Common questions about our security services
Our automated detection systems identify threats within seconds of suspicious activity. For automated responses (isolation, blocking), containment happens immediately. Human analysts are engaged within 5 minutes for complex incidents. Our average time from detection to human engagement is under 3 minutes, dramatically reducing damage compared to industry standards where dwell time averages 207 days.
Traditional firewalls operate on known signatures and rule-based detection, missing sophisticated attacks and zero-days. Security Bulldog uses machine learning and behavioral analysis to identify abnormal patterns regardless of attack signature. We detect lateral movement, privilege escalation, data exfiltration, and command-and-control communications that firewall rules miss. Our AI models learn your baseline environment and flag deviations specific to your infrastructure—not generic alerts that lead to alert fatigue.
Yes. We integrate with major SIEM platforms (Splunk, ELK, Datadog, Sumologic), automation platforms (Splunk Phantom, PagerDuty, Slack), and cloud providers (AWS, Azure, GCP). Our platform consumes logs from your existing infrastructure and enriches them with threat intelligence and behavioral analysis. You don't need to replace your existing tools—Security Bulldog extends their capabilities.
Our platform supports three deployment models: SaaS (managed cloud), dedicated cloud instances (your AWS/Azure/GCP account), and on-premises deployment with Docker/Kubernetes. Government customers often require on-premises or SCIF-ready deployment. We support all major deployment patterns, with custom configuration available for enterprise and regulated environments.
We offer tiered pricing based on incident detection volume and active monitors. Our Guard tier ($999/month) covers smaller organisations with up to 3 seats. Our Sentinel tier ($4,999/month) adds full SOC dashboard and API access for up to 15 seats. Enterprise customers use our Fortress tier with custom pricing for unlimited seats and dedicated infrastructure. All plans include 24/7 threat monitoring and basic incident response support.
Yes. Annual prepayment includes 15% discount. Multi-year commitments (3+ years) receive additional discounts and priority support. Non-profit and educational institutions receive 40% discounts. Contact our sales team for custom arrangements based on your organisation's situation.
Guard: Threat detection, 3 user seats, 30-day log retention, email alerts. Sentinel: Guard features plus SOC dashboard, 15 seats, 90-day retention, API access, Slack/webhook integration, video analysis capabilities. Fortress: Sentinel features plus dedicated infrastructure, unlimited seats, custom retention periods, white-label options, priority support SLA of 1 hour for critical incidents.
We support SOC 2 Type II, ISO 27001, NIST Cybersecurity Framework, CIS Controls, PCI DSS, HIPAA, GDPR, and custom frameworks. We've passed independent SOC 2 audits with full controls over availability, processing integrity, security, and confidentiality. We maintain ISO 27001 certification across our infrastructure. Government customers can access compliance documentation, and we support SCIF deployments for classified work.
SaaS deployments run across AWS/Azure data centers in EU (Ireland, Frankfurt), US (Virginia, Ohio, California), and APAC (Singapore, Sydney) regions. Customers can specify their preferred region for data residency. Dedicated cloud deployments run in your own AWS/Azure account, giving you complete control over storage location. On-premises deployments keep all data within your infrastructure.
We employ encryption in transit (TLS 1.3) and at rest (AES-256). Access controls follow principle of least privilege. All user actions are logged. We use hardware security modules (HSMs) for key management. Third-party penetration tests occur quarterly. Incident response procedures are documented and regularly tested. We maintain cyber liability insurance. Our SOC 2 Type II report details security controls available to customers.
Yes. For EU customers, we sign DPAs that meet GDPR requirements and establish data processor responsibilities. For US customers, we execute Business Associate Agreements (BAAs) for HIPAA compliance. We're happy to review custom agreements and negotiate terms. Contact our legal team at legal@security-bulldog.io for agreements.
Typical implementation takes 1-4 weeks depending on infrastructure complexity. Basic setup (agent installation, log ingestion) happens in days. Tuning detection rules and integrating with your incident response procedures takes 1-2 weeks. We provide implementation specialists, documentation, and training. Our onboarding process aims to get you detecting real threats in your environment within the first week.
All plans include email support and community forums. Sentinel and Fortress tiers include phone support and 4-hour response SLA. Fortress tier includes 24/7 phone access and 1-hour SLA for critical incidents. We also offer professional services: custom integration, tuning, threat hunting, and security assessments available as add-ons for all customers.
Yes. We include basic platform training with all plans. Sentinel and Fortress tiers include advanced training modules covering incident investigation, tuning, and threat hunting. We offer certification programs for analysts who want to become Security Bulldog experts. Custom training is available for enterprise customers, covering specific use cases and your organisation's security posture.
We support logs from firewalls, routers, proxies, endpoints, servers, cloud platforms, applications, databases, and custom systems. If it produces logs (syslog, JSON, CEF, LEEF formats), we can ingest it. Most data sources are auto-discovered and configured, though we support manual configuration for custom applications.
Bandwidth depends on log volume. Most organisations require 10-100 Mbps of sustained bandwidth for log collection. We employ compression and filtering to minimize bandwidth requirements. Large organisations (1000+ employees) may require higher bandwidth. We can provide bandwidth estimations based on your log volume.
Absolutely. We're cloud-native by design and work seamlessly with AWS, Azure, GCP, and hybrid environments. Our agents run on Linux, Windows, macOS, and containerized workloads. We support Kubernetes monitoring, serverless function logging, and cloud API monitoring.
API rate limits depend on your tier. Guard tier: 1,000 requests/hour. Sentinel: 10,000 requests/hour. Fortress: Custom limits. All API calls receive 99.9% uptime SLA (Fortress: 99.95%). We publish uptime metrics at status.security-bulldog.io.
We offer a 30-day free trial (no credit card required) with full platform access. You can monitor up to 10 data sources during the trial. This is enough to evaluate our threat detection in your real environment. Contact sales@security-bulldog.io to request a trial.
We provide 30 days of data export after cancellation. You can download all logs, detection results, and analysis in standard formats. After 30 days, data is permanently deleted according to our privacy policy. You can cancel anytime without penalty (except for annual contracts, which have 30-day notice requirement).
Email questions to hello@security-bulldog.io or visit our contact page to schedule a consultation. Our sales team, technical team, and support engineers are happy to answer specific questions about your environment and requirements.