The first thing standing
between your organization and a breach.
You built your company on expertise, trust, and doing right by your customers. The businesses that work with us have already decided that meeting those expectations are part of what running a responsible business means. We build and operate the security program that delivers on that.
What a breach actually costs your organization
$0.00M
Average cost of a U.S. data breach in 2025. A new all-time record. Healthcare leads all industries for the 14th consecutive year.
IBM Cost of a Data Breach 2025
0 days
Average time to identify and contain a healthcare breach. Five weeks longer than any other industry. Every day is evidence against you.
IBM Cost of a Data Breach 2025
0%
Of breaches involve a human element — phishing, social engineering, or insider action. Detection on the wire matters more than any policy.
Verizon 2025 Data Breach Investigations Report
■
You didn't build a practice people trust by leaving risk to chance. The firms that end up here have already done the hard thinking: they've seen what a breach costs a practice like theirs, they know their compliance obligations aren't optional, and they've decided that reacting to an incident is not the same as running a responsible operation. That decision is the hard part. We're the execution.
What we do
MDR Tiers · Choose One
Core MDR: Guardian
Advanced MDR: Fortress
Services & Deliverables · Bundled or A La Carte
Threat Hunting
Incident Response
Digital Forensics
Compliance Programs
Professional Services
Guardian: Core MDR
24/7 monitoring. Expert investigation.
You stay in control.
You stay in control.
For organizations with IT staff who can act on guidance. We watch your environment around the clock, investigate every alert with forensic depth, and deliver a plain-English answer, not a raw log dump. You decide what happens next. We make sure you have everything you need to decide fast.
Starting at
$15
/endpoint/month
$500/mo minimum
25 endpoint minimum
$13/ep on annual
$500/mo minimum
25 endpoint minimum
$13/ep on annual
Detection
- 24/7 behavioral endpoint monitoring
- Automated threat containment. Isolates in seconds.
- MITRE ATT&CK mapped investigation on every alert
- Documented findings in plain English
- Automated forensic artifact collection at critical thresholds
Coverage
- Microsoft 365 email security monitoring
- Removable media and USB monitoring
- Registry, certificate, and scheduled task integrity
- Threat intelligence correlation on every event
- Windows endpoint behavioral analytics
Reporting
- Monthly executive security report
- Quarterly vulnerability scan
- 90-day log retention
- Emergency IR: 2 hrs per confirmed critical incident
Most Popular
Fortress: Advanced MDR
Full managed response. Compliance
documentation. $250K warranty.
documentation. $250K warranty.
For regulated businesses without dedicated security staff. We handle incidents on your behalf, contain threats without waiting for you, and produce the compliance documentation your frameworks require. You have a team. Not a dashboard.
◆ $250,000 breach warranty included
Starting at
$22
/endpoint/month
$500/mo minimum
25 endpoint minimum
$19/ep on annual
$500/mo minimum
25 endpoint minimum
$19/ep on annual
Everything in Guardian, plus
- Shadow IT and rogue device discovery, onboarding and quarterly
- Proactive weekly threat hunting
- Monthly phishing simulation
- 365-day log retention
- Dark web credential and domain monitoring, included
- Annual security risk assessment + technology IR plan
Compliance docs: included for your vertical
- ABA 483 evidence package for law firms
- FTC Safeguards and WISP package for CPA practices
- NAIC Model Law ISP package for insurance agencies
- HIPAA Security Rule documentation for healthcare
- Breach response records and notification support
IR retainer: 10 hrs/mo rolling
- 10 hrs/mo bank. Unused hours roll forward every month.
- Any event warranting response triggers the bank
- Per-incident cap: 20 hours
- Additional hours at $250/hr
- Critical response initiation under 1 hour
- On-call escalation under 15 minutes
Threat Hunting
Find what got past the alerts.
Before it becomes an incident.
Before it becomes an incident.
Detection rules catch known patterns. Threat hunting finds the rest. Our engineers run hypothesis-driven hunts against your environment looking for dormant persistence, slow lateral movement, credential misuse, and the staging behaviors attackers use when they don't want to trip an alert. Every successful hunt becomes a new detection rule, so your coverage gets stronger every month.
Included in Fortress
Continuous
Standalone engagement
Contact for scope
Typical: 2–6 weeks
Contact for scope
Typical: 2–6 weeks
What we hunt
- First-seen processes and binaries across your environment
- Dormant persistence: scheduled tasks, registry, WMI, services
- Slow lateral movement using legitimate admin tools
- Rare parent-child process chains (living-off-the-land)
- Long-duration data staging below alert thresholds
How hunts run
- Hypothesis documented before each hunt begins
- Telemetry queried across endpoints, identity, cloud, network
- Findings validated by engineers, not auto-closed
- Successful hunts codified as permanent detection rules
- Monthly hunt summary in your posture report
Output
- Documented findings: confirmed, suspicious, or ruled out
- Evidence trail suitable for counsel, board, auditors
- Detection coverage gap analysis
- New rules deployed to your environment same day
- Dwell time reduction tracking over time
Incident Response
When it happens, you need people
who have been here before.
who have been here before.
