Home / Solutions / MDR & SOC

Managed Detection & Response, built around response.

Most MDRs alert. We contain. 24/7 managed detection and response from an MSSP that also runs your IT — tier-1 vendor partnerships for the tooling, senior Canadian analysts for the judgment calls, and Themis triaging every alert the second it fires.

Book a 15-min discovery call See what's included
24/7 Canadian SOC, same time zone
Vendor-agnostic — your stack or ours
Themis AI triage on every alert
What you get

A SOC that closes alerts, not just opens them.

Most SOCs drown you in tickets. Ours resolves them. Here’s what we commit to, in writing, in your Master Service Agreement.

<10 min
Mean time to detect
From signal fire to confirmed, classified incident. Themis does the heavy lifting.
<60 min
Mean time to respond
P1 incidents get containment action inside an hour, 24/7, by a named analyst.
95%
Alert noise reduction
Themis correlates, enriches, and closes false positives so humans work the real ones.
24/7
Canadian-staffed SOC
Tier 1 through Tier 3 analysts, all in Canada. No offshore escalation, no handoff lag.
What's included

Twelve services, three layers.

Detection spots the threat. Response contains it. Intelligence makes sure it doesn’t happen the same way twice.

Detection & Monitoring

Signals in

Endpoint Detection & Response (EDR/XDR)

Behavioural detection on every endpoint, tuned by our analysts and enriched by Themis. Ransomware blocked before it encrypts.

Stack: Microsoft Defender, CrowdStrike, SentinelOne, Bitdefender

SIEM & Log Management

Centralized log ingestion and correlation across endpoints, network, identity, and cloud. Detections mapped to MITRE ATT&CK.

Stack: Microsoft Sentinel, Splunk, Elastic Security, Wazuh

Network Detection & Response (NDR)

East-west and north-south traffic analysis. Lateral movement, command-and-control beaconing, and data exfiltration flagged in flight.

Stack: Fortinet FortiAnalyzer, Cisco Secure Network Analytics, Arctic Wolf

Email & Identity Threat Protection

Phishing, BEC, and credential-harvesting blocked at the gateway. MFA fatigue and token theft detected at the identity provider.

Stack: Defender for O365, Proofpoint, Mimecast, Entra ID Protection

Cloud Security Monitoring

Posture, runtime, and workload telemetry across Azure, AWS, GCP, and Microsoft 365. Misconfigurations caught before they're exploited.

Stack: Microsoft Defender for Cloud, AWS Security Hub, Wiz, GCP SCC

Investigation & Response

Humans + Themis

24/7 SOC Analyst Coverage

Tier 1, 2, and 3 analysts on shift around the clock. Canadian-staffed, cleared for regulated workloads, named in your MSA.

Themis AI-Powered Triage

An AI reasoning layer that ingests alerts, correlates across signals, enriches with threat intel, and hands the analyst a ready-to-action case.

Managed Threat Hunting

Hypothesis-driven hunts across your telemetry, monthly. Led by senior analysts using the latest TTPs and your environment's baseline.

Incident Response & Containment

Retainer-backed IR the moment you need it. Containment, eradication, recovery, and root-cause — with BreachGuard for the privacy side.

Intelligence & Validation

Stay ahead

Threat Intelligence

Curated commercial and open-source feeds, enriched with Canadian sector intel and cross-client telemetry.

Attack Surface Management

Continuous external scanning, vulnerability management, and exposure scoring. You see what an attacker sees — and we patch it.

Purple Team & Tabletop Exercises

Scheduled red-team simulations against your detections, plus executive tabletop drills. Find the gaps before a real adversary does.

Inside Themis

The reasoning layer that makes every alert actionable.

Themis is AlecTech's AI investigation engine. It watches every alert, correlates across SIEM, EDR, identity, and network signals, enriches with threat intel, and builds an investigation packet before a human touches the case.

  • Cuts false-positive alert volume by 95%+ in the first 30 days
  • Produces a ready-to-action case file: context, scope, recommended response
  • Learns your environment — what's normal, what isn't
  • Canadian-hosted, no customer data leaves the country, auditable reasoning
Learn more about Themis
95%
False-positive reduction, first 30 days
8×
Analyst throughput vs. manual triage
<2 min
From alert to enriched case file
100%
Canadian-hosted & auditable

One MSSP. One contract. No finger-pointing.

