What the "x" stands for in xMDR
Nomios Guardian xMDR goes beyond traditional MDR. The "x" represents three principles that define how we operate — and what separates us from alert-forwarding services: Xtended, Xpertise, and Xperience.
Coverage across endpoints, network, cloud, identity, and OT/XIoT — not just the endpoint. Deeper context means faster, more accurate detection.
Every priority alert is reviewed by human analysts who understand your environment. Automation handles the volume; expertise handles the decisions.
Over two decades securing mission-critical infrastructure, distilled into playbook-driven processes that improve with every incident.
Four tiers. One consistent standard.
Each tier builds on the last — from a strong operational baseline to a fully strategic security partnership. Choose where you need to start; scale as your requirements evolve.
The operational baseline. 24/7 SOC monitoring and automated detection and response across your endpoints. Fast to deploy, predictably priced.
- 24/7 SOC monitoring
- Endpoint protection (EDR/XDR)
- Alert triage & prioritisation
- Self-service incident portal
- Monthly security reports
Extended coverage across cloud, SaaS, firewalls and more. Analyst-validated alerting, managed containment, and live security dashboards.
- Everything in Essential
- External log ingest from popular sources
- Cloud & SaaS monitoring
- Threat hunting
- Custom playbook development
EU SIEM with broad log ingestion library, MITRE ATT&CK modelling, and a dedicated service delivery manager.
- Everything in Core
- Managed SIEM (sovereign EU-hosted)
- Proactive threat hunting
- MITRE ATT&CK modelling (1×/yr)
- Identity threat detection (ITDR)
- Service delivery manager
- Purple teaming & attack simulation
A named threat analyst, continuous proactive hunting, CISO-level reporting, and Nomios specialists as a true extension of your team.
- Everything in Advanced
- Dedicated named analyst
- Continuous threat hunting
- MITRE ATT&CK modelling (2×/yr)
- Optional deception services
- Quarterly CISO-level reporting
Renewing your endpoint security licenses this year?
Then now is the right time to switch. Most organisations renew endpoint security licenses on autopilot. Before you sign again, it's worth knowing there's an alternative. With Nomios Guardian xMDR, you consolidate endpoint protection and 24/7 managed detection and response into a single, transparently priced service — often for less than a standalone renewal.
Based on Palo Alto Networks' award-winning Cortex XDR.
Fixed tiers with no hidden costs. We're happy to compare against your current renewal quote (min. 250 endpoints).
The right platform for your environment
Guardian xMDR is built on Cortex XDR as its core detection and response engine and XSOAR for playbooks and automation. For environments with log sources beyond its native library, we extend coverage through a sovereign EU-hosted managed SIEM — no blind spots regardless of environment complexity.
The detection and response engine at the heart of every Guardian xMDR deployment. Covers endpoints, firewalls, cloud platforms, identity, and SaaS applications natively — fast to deploy, fully managed by our SOC.
Where your environment includes log sources outside Cortex XDR's native library — niche network equipment, custom applications, OT systems — we add a sovereign EU-hosted managed SIEM to cover the gaps. Available from the Advanced tier.
See it for yourself: SOC tour & lunch in Zoeterwoude
Curious what Nomios Guardian xMDR looks like from the inside? Visit our Security Operations Centre in Zoeterwoude for an exclusive look behind the scenes. You'll meet our security specialists, see how we detect and handle threats, and round off with lunch.
Palo Alto Networks experts will also be present at the event. Together with our security specialists, they'll walk you through the latest developments in Cortex XDR and AI-driven security — from new detection capabilities to the impact of artificial intelligence on the modern threat landscape.
Our approach to SecOps
Guardian xMDR is not a linear monitoring service — it operates as a continuous improvement cycle. Every phase feeds the next, so your detection capability matures over time rather than staying static.
We begin with threat modelling to understand your environment and risk profile. From there, log and telemetry collection feeds into normalisation and enrichment, which in turn powers detection engineering — rules and use cases built and tuned for your specific context.
Analyst triage and investigation sit at the heart of the cycle. Confirmed threats trigger swift incident response and containment. Concurrently, proactive threat hunting searches for activity that evaded automated detection. Every action feeds back into continuous improvement — refining detections, updating playbooks, and strengthening posture for the next cycle.
1 - Threat modelling & analysis
MITRE ATT&CK-based mapping of your environment and risk profile
2 - Log & telemetry collection
Endpoint, network, cloud, identity, OT — full-spectrum ingestion
3 - Detection engineering
Use cases tuned to your environment and continuously refined
4 - Alert triage & investigation
Analyst-validated — noise filtered, real threats escalated with context
5 - Containment & incident response
Playbook-driven response; coordinated remediation for active incidents
6 - Threat hunting & improvement
Proactive searches and feedback loop that hardens the next cycle
A leading European MSSP partner of Palo Alto Networks
Nomios is a Diamond Innovator Partner of Palo Alto Networks — the highest partner status within the ecosystem. This reflects deep technical expertise, early access to new capabilities, and a direct line to Cortex product development. Together with Palo Alto Networks, we published a whitepaper on building the modern SOC: from detection strategy to AI-driven response.
Ready to activate Guardian xMDR?
Discuss with our team which package suits you best, or download our brochure for more information. We're confident we can save you money on your current endpoint licences. We'd be happy to put together a competitive proposal.
