Plain answers,
no consulting jargon.

Per-agent for endpoint services, per-source for SIEM, and per-GB-month for S3 buckets. There are no minimum seat counts and no prepaid licenses — you pay for what you actually use.

Yes. Datatrek SIEM is optional. You can run XEDR + XNDR + Vuln + Backup with us and keep your own SIEM — we'll forward findings into it.

No multi-year lock-in. Monthly billing, 30-day notice. We'd rather earn the renewal.

All managed services run inside the EU. Backups are stored in encrypted S3-compatible buckets in EU regions. Endpoint metadata is processed in our EU SOC, with operator access locked behind WebAuthn.

XEDR goes on every endpoint — laptops, servers, DCs, production hosts. SIEM, XEDR, and XNDR all ingest from the same agent, so a single install covers all three. You don't need separate agents per service.

We deliver our services through our unified platform. Self-hosting isn't available right now — running the SOC stack and the platform together is what lets us guarantee response times and keep detections current.

We're vendor-agnostic. You don't need a separate AV or EDR — XEDR is full endpoint protection on its own. If you already run an AV, that's fine: we operate independently of the vendor and don't strip anything out. XEPP works alongside every AV, so layering is always an option.

Every Datatrek service emits documented evidence — scan reports, retention logs, incident timelines, audit trails — that map directly to the directive's requirements on incident management, risk analysis, and basic cyber hygiene. We provide a NIS2 alignment matrix on request.

MTTR target is under 25 minutes for a confirmed incident — from detection to host isolation. The exact figure depends on severity and the agreed runbook for your account.

Backups are stored under Object Lock with versioning. Even with valid credentials an attacker cannot delete or overwrite locked objects until the retention period expires — which is exactly the protection ransomware bypasses elsewhere.