Available 24/7

Attacks also target companies that feel secure.

We detect attacks early, respond immediately, and identify threats that go unnoticed. So you can focus on your business.

Schedule an initial consultation

ITanic SOC

Live

INFO

Scheduled scan completed

192.168.1.42 · Windows

8:14 a.m.

MED

Unusual PowerShell activity

WS-MGMT-04 · Investigating

8:31 a.m.

HIGH

Lateral movement detected

DC-PROD-01 · Analyst assigned

8:47 a.m.

CRIT

Ransomware activity blocked

SRV-FILE-02 · Isolated

9:02 a.m.

MDR Incident Response & Threat Hunting FAQ

The problem

Most attacks go undetected for weeks.

According to IBM X-Force, it takes an average of over 200 days for a breach to be detected. During that time, anything can happen: data is stolen, credentials are sold, and systems are compromised.

Antivirus programs detect what they recognize. Professional attackers know this. They deliberately operate below the detection threshold and often go unnoticed for weeks.

88%

Attacks occur outside of business hours

74%

IT teams are overwhelmed with security alerts

Attackers have time

As long as no one is actively looking for them, they go about their business undisturbed. Gathering data, securing access points, waiting for the right moment.

There is a shortage of security experts everywhere

Qualified security analysts are hard to come by. And even if they were, maintaining a dedicated SOC around the clock isn't a realistic option for most companies.

In an emergency, hesitation can cost you everything

If you don't have a defined response process, you'll have to improvise. And while you're improvising, the attack continues to spread.

Live Feed

Attacks happen around the clock.

88% of all attacks occur outside of business hours. Without active monitoring, no one will notice what’s happening.

Today at 2:47 a.m.

Ransomware attempt blocked

SRV-FILE-02 · Automatically isolated

BLOCKED

Today at 1:13 a.m.

Lateral movement detected

DC-PROD-01 · Analyst Alert

CRITICAL

Yesterday at 11:58 p.m.

Credential stuffing attack

VPN Gateway · 847 attempts

HIGH

Yesterday at 10:31 p.m.

PowerShell Anomaly

WS-MGMT-04 · Investigated

MEDIUM

Yesterday at 7:04 p.m.

Phishing campaign detected

12 endpoints affected · Adjusted

BLOCKED

01 Managed Detection & Response

MDR: Professional protection without needing your own security team.

You’ll receive round-the-clock protection from experienced security analysts without having to build your own team. We’ll take care of everything. We’ll notify you when it’s important, and you can leave the rest to us.

Technology Partner

HarfangLab EDR

Endpoint Detection and Response

Detects attackers on your endpoints in real time. Consistently ranks among the best globally in independent telemetry tests.

Technology Partner

IKARUS EPP

Endpoint Protection Platform

Blocks threats before they become active. Automatic, AI-powered, Austrian solution.

ITanic SOC

Our own service · 24/7

Not automated. Our analysts review every alert themselves and make decisions immediately—even at night and on holidays.

Infrastructure & Data Protection

100% EU-
.

All data remains in Austria. No U.S. providers, no transatlantic data transfers. Given the current geopolitical situation, this is not a minor detail, but a fundamental decision.

ISO 27001 EN 50600 GDPR-compliant AES-256 · TLS 1.3

Certified NIS2 Consultants

Both managing directors are certified and have already implemented NIS2 in Austrian companies.

Lessons learned from real-life incidents

We have investigated and conducted forensic analyses of real-world ransomware attacks. Not just textbook knowledge.

HarfangLab: No. 1 in EDR tests

Independently tested top performance in EDR telemetry. A European product, with no compromises.

Detection

Real-time monitoring of all endpoints

AI-powered anomaly detection

Basic Threat Hunting for Anomalies

Reaction

Remote isolation of affected systems

A thorough investigation of the incident

Integration of existing security tools

Transparency

Monthly reports with recommendations for action

MTTD/MTTR Dashboard

Quarterly trend analyses

Does this sound like a good fit for your company?

In 30 minutes, we’ll determine whether and how MDR is right for you.

Schedule an initial consultation

Contractually guaranteed response times

Every incident is guaranteed a response time. No exceptions, no excuses. Applies to MDR 24/7; for MDR 8/5, this applies during service hours, Mon–Fri, 8:00 AM–4:00 PM.

