Where do logs and case data reside?

Inside your environment by default (your AWS / Azure / GCP tenant or on-prem datacenter). India data-residency available on demand. For regulated clients (RBI, SEBI, CERT-In), we run the full stack in-country and produce data-localisation evidence on request.

What's the minimum engagement?

12 months. Onboarding takes 30–60 days; we want a clean baseline period to demonstrate measurable MTTD / MTTR improvement. 24- and 36-month engagements unlock discounted rates and rolled-in DFIR hours.

Can you co-source rather than fully outsource?

Yes. Co-managed SOC is common — your in-house team owns Tier-1 + business context, we own Tier-2/3 + detection engineering + 24×7 cover. Pricing scales with split.

How does this differ from your SOC + SIEM build engagement?

The SOC build engagement is a one-time setup; MSS is the run-state operation. Many clients buy the build first, then transition into MSS for the operate phase. The contracts integrate cleanly.

24×7 · CERT-In Empanelled · India Data-Residency

Managed Security Services (MSSP)

Outsource the heavy lifting of day-to-day security operations to a CERT-In empanelled team. Managed SOC, managed EDR/XDR, managed vulnerability operations, managed identity hygiene and incident response — all under one SLA, one ticketing pane and one quarterly board report.

Request a quote See methodology

Download sample pentest report

CERT-In format · anonymised

Engagement at a glance

Quote SLA48 hours
Typical engagement5–15 working days
RetestFree within 30 days
Reporting formatCERT-In + ISO + SOC 2 ready
Team100% in-house · OSCP / OSWE / OSEP

What this actually looks like

A MSSP engagement, in plain language.

Most mid-market security teams in India and the GCC have 2–4 in-house engineers covering 200+ assets across cloud, on-prem and SaaS. Macksofy plugs in a 24×7 analyst pod (L1/L2/L3 + IR on-call), a tuned SIEM you keep ownership of, and a quarterly governance forum that measures MTTD, MTTR, control coverage and risk burn-down. You stop chasing alerts. We stop talking about tools and start talking about outcomes.

Business impact

Predictable monthly cost vs. fully-loaded ₹3–5 Cr/yr for a 24×7 in-house SOC
Coverage maturity in 30–60 days instead of 12–18 months of hiring
Single accountable provider for SOC, EDR, IR, vuln-ops and reporting
Quarterly board pack auditors and regulators accept as-is (CERT-In · RBI · SEBI · ISO 27001)

Methodology

Phased delivery — every step documented.

Interactive walkthrough of how we run a MSSP engagement — tap a phase to expand its activities.

Phase 01 / 5

20% complete

1 · Onboarding & baseline

01
Asset and identity inventory · crown-jewel tagging
02
Risk baseline + control coverage gap analysis
03
SIEM / EDR / IDS / cloud-log connector mapping
04
Runbook + escalation matrix sign-off

Tooling

Industry-standard + custom.

We use the same tooling top BFSI red teams operate — combined with Macksofy in-house extensions and proprietary scripts where commercial tools fall short.

Tools we operate

Wazuh + ELK (open-source)Splunk · Microsoft Sentinel · IBM QRadar (client-licensed)CrowdStrike Falcon · SentinelOne · Microsoft Defender XDRTenable · Qualys · Rapid7 InsightVMTheHive + CortexMISP · OpenCTICustom SOAR playbooks

Industries served

Sectors we operate in

Banking & Financial ServicesFintech & PaymentsHealthcare & HealthTechInsurance & InsurTechSaaS & Product CompaniesGovernment & PSUManufacturing & EnergyTelecom

Deliverables

What you get

24×7 monitoring + Tier-1 to Tier-3 triage and investigation
Managed EDR / XDR + managed vulnerability operations
Incident response retainer hours (included)
Monthly operations report + quarterly business review
MITRE ATT&CK coverage map kept current
Annual program maturity assessment
Audit-ready evidence pack for CERT-In · RBI · SEBI · ISO 27001 · SOC 2

Case studies

Anonymized engagement snapshots.

Listed NBFC (Mumbai)

Scope · 24×7 MSS across AWS + on-prem AD, 1,800 endpoints

Finding: Detected and contained a ransomware-precursor (Cobalt Strike beacon) inside 22 minutes of initial access — domain compromise avoided

Critical — regulator notification not required; full forensic timeline delivered in 48 hours

Risk severity · Critical

LMHC

Fintech Lending Platform (Bengaluru)

Scope · Managed SOC + managed EDR + DFIR retainer

Finding: MTTD reduced from 6.8 hours to 18 minutes over 90-day baseline period

Material — measurable risk reduction reported to board + SEBI System Audit

Risk severity · High

LMHC

Predictable monthly retainer

Outsourced security operations, priced like a utility.

MSS pricing scales with monitored asset count, log volume and required SLA. 12-month minimum, billed monthly. Share your environment size and we'll send a tier-based proposal within 5 working days.

Request an MSS proposal Review the methodology

What clients say · Trusted India + UAE

Rated 4.9 ★ from 612 client reviews.

CERT-In Empanelled

Govt of India · MeitY

EC-Council ATC

Authorized Training

ISO 27001 Certified

Info Security Mgmt

“We've worked with three Big 4 firms before Macksofy. None found what their team did in our payments stack. The most actionable report we've received in a decade.”

Aisha Khan

Information Security Manager · Listed Fintech · BKC, Mumbai

“The CHFI training Macksofy delivered for our cyber cell raised investigation quality measurably. Practical, India-context-aware, and respectful of our operational realities.”

Inspector K. Joshi

Cyber Cell · Maharashtra Police · Mumbai

“Came in with zero security background. 5 weeks later I was running Burp Suite and Metasploit confidently. Cleared CEH on the first attempt.”

Vivek Iyer

DevSecOps Lead · Healthcare SaaS · Hyderabad

Read all 612 reviews on Google →

FAQ

Things people ask before signing.

You own the SIEM, the data, and the detection content — always. We deploy, tune and operate it under your tenancy. If the engagement ends, you keep everything: rules, dashboards, historical logs, runbooks. No lock-in.

Related services

Talk to us

Get a fixed-price proposal in 48 hours.

Tell us about your security need — pentest, audit, training or a wider engagement. A senior consultant will reply within a few business hours.