// Platform

Built different.
By design.

A Hunt+Destroy SOC isn't a dashboard. It's senior analysts running a repeatable kill-chain on Cynet 360 AutoXDR, under contractual SLAs, with your runbooks. Here's the architecture.

// Three layers

Telemetry. Analysts. Action.

Every threat passes through all three. No autonomous shortcuts.

Layer 01 · Telemetry

Cynet 360 AutoXDR

Single agent on every endpoint. Network sensors. Identity hooks. Cloud connectors.

EDR · Endpoint Protection
NDR · Network Detection
UEBA · User Behavior
Deception · Honey-files
Cloud · AWS/Azure/GCP
Email · M365 + Google

Layer 02 · Analysts

Senior threat hunters · 24/7

No tier-1 ticket-pushers. Every alert is triaged by an analyst with 5+ years of IR experience.

Coast-to-coast follow-the-sun coverage
Lead analyst per customer
Quarterly purple-team exercises
Named handoffs · no anonymous tickets
SLA backed by contract remedies

Layer 03 · Action

Your runbooks. Our hands.

You pre-approve what we can do. We do it within minutes. You can override anything.

Host isolation · seconds
Token revoke · seconds
Process kill · seconds
Firewall rules · minutes
Slack/Teams + phone escalation
Full audit log per action

// Capability matrix

How we compare.

Capability	DIY SOC	Generic MDR	BlackSOC
24/7 senior analyst coverage	—	Often tier-1	✓ Senior only
Named lead analyst	—	—	✓ Per customer
Contractual SLA remedies	—	Best-effort	✓ Backed by money
MITRE ATT&CK coverage	Partial	~70%	✓ 100% via Cynet
Pre-approved auto-containment	—	Often slow	✓ < 15 min P95
Compliance evidence (SOC 2 / ISO / HIPAA)	Build yourself	Often extra fee	✓ Included Elite
Audit log per analyst action	—	Sometimes	✓ Always
Cost · 250-user shop	$ 850k+/yr	$ 180-300k/yr	$ 90-150k/yr

// Questions

What CISOs ask before signing.

Do you replace our existing EDR / SIEM?

No. BlackSOC bundles Cynet 360 AutoXDR — that becomes the single agent on your endpoints, replacing legacy AV/EDR. We integrate with your SIEM via syslog/API; you keep your data lake.

What's the onboarding timeline?

Cynet agent rollout: 5-10 business days for <1000 endpoints. SOC handover (runbooks, escalation tree, named contacts): 5 days in parallel. First "live hunt" usually within 14 days of signature.

Can we cancel?

Annual contracts. 60-day cancellation for cause. If we miss MTTR SLA for two consecutive quarters, you can cancel for cause without penalty.

Where are your analysts based?

All U.S.-based — East Coast and West Coast teams running follow-the-sun, 24/7. Every analyst is senior, vetted, background-checked and assigned to your environment in a named way.

What's the auditor evidence package?

Elite tier includes a quarterly compliance package mapped to SOC 2 (CC, A, C), ISO 27001 (A.12, A.16), HIPAA (164.308), NIST CSF (DE, RS, RC). Hand to your auditor; we'll be on the call.

Built different.
By design.

Telemetry. Analysts. Action.

Layer 01 · Telemetry

Layer 02 · Analysts

Layer 03 · Action

How we compare.

Real analysts. Real screens.
Watching yours, right now.

What CISOs ask before signing.

Do you replace our existing EDR / SIEM?

What's the onboarding timeline?

Can we cancel?

Where are your analysts based?

What's the auditor evidence package?

Want to see it live?

Built different.By design.

Telemetry. Analysts. Action.

Layer 01 · Telemetry

Layer 02 · Analysts

Layer 03 · Action

How we compare.

Real analysts. Real screens.Watching yours, right now.

What CISOs ask before signing.

Do you replace our existing EDR / SIEM?

What's the onboarding timeline?

Can we cancel?

Where are your analysts based?

What's the auditor evidence package?

Want to see it live?

Built different.
By design.

Real analysts. Real screens.
Watching yours, right now.