Skip to content
Close
Career
Contact
Career
Contact
Careers Contact
Cybersecurity

Managed Detection & Response

A fully staffed SOC at your service

SOC-driven detection and response across endpoints, network, identity, cloud, and emails, backed by experts who cut through alert noise and elevate what matters.
Right (13)

Attackers don’t work 9 to 5

Most organizations don’t have the headcount, budget, or appetite to staff a 24x7 security operations center. But threats don’t stick to business hours. Ransomware lands at 2 a.m. on Saturday, or phishing campaigns hit inboxes over holiday break. For many organizations, security “solutions” have become a problem as they generate thousands of alerts a day. Without analysts who know what to escalate, alert fatigue sets in and real threats slip through.

What’s needed is a layer most internal teams can’t build themselves: 24x7 monitoring, expert human judgment, and technology to detect what matters before it becomes an incident.

Image (93)
The CBTS approach

A SOC built for coverage and context

The  OnX Security Operations Center delivers continuous monitoring backed by an intentional combination of AI analysts and senior human analysts who operate in tandem to understand your environment, your business, and the threats most likely to target you. We triage and validate alerts, escalating only what your team needs to act on.

Our approach combines four elements:

  • Continuous monitoring, with 24x7 coverage across endpoints, network, identity, cloud workloads, and email backed by SIEM, EDR, and XDR platforms tuned to your environment.

  • AI & Human analysts work together to leverage what each does best. AI to automate investigation and senior analysts who apply context that automated tools lack. The result: fewer false positives, faster validation, and escalations your team can trust.

  • Active response to real threats, including isolating endpoints, blocking accounts, and coordinating with your team on next steps.

  • Continuous tuning to refine detection logic, suppress recurring noise, and adjust thresholds. The longer we run, the smarter the SOC gets about your business.

This is detection as a discipline rather than a data feed.

Managed Detection & Response capabilities

 OnX Managed Detection & Response watches the entire environment to ensure any threat actor that slips through the cracks is caught in the earliest moments.

Where to start

Advisory engagements

A CBTS advisory is a time-bound, fixed-fee engagement designed to give you a clear answer to a specific strategic question — fast.  

AI & Data Maturity Assessment

Best for organizations that want a clear, third-party read on where they stand on AI and data readiness and where to focus first.

You walk away with: 


  • Current-state assessment across both AI and data dimensions
  • Gap analysis against industry benchmarks and your own stated AI ambitions
  • Prioritized list of foundational gaps to close before scaling AI investment
  • Short-form executive readout deck for leadership alignment
Right (6) (1)

What success looks like

Disciplined detection and response drives tangible improvements for your organization.

CBTS_IconSet_Green Duotone (6)

Reduced risk

Detect and contain threats before they become breaches. Compress the time between intrusion and response, which is the single biggest variable in incident cost.

CBTS_IconSet_Green Duotone (7)

Improved productivity

Stop drowning your team in alerts that don’t matter. Free internal staff to focus on engineering and strategic work.

CBTS_IconSet_Green Duotone (8)

Operational excellence

Compliance-ready monitoring, reporting, and documentation is available around the clock. Replace gaps and guesswork with a SOC discipline that scales with your business.

“You can’t AI your way out of a weak foundation. If your data is wrong, AI proliferates that bad data faster than anything we’ve seen before. If you access controls are loose, AI exposes that gap at machine speed.”

Chris Debrunner

Chris DeBrunner

CISO, CBTS

Don’t take our word for it

“OnX continues to be a reliable and trusted partner, consistently providing support whenever we have questions or encounter issues. Doug's proactive engagement—regular attendance at our meetings and close alignment with our roadmap—demonstrates a genuine commitment to understanding our priorities and aligning with our operational needs. A key factor in OnX's successful relationship with the City of Edmonton is its deliberate focus on understanding our environment, our challenges, and the business outcomes we are working toward. Their highly skilled technical team further strengthens this partnership, enabling us to confidently tackle complex initiatives and advance critical projects with greater speed and assurance."

ManagerCity of Edmonton / Government

“OnX has been an incredible partner and really takes the time to understand our needs and our culture. Elias and Gabriel have been fantastic throughout and represent OnX professionally and with curiosity about our technology landscape.”

