Managed IT & Cybersecurity (MSP)

CyberWarrior's MSP service is designed to give small and mid-size businesses a complete IT and security function without requiring an internal IT hire. Here is what is included.

• 24/7 helpdesk support: Tier 1 technical support for all end users. Password resets, software installation and troubleshooting, hardware issue diagnosis and coordination, and remote desktop support. Available around the clock, not just during business hours.
• Managed Detection and Response (MDR): Continuous monitoring of your environment for security threats. When a threat is detected, CyberWarrior's security analysts review it before any response action is taken. You are notified of significant incidents. Critical threats receive a response within 15 minutes.
• Advanced Endpoint Protection (EDR): Next-generation antivirus and endpoint detection on every managed device. This goes beyond signature-based antivirus to detect behavioral anomalies and known attack patterns.
• Dark web monitoring: Continuous monitoring of dark web sources for credentials, emails, and data associated with your business. If your employees' credentials appear in a known breach dataset, you are notified immediately.
• Automated patch management: OS and application patches are tested and deployed on a scheduled basis. Emergency patches for critical vulnerabilities are deployed as a priority. Patch compliance is reported monthly.
• Device backups: Daily automated backups of managed devices, with verification and recovery assistance.
• Security awareness training: Included as a standard component of the service. Employees receive regular training on phishing, password hygiene, and security practices. This satisfies the security awareness training requirements of most cyber insurance policies.
• Quarterly vulnerability assessments and monthly security posture reports round out the coverage.

Managed Detection and Response (MDR) is one of the most important components of CyberWarrior's MSP service, and it is worth understanding what it actually does versus what traditional security tools do.

Traditional antivirus:

Identifies and blocks known malware based on a database of known threat signatures. Effective against known threats, ineffective against new variants, behavioral attacks, or attackers who have already gained access to a system.

MDR:

Monitors your environment continuously for unusual behavior (network activity, process executions, file changes, login patterns) that indicates a threat is present or active. MDR catches threats that antivirus does not: attackers who are already inside a network, sophisticated malware that evades signature detection, and credential-based attacks.

How MDR works in CyberWarrior's service:

Monitoring sensors are deployed on your managed devices and network. Data flows to CyberWarrior's security operations center (SOC). When an alert fires, a human security analyst reviews it before any response action is taken. This prevents alert fatigue from overwhelming your environment with false positive responses. Real threats receive a response within 15 minutes for critical-severity alerts.

Why this matters for SMBs:

Most SMB cybersecurity incidents are not detected until significant damage has been done, because there is no one watching in real time. MDR is what makes real-time detection possible without requiring an internal security team.

The $99/device/month covers the complete standard MSP service bundle. Here is exactly what is included and what falls outside the standard pricing.

Included at $99/device/month:

• 24/7 helpdesk support for all users on managed devices
• Managed Detection and Response (MDR) monitoring
• Advanced Endpoint Protection (EDR) on all managed devices
• Automated patch management (OS and applications)
• Dark web monitoring for your organization's credentials and emails
• Daily device backups with verification
• Security awareness training for all users
• Quarterly vulnerability assessments
• Monthly security posture reports
• Compliance documentation packages for cyber insurance support

Not included in the per-device rate:

• Network devices: Firewalls, managed switches, and network appliances are quoted separately because the effort to monitor and manage them varies significantly by device type and configuration. You will receive a separate network device quote as part of the technical assessment.
• Third-party software licensing: If you need specific software tools that CyberWarrior does not use as part of standard service delivery, those licenses are your cost.
• Hardware: Physical device purchases or repairs are not included.
• On-site visits: Remote support is included. On-site visits for physical issues are quoted separately at an hourly rate.

There are no monthly minimum charges beyond the minimum 10-device threshold. You pay for the devices you have, not a floor above your actual environment size.

Understanding the device count matters because it determines your monthly cost. Here is how CyberWarrior counts devices.

• Standard workstations (1 device each): Every employee laptop, desktop computer, or workstation. This includes both Windows and Mac devices. It also includes shared workstations at a reception desk or shared workspace.
• Servers (3 devices each): Each physical or virtual server counts as three devices. Servers receive a higher device count because monitoring and managing a server involves more complexity, risk surface, and operational effort than a workstation. If you have cloud servers (AWS, Azure, Google Cloud), these are also counted and may require additional scoping depending on your configuration.
• Managed mobile devices (0.5 devices each): Smartphones and tablets that you want enrolled in CyberWarrior's mobile device management (MDM). Employees' personal devices that access company email can be enrolled at this rate for mobile security management.
• Network devices (quoted separately): Firewalls, managed switches, wireless access points, and similar network infrastructure. These require separate scoping and are quoted in addition to the per-device rate.

