Operational insight into what goes on within your IT infrastructure is crucial to control your cyber risk.

Managed detection & response


Effective cyber defense starts by forming an understanding of the threat landscape, how attackers can strike and by knowing your own vulnerabilities.

Defendable’s MDR service utilizes cyber intelligence and vulnerability assessment as a basis for detection and response. 

The investigation, tuning and assessments made by Defendable’s experienced cybersecurity team, combined with automated processes, provide the optimal mix for early detection and fast response.

Defendable’s MDR service is a 24/7 service which can both be optimized for organizations using Microsoft 365 products, including Sentinel, and as a stand-alone solution.


Flexible configurations and multiple options

Defendable actively encourages customers to collect and retain as much relevant security log data as possible, as more data allows us to better detect and investigate incidents. However we recognize that the collection and storage of more log data comes with an increased cost.

Customers can choose to store additional log data in their own tenant using Microsoft Log Analytics or for a more cost-efficient solution, customers can also store log data in Defendable’s own log management platform.

Defendable’s MDR service comprises an up to date collection of detection and response methods, which can be supplemented by working with customers on developing specific detection and response actions for particular assets, users or security scenarios.

How it works

Take a deep dive into our MDR service.

Defendable SOC

LIGHTGREEN_CamersThe heart of Defendable’s MDR service is the Security Operations Centre (SOC), where security analysts monitor and respond to threats 24/7, 365 days a year.

Depending on the severity of an incident, a dedicated Incident Response analyst or an entire Incident Response Team, may be mobilized to assist customers in the investigation, containment, eradication and recovery from a serious incident.

Defendable has SOCs in Oslo and Gjøvik for geo-redundancy

Onboarding and operations

Defendable has a well-defined process for onboarding new organizations to the MDR service. 


Type and number of endpoints and users that shall be monitored. 


How to monitor and perform response to incidents for the various types of endpoints and users.


Ensuring the right data is available in Defendable’s MDR platform. This could for example, involve connecting your instance of Microsoft Sentinel to Defendable’s MSSP tenant via Microsoft Lighthouse.


Improve detection and response mechanisms based on new threat research, intelligence and vulnerability analysis.

Calibrate the detection mechanisms for an optimal true-false positive ratio.


Analyse, Contain, Eradicate, Recover and Report any incidents.

Monitor 24/7 and Threat hunt from the SOCs in Oslo and Gjøvik.


Customer Portal

Normal communication between Defendable SOC and customers happens through a portal where customers can follow the creation and management of tickets and receive vulnerability advisories and threat intelligence reporting.

Talk to us about you MDR needs