WHY THIS WORKS

Same operations as the giants — without the giant overhead.

Datatrek runs from Heraklion, not Manhattan. Our analysts are on shift, not on commission. Our infrastructure is engineered, not procured at enterprise list price. We pass that down to every customer — which is how a small company can afford the same SOC posture a multinational gets.

24/7 NightWatch monitoring

Real engineers reading real telemetry. Not a chatbot, not an offshore tier-1 ticket queue.

Incident response, included

When something fires, our team is on it. No 'professional services' invoice, no per-incident upcharge.

An analyst on the line

You'll know your SOC contact by name. They know your environment, your tolerance for risk, and your phone number.

Same services. Sane price.

Priced for European SMEs, not for board-level enterprises. The number on your contract is the number you pay.

WHAT SHAPES YOUR QUOTE

Four factors. No hidden multipliers.

Your price is a function of your environment — not your industry, not your company size, not whatever the sales script says you can afford. Two SMEs with the same shape pay the same.

LAYER 0 MANDATORY · L1–L3 ON DEMAND

Layers you operate

Layer 0 is the foundation — every customer gets it. Layers 1–3 stack on demand: network (XNDR), backup and vulnerabilities management, identity & awareness (ITDR + SAT). You only pay for what you switch on.

PRICED PER DEVICE · NO TIER JUMPS

Endpoints under management

How many devices we cover — workstations, servers, mobile, container hosts. Linear, transparent scaling — and the larger the estate, the lower the per-device price. Volume works in your favour, not against your budget.

PER SOURCE · NEVER PER-GB

SIEM source count

How many log sources we ingest — firewalls, AD, M365, SaaS, custom apps. We charge per source, not per gigabyte. No surprise overage bills the month after a noisy deployment.

PAY FOR WHAT YOU STORE · EVERYTHING ELSE INCLUDED

Backup volume (TB)

How much you need to store, in TB. Object lock, immutable snapshots, cross-region replication, ransomware-resistant — all included by default, not as 'enterprise' add-ons.

ALWAYS INCLUDED

Five months of retention. Out of the box.

DEFAULT RETENTION

5 months

of searchable, hot logs — included on every plan

Most managed providers cap log retention at 30 days — long enough to look responsive, short enough to make breach investigations impossible. We keep five months on every plan, by default. Long enough to investigate the slow-burn intrusion that surfaces ten weeks late. Long enough to satisfy the NIS2 audit window. Long enough to find patient zero when the alert that finally lit up was the third symptom, not the first.

Also included on every contract.

These aren't 'add-ons.' They aren't 'enterprise tier.' They're the floor.

24/7 NightWatch SOC monitoring
Incident response and triage
Direct line to a real analyst
EU data residency · GDPR-aligned
Dual-stack EDR (defense-in-depth)
RBAC + 2FA + WebAuthn
Full audit log, exportable on demand
Quarterly tuning sessions
Onboarding and agent rollout
Dashboard configuration
Object lock + immutable snapshots
NIS2-aligned reporting

DO THE MATH

Price this stack anywhere else.

If you priced this stack à la carte — buying each layer from a different vendor at retail list price — you'd be over budget before you finished signing the first contract. And then you'd need an internal team to operate every tool and stitch the alerts together.

We aggregate, integrate, and run the stack ourselves — so you're not paying many vendors for many partial solutions, plus a SOC to glue them all together.

If you bought it à la carte

Endpoint detection

Standalone EDR vendor · license + threat-intel + cloud storage
SIEM + log retention

SIEM vendor · license + per-GB ingest + storage tier
Network detection

Network behaviour vendor · sensor appliances + license
Backup + object lock

Backup vendor + cloud storage + object-lock add-on
Identity threats

Identity threat vendor · per-user licensing
Awareness training

Awareness vendor · per-seat licensing + content add-ons
Operations team

In-house SOC team · ~6 FTE salaries + on-call rota

Many vendors. Many contracts. An in-house team to glue, operate, and maintain it all.

With Datatrek

Endpoint detection

XEDR — included in your layer pricing
SIEM + log retention

SIEM — included, 5-month retention
Network detection

XNDR — included in your layer pricing
Backup + object lock

S3 Buckets — pay per TB, lock included
Identity threats

ITDR — included in your layer pricing
Awareness training

SAT — included in your layer pricing
Operations team

NightWatch — included, 24/7

One partner. One contract. One team running it 24/7. Same posture, fraction of the cost.

Generic vendor categories shown for illustration. Your actual à-la-carte cost varies by region and contract — feel free to price it out yourself; we'll wait.

PRICING QUESTIONS

What people ask before they sign.

Why don't you publish a price list?

Because every SME is different. Two companies with 50 endpoints can pay 3× different prices depending on log volume, layers in scope, and backup needs. A static price card would either lie or scare you off. Instead we send a real quote within 48 hours of a 30-minute discovery call — no obligation, no boilerplate.

What's in Layer 0?

Layer 0 is the SOC foundation: 24/7 NightWatch monitoring, our SIEM, log ingestion and retention, basic incident response, RBAC, 2FA, audit logging, and quarterly tuning. Every customer gets Layer 0 — it's what makes us a SOC and not a tooling reseller.

Is there a minimum commitment?

We don't operate the way most vendors do — we don't try to lock you in. There's no annual commitment: contracts start with a four-month term and auto-renew every four months thereafter. You can leave at any four-month boundary with notice. No three-year lock-ins, no minimum-year handcuffs. Customers stay because we earn it on every shift, not because the contract makes walking away expensive.

Do you charge for setup or onboarding?

No. Onboarding, agent rollout across your estate, dashboard configuration, the first quarterly tuning session, and the migration from your old tooling are all included. We don't believe in 'professional services' invoices for things that should be table stakes.

Can the price go up mid-contract?

Within an active term, your price is locked unless your environment grows — more endpoints, more log sources, more storage. If we ever do need to adjust pricing at a future renewal — costs sometimes shift, infrastructure isn't free — we tell you at least 30 days in advance, with the reasoning. You can accept it, push back, or walk away. The decision is always yours, never a fait accompli buried in fine print.

What if I only need one or two services?

Many customers start with Layer 0 plus one targeted layer, and grow into the rest. We won't push a full-stack contract on you. The architecture is modular by design — start where the risk is highest, expand when it makes sense.

Are you cheaper than just buying the tools myself?

Almost always — once you factor in licenses, infrastructure, integration work, the people to operate it, and the time it takes to actually become useful. We've sized this against in-house builds for SMEs many times. Happy to walk through the math with your CFO.

Next step

Send us your environment shape.

Endpoint count, the log sources you need ingested, your retention target, and whether you already run any of the layers. We'll come back inside 48 hours with a number you can plan around.

Request a demo +30 2810 391352 soc@datatrek.io

Real SOC. Real budget. For everyone.