A breach is not a technical problem. It is a business crisis with legal, regulatory, financial, and reputational dimensions that unfold simultaneously. Our team has responded at federal agencies, healthcare systems, and law firms. We contain the threat, preserve evidence, manage the regulatory clock, and produce the documentation your attorney and insurer will require. The worst time to negotiate IR rates is at 2am when you've been hit. The Fortress retainer exists for that reason.
Retainer in Fortress
10 hrs/mo
On-demand: $275/hr
Fortress clients: $250/hr
Critical initiation: <1 hr
Fortress clients: $250/hr
Critical initiation: <1 hr
Containment
- Immediate threat isolation, platform and manual
- Attacker eviction and re-entry prevention
- Credential reset and access control audit
- Malware identification and eradication
- Business continuity coordination during active incident
Investigation
- Full forensic timeline reconstruction
- Initial access vector identification
- Data exposure scope determination
- Attacker dwell time and lateral movement mapping
- Chain of custody documentation for legal proceedings
Regulatory & recovery
- HIPAA 60-day breach notification management
- State notification deadline tracking. PA: 30 days.
- Breach notification letter drafting
- Regulatory filing coordination
Digital Forensics
Disk, memory, network, and mobile.
Courtroom-ready findings.
Courtroom-ready findings.
Led by a practitioner with a B.S. in Digital Forensics and federal investigative experience at DHS, CISA, and NIH. Every engagement follows NIST 800-86 methodology with full chain of custody from intake to delivery. Findings are formatted for attorneys, insurers, regulators, and courts, not just your IT team. Covers both traditional digital forensics and mobile device examination (iOS and Android).
Law firms: eDiscovery support, attorney-client privilege preservation, internal employee investigations, and litigation hold compliance all within scope. Mobile forensics covers deleted messages, GPS history, app data, and call records across iPhone and Android devices.
Starting at
$200
/hr
Scoped flat-rate engagements available
Retainer rates for law firms
Scoped flat-rate engagements available
Retainer rates for law firms
Digital examination
- Hard drives, SSDs, and USB media acquisition
- Live memory: injected code, rootkits, credential artifacts
- Deleted file recovery and file system timeline analysis
- Registry, event log, and prefetch artifact analysis
- Anti-forensics detection: timestomping, log clearing, wiping
- Malware identification and behavioral analysis
Mobile examination
- iOS and Android acquisition: logical, file system, and physical
- Deleted SMS, iMessage, WhatsApp, Signal, and Telegram
- Call logs, GPS location history, and geofencing data
- App data, photos with EXIF metadata, browser history
- iCloud and Google account data (with authorization)
- Deleted data recovery frequently possible after factory reset
Deliverables & use cases
- Forensic examination report for legal proceedings
- Chain of custody documentation throughout
- eDiscovery and ESI support for litigation
- Expert witness testimony available
- Employee misconduct and HR investigations
- Breach scope: what was accessed, when, and what left the building
Compliance Programs
The documentation your framework
requires. Delivered.
requires. Delivered.
Every vertical Carbynix serves has specific, enforceable security documentation requirements. ABA 483 for law firms. FTC Safeguards and IRS WISP for CPA practices. NAIC Model Law ISP for insurance agencies. HIPAA Security Rule for healthcare. These are not optional and they are not satisfied by having antivirus installed. We build and maintain the evidence packages that demonstrate compliance. We produce the audit-ready documentation before the auditor arrives.
Included in
Fortress
Standalone packages
available, contact for quote
available, contact for quote
What we produce
- Written Information Security Plan (WISP): built, maintained, and updated annually
- Annual security risk assessment documented to regulatory standard
- Technology-side incident response plan with regulatory timelines
- Security awareness training documentation and completion records
- Vendor and third-party risk management documentation
Vertical frameworks
- ABA 483 / 477R / 498 evidence package for law firms
- FTC Safeguards Rule compliance documentation for CPA and financial firms
- IRS WISP for tax preparers and CPA practices
- NAIC Model Law ISP package for insurance agencies (28+ states)
- PA Insurance Data Security Act for Pennsylvania agencies
- HIPAA Security Rule documentation package for healthcare practices
Why this matters
- FTC Safeguards penalty: $51,744 per violation per day for non-compliant CPA firms
- Bar associations actively investigating firms without cybersecurity programs
- OCR investigates every reported HIPAA breach regardless of size
- NAIC Model Law requires 72-hour breach notification in 28+ states
- Documentation is the difference between a covered claim and a denied one
Aegis: Professional Services
Analyst time and specialist engagements
beyond the platform.
beyond the platform.