A complimentary technical assessment is completed before you sign any agreement. Part of that assessment is producing an accurate device inventory so there are no surprises in your first invoice. If your device count changes after onboarding (you hire more staff, purchase new equipment), your invoice adjusts accordingly at the standard per-device rate.

24/7 helpdesk support is a standard component of the CyberWarrior MSP bundle, not a premium add-on. Here is what that means in practice.

Coverage hours:

Support is available 24 hours a day, 7 days a week, 365 days a year. There are no "after-hours" or "weekend" restrictions on when users can submit a ticket and receive help.

Ticket categories and response times:

• Critical (system or security down): Response within 15 minutes
• High priority (major function impaired): Response within 1 hour
• Normal priority (partial impairment, workaround available): Response within 4 hours
• Low priority (general requests, non-urgent): Response within 24 hours

What helpdesk covers:

Password resets and account management, software installation and troubleshooting, hardware issue diagnosis and vendor coordination, remote desktop support for user issues, email configuration and connectivity issues, and printer and peripheral setup.

What helpdesk does not cover:

Building or installing new systems from scratch, non-standard software that falls outside the documented environment, and physical on-site work (which is available but quoted separately).

How users submit tickets:

CyberWarrior provides a ticketing portal, email submission, and phone support. Users can reach helpdesk by whichever method is most convenient. All interactions are logged and trackable.

For small businesses that currently have no formal IT support: 24/7 helpdesk coverage is often the most immediately impactful component of the MSP service. Employees stop bringing IT problems to the business owner and start getting them resolved by professionals.

CyberWarrior's incident response process is built on the principle of early detection and structured response. Here is how it works from detection to resolution.

Detection:

CyberWarrior's MDR monitoring detects anomalous behavior in real time. Most security incidents leave behavioral signals before significant damage occurs. The goal of MDR is to catch incidents at this early stage, before data is exfiltrated or ransomware deploys.

Alert and triage:

When a potential incident is detected, a CyberWarrior security analyst reviews the alert before taking action. This prevents false positives from triggering disruptive responses. Critical-severity alerts receive analyst review within 15 minutes.

Containment:

Once an incident is confirmed, CyberWarrior takes immediate containment actions appropriate to the threat: isolating affected devices from the network, revoking compromised credentials, blocking malicious processes. You are notified as containment is underway, not after.

Client communication:

You receive a clear, jargon-free incident notification that explains what happened, what CyberWarrior did, and what you need to do. We do not send you a technical log dump and ask you to interpret it.

Remediation:

CyberWarrior works with you through the remediation process: cleaning affected systems, restoring from backup if necessary, patching the vulnerability that was exploited, and documenting the incident for cyber insurance or regulatory reporting purposes.

Post-incident review:

For significant incidents, CyberWarrior conducts a post-incident review to identify what happened, how it was detected, and what changes are recommended to prevent recurrence.

For incidents that exceed CyberWarrior's response scope (for example, large-scale data breaches requiring forensic investigation or regulatory notification): we have relationships with specialist incident response firms and will facilitate a referral.

This is one of the most important comparisons for small businesses to make clearly before deciding. Here is an honest breakdown.

An internal IT person:

• One person, one skill set. No single IT person is an expert in helpdesk support, server management, security monitoring, patch management, backup administration, and vendor management simultaneously. Most internal IT hires are strong in some areas and weak in others.
• Single point of failure. When your IT person is sick, on vacation, or has left for a better offer, your IT coverage disappears entirely.
• 40-hour work week. Internal IT covers normal business hours. Security threats do not respect business hours.
• Fully loaded cost: $65,000 to $95,000 per year in salary plus benefits, tools, and continuing education. That is $5,400 to $7,900 per month for one person with one skill set.
• Institutional knowledge lock-in: When they leave, critical knowledge about your environment leaves with them.

CyberWarrior's MSP:

• A team with specialized expertise across helpdesk, MDR, security operations, patch management, and compliance.
• 24/7 coverage with no single point of failure.
• Enterprise-grade security tools that a single internal hire could not afford or administer independently.
• Consistent service regardless of individual staff turnover on CyberWarrior's team.
• Cost: $99/device/month. For a 20-workstation business with two servers, that is $2,574/month, well below the cost of one internal IT hire.