Severity 1 Critical

An active attacker on the network, ransomware, a compromised domain controller, or large-scale data exfiltration.

Up to 4 hours

Starting the same day

Severity 2 High

Malware on a single system, a successful phishing attack involving login credentials, C2 communication on an isolated endpoint.

Up to 6 hours

Completed in 1 business day

Severity 3 Medium

Unusual logins, suspicious script activity, and atypical network traffic with no other indicators.

Up to 8 hours

Completed in 1 business day

Severity 4 Low

Non-critical EDR alerts, automatically blocked attacks, minor policy violations.

2 business days

By appointment

MDR 24/7 Recommended

For businesses that don't want to risk an attack outside of business hours. Full protection around the clock, 365 days a year.

24/7/365 Monitoring

24/7 SLA response times

Severity 1: Immediate containment

MDR 8/5

For businesses operating under normal business hours without 24/7 requirements. Full protection during business hours; automatic detection outside of those hours.

Monitoring Mon–Fri, 8:00 AM–4:00 PM

SLA response times in service time

Detection runs 24/7; response during business hours

Schedule an initial consultation with MDR

02 Additional Services

Incident Response & Threat Hunting

MDR provides continuous protection. But sometimes more is needed: an immediate response in an emergency or a targeted search for hidden attackers. Both services can be purchased individually or as a supplement to MDR.

24/7 Incident Response

In the event of an attack, every minute counts.

You give us a call. We’ll be on the scene within 4 hours. We’ll figure out what happened, stop the spread, and make sure your business is back up and running as quickly as possible.

Phase 1 Initial investigation within a maximum of 4 hours

Phase 2 In-depth investigation & system cleansing

Phase 3 Extended support as needed

Ransomware Attack: Containment, Cleanup, and Forensic Investigation

Identification, Suspension, and Damage Assessment of Compromised Accounts

Identify, Stop, and Document the Scope of a Data Breach

Threat Hunting

Track down attackers before it's too late.

Some attackers don’t set off any alarms. They’re simply already there. Threat hunting actively searches for these hidden threats before they become a problem.

Targeted search for real attackers: We look for patterns associated with known groups, not generic alerts

Lateral Movement and Sleeping Attackers: We detect suspicious behavior that automated systems miss

Complete Hunting Report: Whatwas found, how critical it is, and what to do next. Concrete, prioritized, actionable.

FAQ

Frequently asked questions.

MDR

What is the difference between MDR and a firewall or antivirus software?

Firewalls and antivirus software block what they recognize. MDR actively monitors what’s happening across your entire environment and looks for attackers who are already inside. The difference: reactive filtering versus active monitoring by humans.

Do we need to purchase or license our own security software?

No. We provide everything, including HarfangLab EDR and IKARUS EPP. All you need is internet access and the ability to install our agents. We’ll handle the setup together.

What is ITanic allowed to do without our approval if an attack is detected?

We’ll define this together during onboarding. You’ll specify what we’re allowed to do on our own—such as isolating systems—and what requires your approval. In the event of critical attacks, we recommend granting as much leeway as possible. Every minute counts.

Where is our data processed?

Exclusively in Austria. Data center certified to ISO 27001 and EN 50600. No U.S. providers, no processing outside the EEA. AES-256 and TLS 1.3 used throughout.

Incident Response

Is incident response automatically included in MDR?

MDR includes a guided response: isolate systems, sever connections, and take immediate action. In-depth forensic analysis, on-site visits, and system recovery are separate services.

Can we use Incident Response even without an MDR contract?

Yes. Incident Response can be purchased even without MDR. MDR customers benefit from a faster response because we are already familiar with your environment.

Threat Hunting

What is the difference between threat hunting and monitoring in MDR?

MDR monitoring responds to alerts. Threat hunting actively and manually searches for attackers even when there are no alerts. It is a standalone, more in-depth campaign that includes a comprehensive report.

Next step

Do you know if your systems are truly vulnerable? Have them tested now.

View security tests

How well is your IT system protected against attacks?

In 30 minutes, we’ll show you exactly how we would protect your property and which service is right for you.

Schedule an initial consultation +43 664 252 0495

Free and with no obligation

30 minutes, focused

Specific next steps