Why build an entire SOC? Just buy the SOC subscription.

WHY cWatch MDR?

We’ve built the SOC using NIST and CSF with remote access for your security to benefit without the huge costs

cWatch Managed Detection and Response (MDR) SOCaaS is a platform for the future of managed security services provider (MSSP) that powers the new cyber security infrastructure for big data capabilities.

One way to describe Comodo’s SOCaaS offering is to describe it in the manner recommended for how organizations should manage their cyber risk.

The offering is described here consistent to the National Institute of Standards and Technologies (NIST) and Cyber Security Framework (CSF).

Begin Managed Detection & Response ››
Managed Detection and Response
Why cWatch MDR
Competitive Advantage
Multi-tenancy is an out-of-the box feature. Comodo SOCaaS is completely multi-tenant,
ensuring each customer data is stored and processed separately in one deployment.

Security Operations Center

Your private security engineer will be your principal contact with your cWatch SOC services. They’re on the front-line for your internal IT department, so do not hesitate to directly access them by phone or emails. They’ll complete routine and non-routine tasks to improve your security posture from reactive to preventative. All our customers are assigned their own dedicated security engineer backed by our dedicated security operations center. We will hunt for all hidden threats, perform forensic analysis and deliver actionable plans remotely to keep your network, data and systems safe from malicious incidents.

  • Detection & Response
  • Tailored Reporting + Alerts
  • Operational Inspections
  • Rapid Baselining
  • Onboarding Assistance
  • Periodic Evaluations
Contact a security advisor
Installs in Minutes
+Security Information Event Management

You can create custom dashboards and overview each customer's security situation, you can drill down on charts to the events, in order to see the underlying details for a specific condition by just one click and you can prepare long term reports and queries and conduct analysis about an attack providing specific details about the incident.

  • Setup a free subscriptionSubscribe Now
  • Log collectionAgent, Agentless, Sensor
  • Classification and indexingAdvanced algorithms and search
  • Retention and searchData architecture parallelism
  • AnalysisCustomize dashboards, reports and queries
  • Correlation engineReal Time Correlation, Alerts and Incident
Request a demo
The Framework
  • Identify emerging threats through continuous log monitoring and behavioral anomaly detection
  • Identify the Advanced Persistent Threat inside your network
  • Identify Threats Using Big Data.
  • Lastly, integrate the internal indicators with the external threat intelligence sources to get a combined view.

"It takes big data capabilities to perform the log monitoring and data collection. This kind of capability is beyond the reach of many clients in both cost and expertise. The logs grow in size. In these data stores is the needed raw data to draw out the threat intelligence. Which logs are important to watch? How long to keep them? And how to use the logs to get the situational awareness? These are key questions. Comodo's cWatch Managed Detection and Response is the SOCaaS Cloud Platform with an entire infrastructure built for this purpose. This takes a big data analysis capability. Since logs are the key to understanding the security posture, the cWatch MDR SOCaaS model is a highly scalable and flexible multi-tenancy architecture, which enables the collection of all network logs generated regardless of size or density."

List Icon Security defenses organized for defense-in-depth (DiD) provide the primary protection for client IT and OT systems. Comodo's cWatch MDR is the layer of the security stack that sits atop the DiDof Network DR, End-point DR, Cloud DR, and Web DR to "overwatch through Continuous Monitoring of the IT system and the DiD system, ensuring that perimeter boundary protections, endpoints, backend, and DMZ subsystems are working properly and free from compromise.

List Icon Protect is also about continuously updating the DiD.

List Icon To achieve this, Comodo has a fully scalable, High Performance SOCaaS Architecture.

List Icon Three tiers of human analysts are available to resolve events and aid in the management of any incidents that may arise.

List Icon Comodo SOCaaS is your extended protection team operating in prescribed processes.

List Icon Prevent APTs and zero-day attacks with cloud security intelligence from organization-wide network logs.

Comodo's SOCaaS is an essential element of the kit called defense-in-depth sitting atop the defenses. This is where it happens in real-time, to alert on the indicators of compromise (IOCs) and act in response within the window of time before an impact. It requires the technologies like Comodo's next generation SIEM used by analysts (the skilled people) working within established rules, the processes."

List Icon Detection is the traditional role of a SOC. Comodo's SOCaaS goes further by integrating detection with the other elements of the NIST CSF, including the end-points, cloud, and web.

List Icon With event chaining and the capabilities of the complex event processing engine, advanced attacks can be easily detected.

List Icon Real-time event processing engine manages complex correlation definitions.

List Icon False positives are significantly reduced by correlation event chaining.

List Icon Intuitive, browser-based user interface (UI) for correlation definition eliminates complicated procedures such as script writing.

List Icon 24/7 continuous monitoring of cyber security events and incident management offers complete confidence.

List Icon Alerts and Response are tailored to the critical business priority systems.

"It is all of the five parts of the framework that make for the needed defensive posture achieving situational awareness and using the awareness to identify the threats, enhance the protections, respond faster and be able to recover when necessary after an incident. Detection requires a Powerful Event Correlation Engine in the SIEM. That is what we have. It's part of the offer without the cost of paying for an annual license – the SIEM is included in the service."

List Icon Response involves making the appropriate decisions. The Comodo MDR platform provides the ability to respond in every possible way, ideally stopping the progression of an attack.

List Icon World's First Preemptive Containment technology allows surgical precision of remediation and response, with any downtimes of the critical systems

List Icon Security automation and integration support with various different playbooks, reduces response times and efforts

List Icon Incident and Case Management services support is part of the SOCaaS offering. It starts with the collection of the event data and the process of decisions recorded as part of the case management features in a controlled process to manage the incident.

"An incident can take many paths, possibly even leading to a legal matter. That's why the SOC processes matter and why it is essential that everything is recorded, stored in protected in ways that can support the many different ways bringing the issue to a close. Incidents belonging to a case can be grouped under a unique case definition to simplify the management process and provide better reporting."

List Icon Recovery done well includes a well-tested Plan B that is ready to meet the business demands of today. Comodo's MDR can provide the necessary support for quick recovery and minimal business impact. A team of consultants are available to collaborate with SOC analysts in finding the fastest, most thorough recovery possible.


Comodo SOCaaS is completely multi-tenant, ensuring each customer data is stored and processed separately in one deployment. For MSPs you can support as many customers as you wish in a single deployment.

Manage your cyber risk, no capex, no need to hire expensive staff, a manageable and determinable financial picture for the operation, operating to today’s flexible IT architectures.

Comodo cWatch MDR, or Comodo SOC as a Service (SOCaaS) is the next generation of services into the managed security services marketplace transforming the potential into reality.

Get In Touch

Any question? Reach out to us
and we'll get back to you shortly.

30 days trial, its on us.