Centre for Addiction and Mental Health (CAMH) / Hospitals & Physicians; Medical

“The OnX account team consistently demonstrates a high level of professionalism and expertise. They are not only a pleasure to collaborate with, but also excel at understanding and translating customer requirements into practical, cost-effective solutions. Their ability to balance client needs with budgetary constraints ensures that projects are both feasible and aligned with business objectives. Overall, their commitment to service and depth of knowledge make them a valuable partner in achieving successful outcomes.”

Sr. Manager IT InfrastructureDeloitte / Accounting Services

“The commitment and dedication by OnX is second to none. We truly do feel that OnX is simply more than a vendor—rather a valuable partner in Sask Polytech's overall success. We truly value the insight that Mark T, Tuyet L, Marcel M, Ali S and various others have guided us within our value streams. Cannot say enough good things about OnX.”

Team Lead NetworkSaskatchewan Polytechnic / Education

“OnX's core competency in professional services, staffing and procurement services have been integral to the success of assisting the operations staff for the Canadian Blood Services. The OnX team have proved themselves to be more than a vendor but a partner in enabling the reliability for the services The Canadian Blood Services provides.”

Canadian Blood Services / Organization; Non-profit

Don’t take our word for it

“I love the creative, tailored solutions that are delivered in a consistent and reliable way while always doing what it takes to make things right.”

Chief Technology and Information Security OfficerFinancial Services / Banking

“My team at CBTS have been trusted partners for a long time. They provide excellent technical support and pre-sales work. Their breadth of knowledge and ability to bring in the right resources have helped us steer our technology into the future.”

Managing Director, CISO, Head of TechnologyPrivate Equity / Financial Services

“CBTS treats us like a partner and not just a customer. The technical expertise is next to none and the relationship management is some of the best I have experienced.”

Director, Telecom and Architecture ServicesHealthcare

Explore the full Cybersecurity portfolio

A connected set of services across the Prevent, Detect, Respond, and Assure lifecycle, designed to work together as your security program matures.

Related insights 

Frequently asked questions 

What’s the difference between SIEM, EDR, and XDR? SIEM (Security Information and Event Management) collects and correlates log data from across your environment, including firewalls, servers, applications, and cloud services, to surface anomalies and support investigation and compliance. EDR (Endpoint Detection and Response) focuses specifically on endpoint activity, using behavioral analysis to detect threats that bypass antivirus and enabling rapid containment. XDR (Extended Detection and Response) unifies telemetry across endpoints, network, identity, email, and cloud into a single platform with coordinated detection logic. CBTS MDR uses all three layers, with SOC analysts correlating signals across them to surface real threats faster than any single tool could on its own.
How does OnX reduce alert fatigue?  OnX reduces alert fatigue in two ways: tuning and triage. We tune SIEM, EDR, and XDR platforms to your environment, suppressing the noise that creates fatigue in the first place (e.g., known-good behaviors, expected administrative activity, and business-specific patterns). We also triage every alert that does fire, applying analyst judgment before anything reaches your team. The result is fewer escalations, but every escalation is real and actionable.
What’s included in Managed Email Protection? Proactive filtering against phishing, business email compromise, malware, and impersonation attacks; quarantine and review tooling for end users and administrators; threat intelligence integrated into detection logic; user awareness reporting; and incident response when a malicious message gets through. Coverage spans Microsoft 365, Google Workspace, and hybrid email environments, with reporting that supports operational, executive, and compliance audiences.
How does the OnX SOC handle hybrid and cloud environments? Hybrid is the default. Our SOC ingests telemetry from on-premises, cloud, and SaaS environments, including AWS, Azure, GCP, Microsoft 365, Google Workspace, and major SaaS platforms, and correlates activity across all of them. We map detection logic to the unique threats and behaviors of each environment, then unify findings into a single view your team can act on. Adding a new cloud workload or SaaS platform doesn’t require standing up a separate monitoring stream.
Can we integrate our existing security tools with OnX MDR? In most cases, yes.  OnX Managed Detection & Response is designed to work with the security investments you’ve already made. We support major SIEM, EDR, and XDR platforms, integrate with identity providers, and ingest telemetry from third-party tools that have meaningful detection value. We’ll evaluate your current stack as part of onboarding, identify what to keep, what to consolidate, and where to add coverage. Ultimately, we build an integrated detection environment around what’s already working.

Detect what’s real. Respond before it spreads.

Cut through alert noise, surface real issues, and respond with speed and confidence.