Our pricing is simple. It’s based on how many endpoints, resources and accounts you’re trying to protect.

You choose what you’d like us to monitor and we’ll provide 24×7 service in yearly increments. We don’t nickel and dime you with add-on features. And there’s no extra charge for us to monitor more security applications or cloud services.


qoside MDR
for EDR

Starts at

for 125 endpoints

For those looking to only monitor their endpoint detection and response (EDR) technology.

*Based on 1 year paid upfront

qoside MDR for
cloud infrastructure

Starts at

for 125 resources

If you’ve moved to the cloud, we’ll monitor your AWS, Azure or GCP environment.

*Based on 1 year paid upfront

qoside MDR for on-
prem infrastructure

Starts at

for 125 endpoints

Our offering for those who are looking to monitor their network, endpoint and SIEM technology.

*Based on 1 year paid upfront

qoside MDR
for SaaS apps

Starts at

for 125 users

We’ll monitor and respond to suspicious activity in your applications like Office 365 and Gsuite.

*Based on 1 year paid upfront

Common questions

What do you consider endpoints?

When we talk about endpoints, we mean laptops, workstations and servers. We’re not including mobile devices or things like printers, thermostats and other things with an IP address.

How should I calculate my total number of user accounts?

When we talk about users we mean how many user accounts you have for apps like O365 and G suite. Our pricing is based on the largest number of users for an application we monitor. For example, if you have 5,000 user accounts for O365 and 3,000 user accounts for Okta, the total cost is based on 5,000.

What technology do you integrate with?

We’re constantly adding to our list of integrations but below are a few examples. You can find a more detailed list here.

Network: Palo Alto Networks and Darktrace
Endpoint: Carbon Black and Crowdstrike
SIEM: Sumo Logic and IBM QRadar
Cloud infrastructure: AWS, Azure, and GCP
Cloud applications: O365 and G Suite

Have more questions?

Check out our commonly asked questions page.

If you’re ready to chat in more detail, let us know. We’ll have someone get in touch and they’ll be able to talk tech.

What resources should I count?

When we talk about resources we’re referring to three areas.

  • Compute: your servers or processors in the sky, like AWS EC2, Lambda, or Azure virtual machines
  • Storage: resources like AWS S3, Blobs and managed databases (think RDS and alike)
  • Containers: count the number of unique containers running

We get all resources aren’t created equally and weigh them a bit differently. We’re working on an easy way to estimate the cost based on your resources, in the meantime contact us for pricing.

Do you offer hunting services?

Yes, hunting is available as an add-on to our MDR service for an additional fee. We use data from your existing SIEM, network, endpoint and cloud infrastructure to apply advanced investigative techniques to find evidence of malicious activity.

People use the term “hunting” in lots of different ways, and one thing we’re trying to do is demystify it so it’s more accessible and understandable to our customers. Check out our blog to learn more.

How do you price phishing?

We price by the average number of emails reported to your phishing inbox.

What’s included?

All of our service levels include:

  • Monitoring by Expel analysts
  • Unlimited security device monitoring
  • Unlimited cloud application monitoring
  • Alert triage performed by Expel analysts