Add to either MDR tier. Everything in Aegis requires deliberate human judgment. Nothing is automated. Virtual security officers, penetration testing, tabletop exercises, and attestation reports. Available to any client on any tier.
Pricing
Per service
Add to either tier
Contact for quote
Contact for quote
Advisory & strategy
- Virtual security officer (vCISO): $2,500 to $5,000/mo
- Penetration testing via certified partner: $5K to $15K/yr
- Annual tabletop exercise, DHS/CISA methodology
- Executive and board security briefings
- Vendor and supply chain risk assessment: $1,500 to $3,500/yr
Documentation & compliance
- Compliance audit preparation: $5K to $25K
- Security attestation report: $2K to $2,500/yr
- Regulatory change monitoring: $150/mo
- Breach notification drafting and regulatory filing support
Expanded coverage
- Cloud security monitoring for AWS, M365, and GCP: $300 to $500/mo
- Brand and typosquatting monitoring
- Dark web monitoring: included in Fortress, $50/mo for Guardian
- Security awareness training with a compliance-mapped curriculum
- Ransomware early warning tripwires
What sets Carbynix apart
Expect more from your MDR provider.
Most MDR companies were built for enterprise. We were built for the 50-person practice that has the same compliance obligations and a fraction of the security budget.
Compliance-native, not compliance-adjacent
Guardian and Fortress are built around ABA 483, FTC Safeguards, NAIC Model Law, and HIPAA. Not bolted on after the fact. Your compliance documentation is a deliverable of the service, not a separate engagement.
AI enrichment that actually explains itself
Every alert is investigated by our AI pipeline before a human sees it: MITRE technique mapped, threat intelligence correlated, verdict assigned, plain-English narrative generated. Your team receives answers, not alerts. Less than 4% of events require human escalation.
Forensics as a first-class service
Digital and mobile forensics led by a practitioner with a B.S. in Digital Forensics and federal experience at DHS, CISA, and NIH. Not a white-label referral. Our own capability. Courtroom-ready findings at $200/hr with full chain of custody.
The $250,000 breach warranty
Fortress clients are covered by a $250K breach warranty. If we fail to detect a confirmed incident, we cover it. National MDR players at $44K+/year don't offer this. We do at $22/endpoint/month, because we're confident in what we built.
97.5% lower breach loss
Organizations using MDR services see 97.5% less in breach-related loss than those relying on endpoint protection alone: $75K median vs. $3M. The Fortress IR retainer and compliance documentation are designed to make that stat work in your favor.
Federal-grade expertise. SMB pricing.
Our founder built threat detection capability at DHS, CISA, NIH, and Google. We built Carbynix because the firms and practices that need this level of protection most are the ones national providers price out of reach. That's the gap we exist to close.
97.5%
Less in breach-related loss for MDR users vs endpoint-only
Sophos · 282 organizations analyzed · 2025
$200
Per hour for courtroom-ready digital and mobile forensics
Carbynix · 2026
279
Days average healthcare breach dwell time, 5 weeks longer than any industry
IBM Cost of a Data Breach · 2025
$250K
Breach warranty included with every Fortress subscription
Carbynix · Fortress tier
How we work with you
01
30-minute consultation
We map your compliance obligations, assess your exposure, and tell you what you need and what you don't. No sales pitch. A real conversation.
02
Deployed in days
The Carbynix Sensor installer deploys agents silently via GPO or RMM. Most environments are fully instrumented within 48 hours of signing.
03
First report in 30 days
A documented security baseline, your first monthly report, and your vertical compliance package started. You're already ahead of most practices your size.
04
Ongoing: we handle it
Alerts investigated, enriched, escalated when warranted. You hear from us when something requires your attention. You don't when it doesn't.
Compliance frameworks we cover
Law Firms
ABA 483 · ABA 477R · ABA 498
Duty of competence in cybersecurity. Client data protection. Incident notification. We produce the evidence package your managing partner needs for bar compliance and client due diligence requests.
CPA Practices
FTC Safeguards Rule · IRS WISP
Written Information Security Plan required for every firm handling customer financial data. We build it, maintain it, and produce documentation that satisfies FTC examination.
Insurance Agencies
NAIC Model Law · PA PIDSA
28+ states enforce 72-hour breach notification requirements under NAIC Model Law. The PA Insurance Data Security Act adds civil penalty exposure. We manage both.
Healthcare Practices
HIPAA Security Rule · OCR Enforcement
OCR investigates every reported breach. 55% of HIPAA enforcement actions target small practices. We produce the required risk assessment, security rule documentation, and breach response records.
Start with a 30-minute conversation.
We'll tell you what your compliance framework requires, where your biggest exposure is, and which service closes that gap at a price that makes sense for your organization.