Always on · Included
The reaction
Detection and containment run automatically, every second, with no analyst required. This is the default — fast, consistent, and self-sufficient.
Stage 03 · The Observatory· Optional
Expert minds, behind the machine.
The reaction runs on its own — detect, contain, done. The Observatory is the optional layer you add when you want experienced human analysts watching, investigating, and responding around the clock, so nothing important rides on automation alone.
Why it's optional — and when it's worth it
The machine handles the reflex. People handle the judgment.
Atomburst is built to work without a managed service. The Observatory exists for teams who want a second set of expert eyes — not because the automation needs babysitting, but because some calls deserve a human.
+
Optional · Bolt-on
The Observatory
A managed team layered on top: 24/7 monitoring, deep investigation, and hands-on response — turning raw signal into decided action.
DUTY 01
Monitor
Around-the-clock eyes on your reaction, so a 3 a.m. event gets the same attention as a 3 p.m. one.
DUTY 02
Investigate
Analysts correlate, enrich, and chase down the full story behind an alert — not just the alert itself.
DUTY 03
Respond
Decisive action on your behalf, with clear handoff and reporting — and feedback that sharpens future detections.
Where it sits in the reaction
→
→
01
Detector
ITDR spots the event
02
Containment
DomainGuard blocks & filters
03
Observatory
Human analysts add judgment — optional
A night in the Observatory
When a human makes the difference.
The automation handles the reflex. These are the moments where judgment earns its keep. Timelines are illustrative.
Scenario 01 · The 3 a.m. alert
- 03:12A burst of low-confidence signals fires across one client's tenant.
- 03:18An analyst correlates them into a single intrusion attempt, not noise.
- 03:26Response actioned and the client briefed before business hours.
Outcome: a real incident handled while everyone slept.
Scenario 02 · The judgment call
- 13:04An executive's account trips an anomaly mid-deal, mid-travel.
- 13:09Rather than auto-lock, an analyst verifies through a second channel.
- 13:15Confirmed legitimate — access preserved, baseline updated.
Outcome: no false lockout, no business disruption.
Scenario 03 · The feedback loop
- Week 1Analysts notice a recurring benign pattern generating alerts.
- Week 1Detection tuned for that tenant; the noise stops.
- OngoingFindings feed back into sharper automated detection.
Outcome: the machine gets smarter from human review.
Questions
The Observatory, answered.
Is MDR required to use Atomburst? +
No. Detection and containment run automatically without any managed service. The Observatory is a bolt-on for teams who want human eyes on top — never a dependency.
Is it really 24/7? +
Yes — around-the-clock monitoring and response, so a 3 a.m. event gets the same attention as a 3 p.m. one. Coverage & SLA details coming soon
How does the handoff between automation and analysts work? +
The platform detects and contains in real time; analysts pick up investigation, judgment calls, and anything needing context — with clear reporting back to you on what was done and why.
Can MSPs resell MDR to their clients? +
Yes. MSPs can offer the Observatory layer to clients who want 24/7 human coverage without building their own SOC. Partner terms coming soon
What's the response SLA? +
Response-time commitments by severity are coming soon. Ask us for current targets.
How do I add or remove it? +
MDR is an add-on to any plan and can be layered on (or off) without re-platforming. See Pricing.