When your SOC, your IT operations, your compliance program, and your breach-response workflow share one accountable team, incidents don’t fall between the seams. AlecTech is a full-stack MSP/MSSP — managed IT, detection & response, GRC, and privacy incident response all on one paper.

Pairs with
Managed IT

24/7 help desk, endpoint management, and the operations layer that keeps your SOC effective.
Pairs with
GRC Advisory

SOC 2, ISO 27001, CyberSecure Canada, PHIPA — our detections map to your controls.
Includes
Themis

AI reasoning on every alert. Canadian-hosted, auditable, vendor-agnostic.
Includes
BreachGuard

Canadian-law privacy incident workflow when a detection becomes a breach.
Tier-1 vendor partnerships
Best-in-breed security tooling, procured at partner-tier pricing and operated by engineers who actually hold the certifications.
Incident SLAs

Commitments, not “best effort.”

Every alert gets classified into a priority tier. Every tier has a response SLA in writing. Miss it, we credit — no theatrics.

  • P1
    Critical — active compromise Ransomware, confirmed exfil, or unauthorized admin access. Containment inside 15 minutes, 24/7.
  • P2
    High — confirmed malicious activity Malware execution, suspicious identity activity, targeted phishing landing. First action <30 minutes.
  • P3
    Medium — investigation required Anomalous behaviour needing analyst review. Themis-enriched case file inside 2 hours.
  • P4
    Low — tuning & informational Policy tuning, detection feedback, non-urgent questions. Next business day.

SLAs are defined in your Master Service Agreement and measured monthly. You get a full report at every quarterly business review — time to detect, time to contain, alert volume by category, and Themis-accelerated vs. manual case handling.

Miss an SLA? We credit. If it happens twice, we sit down and fix the root cause together.

And if a detection becomes a confirmed breach, BreachGuard spins up the Canadian-law privacy workflow inside the same contract.

How we engage

Three models. You pick the fit.

Whether you need a full MDR stack and the SOC to run it, analyst coverage on top of your own tooling, or a pre-negotiated IR retainer — there’s a path that matches where you are.

Model A

Fully-Managed MDR

We bring the stack and the analysts. Per-endpoint, flat-rate, no surprises.

  • EDR/XDR, SIEM, NDR — all provisioned by us
  • 24/7 Canadian SOC, Tier 1–3
  • Themis AI triage on every alert
  • Monthly threat hunts & quarterly reports
  • IR retainer hours included
Best for: organizations without a mature security team who want a turnkey MSSP relationship.
Model B

Co-Managed SOC

Bring your own SIEM and EDR. We staff the SOC and plug in Themis.

  • 24/7 analyst coverage on your existing stack
  • Themis integrates with Sentinel, Splunk, Elastic, CrowdStrike, SentinelOne
  • After-hours and weekend-only options available
  • Tier 3 escalation for incidents your team can't close
  • Co-owned runbooks and detection backlog
Best for: organizations with existing security tooling and internal staff who need 24/7 coverage and senior expertise.
Model C

IR Retainer

Pre-negotiated incident response hours. Guaranteed SLA if the worst happens.

  • Retainer hours with guaranteed response time
  • Digital forensics & evidence preservation
  • Containment, eradication, and recovery playbooks
  • BreachGuard privacy workflow included
  • Annual tabletop exercise to keep muscle memory
Best for: teams running their own SOC who want a named IR partner on call for severity events.
Industries we serve

Regulated, high-value, or both.

MDR for sectors where a breach means reportable harm — and we know the rules that apply when it happens.

Legal Firms

Legal Firms

Client-privilege monitoring, Law Society of Ontario incident reporting, and matter-critical 24/7 alerting.
Financial Services

Financial Services

OSFI B-13-aligned monitoring, FINTRAC audit trails, and IR retainers that satisfy regulator expectations.
Aerospace & Defense

Aerospace & Defense

CMMC, ITAR, and Controlled Goods-aligned SOC services with segregated analyst pools and Canadian-only data residency.

Your SOC shouldn’t be a 2 a.m. problem.

A 15-minute call with a senior SOC engineer — not a sales rep. We'll look at your current detection coverage, sketch what a fit would look like, and tell you honestly if we're the right answer.

Book a 15-min call Or email info@alectech.ca