeypots, honey users, honey credentials, and honey files to catch attackers earlier in the attack chain. We inject all agents with fake credentials so we can lure and spot attackers into using these credentials across the network.

Wizard Cyber MDR Offerings & Pricing

Our solutions are designed to work 100% on and off the network and gives full coverage for on premise, cloud and hybrid environments. We are committed to supplying affordable, enterprise grade managed services and solutions to the SME business. Our MDR offerings are highly scalable and are available from as little as 50 assets on 1 year terms.


Full 24/7 SIEM, UEBA, NDR & EDR Managed Service.




Full 24/7 SIEM, UEBA, NDR, EDR, Vulnerability Scanning & Management.



Elite Plus

Includes all the features of the Elite package plus our OS & 3rd Party patching service.



Wizard Cyber MDR Matrix

User Behaviour Analytics
Attacker Behaviour Analytics
Endpoint Detection and Visibility
Network Traffic Analysis
Centralised Log Management
Deception Technology
File Integrity Monitoring (FIM)
Azure, AWS, GCP, Office365 Integration
Vulnerability Scanning
Risk Prioritisation
Patch Management Service (OS & 3rd Party)
NGAV & EDR Agent
MDR SOC-as-a-Service
Continuous (24x7x365) real-time alert monitoring by expert SOC analysts
Full Incident validation eliminates false positives
Remote Incident Response assistance in the event of a confirmed breach
60 Minutes*
30 Minutes*
15 Minutes*
Security Advisor
Dedicated Security advisor as your team’s point-of-contact for technical and day-to-day service delivery
Reviews and answers questions about alerts/findings reports
Unlimited access to your advisor for guidance on programmatic security program improvements
Aids your team’s decision process when considering new security tools
Weekly Posture Review
Advanced Attacker Behavioural Analytic (ABA) detections identify attackers TTPs
User Behavioural Analytic (UBA) detections catch anomalous user activity
Deception technologies spot attackers earlier in the attack chain
Proactive Human Threat Hunting finds threats technology alone cannot
Reporting & Assessments
Findings Reports with tailored remediation guidance and recommendations
Monthly Threat Hunt Reports
State-of-your-Service summary reporting
Vulnerability Assessment Report
Cloud SIEM
Full license to CYBERSHIELD SIEM
Full license to CYBERSHIELD VM
Technology setup, configuration, and deployment assistance
Collector Appliance (if required)
NGAV + EDR Advanced Addon
Optional - starting from £265/ pm

Contact us for more information

Please fill out the form below or call us directly on +44 (0) 333 311 0121.