The honest trade-off: a great internal IT person who stays for years, knows your environment deeply, and is deeply invested in your business is genuinely valuable in ways a managed service cannot fully replicate. But for most SMBs, that person is hard to find, harder to retain, and expensive to keep. CyberWarrior's MSP solves the problem most businesses actually have.

Dark web monitoring is one of the most misunderstood components of modern small business cybersecurity, and also one of the most practically valuable.

What the dark web is in this context:

A collection of underground forums, marketplaces, and breach data aggregators where stolen credentials, compromised email addresses, and leaked corporate data are traded and sold. When a major service provider (a bank, a retailer, a cloud platform) suffers a data breach, the stolen credentials eventually appear on these platforms and become available to attackers.

Why this matters for your business:

Your employees use their work email addresses and sometimes their work passwords across multiple services. If any of those services suffers a breach, those credentials can end up on the dark web. An attacker who finds your CFO's email address and a previously used password can attempt to access your business email, your financial accounts, or any system that uses the same credentials.

What dark web monitoring does:

CyberWarrior monitors continuously for your organization's email domains and employee email addresses appearing in known breach databases and dark web data sets. When a match is found, you receive an alert identifying which credential was compromised and recommending the specific action (password reset, MFA enforcement, or account review).

Why this matters for timing: Most breach-related attacks happen not immediately when credentials are stolen, but weeks or months later when the data has been processed and distributed. Dark web monitoring gives you the warning in time to act before the credential is used against you.

CyberWarrior regularly onboards clients who are transitioning from another MSP or IT vendor. Here is how that process works.

Pre-transition assessment:

Before you sign with CyberWarrior, we conduct a complimentary technical assessment of your environment. This covers your device inventory, current security posture, existing tool stack, and any known issues. We also review your current vendor contract to understand transition timing and obligations.

Transition planning:

Based on the assessment, we develop a transition plan that specifies what tools will be replaced (CyberWarrior installs its own monitoring and security stack, which typically replaces the incumbent vendor's tools), what data or configuration needs to be migrated, and what the cutover timeline looks like.

Parallel running period:

For complex environments, we recommend a brief parallel running period where both CyberWarrior's tools and the incumbent's tools are active simultaneously. This prevents coverage gaps during the transition.

Coordinating with your current vendor:

If you have an active contract with your current vendor, we will advise on how to manage the transition timeline to avoid double-billing. We have worked through many vendor transitions and can help you navigate the conversation with the outgoing vendor.

Minimizing disruption:

Most CyberWarrior MSP onboardings complete within 10 to 14 days of contract signing. Agent deployment is typically done remotely and invisibly from end users' perspective.

Timing considerations:

If your current vendor contract has a notice period or minimum term remaining, factor that into your transition planning. We will not encourage you to breach a contract with your existing vendor; we will help you plan a clean transition.

CyberWarrior's MSP service is built for mixed-platform environments, which is the reality for most small businesses today.

Windows devices:

Full endpoint protection (EDR), patch management, remote monitoring, and helpdesk support for all Windows versions in active support (Windows 10 and Windows 11). Legacy Windows versions (Windows 7, Windows 8) are managed with additional caveats given their end-of-life status.

macOS devices:

Full endpoint protection, patch management, and monitoring for current macOS versions. Mac helpdesk support is included. Mac patch management uses CyberWarrior's tooling rather than a Windows-centric approach, so Mac users receive proper patch cadence rather than being deprioritized.

Mobile devices (iOS and Android):

Mobile device management (MDM) enrollment is available for company-owned or employee-owned devices that access company email and data. MDM enables remote wipe, policy enforcement, app management, and compliance monitoring for mobile devices. Mobile devices count as 0.5 in the device calculation.

Mixed environments:

Having Windows desktops alongside Mac laptops alongside iPhones is the norm, not the exception, in the businesses CyberWarrior serves. Our tooling is selected specifically to handle mixed environments without requiring separate management consoles for each platform type.

During the technical assessment, we document every device type in your environment and confirm that our tooling supports each platform. If you have an unusual device type (Linux workstations, specialized industrial terminals), we will flag that specifically and advise on whether and how it can be managed within the standard service.