NFIR MDR Security Monitoring

NFIR MDR Security Monitoring is a Managed Detection & Response (MDR) service offered in two tiers — Essentials and Advanced — providing continuous threat monitoring and response for organizations. The service is operated by a Dutch-speaking Security Operations Center (SOC) that monitors customer environments around the clock. Detection logic is informed by NFIR's experience in digital forensics and incident response, and is continuously updated to reflect current attacker techniques. Key operational characteristics: - 24/7 monitoring by security engineers who triage and filter alerts, escalating only confirmed, relevant threats - AI, UEBA, and SOAR technologies are used to support detection, efficiency, and response automation - Log data is retained for 1 year, stored in the Netherlands - Fixed monthly pricing with no variable costs for triage, analysis, or data storage - A dedicated CERT team is available for incident escalation when needed Detection coverage includes threats such as compromised identity provider accounts, adversary-in-the-middle phishing, endpoint malware infections, brute-force attacks, ransomware execution, infostealers, Business Email Compromise (BEC), lateral movement, backup system abuse, and data exfiltration. Advanced tier adds detection for compromised cloud accounts, VPN compromise, C2 communication, and shadow IT. The service is positioned to help organizations meet regulatory and compliance requirements including NIS2, ISO 27001, BIO, AVG, and IBP. Both tiers require appropriate Identity Provider (IdP) and EDR licenses from the customer to enable full detection coverage.