Everything You Need to Know Before
Choosing a Security Partner

eBuilder Security is a Sweden-based, human-led cybersecurity partner for the mid-market and public sector, delivering MDR, AI Detection and Response, penetration testing, security awareness and CISO advisory. What makes us different: a named Swedish analyst you can reach, not a ticket queue, a 3-minute median response when most providers measure in hours, and 100% of your data kept in Sweden.

We have run cybersecurity operations since 2003, as part of eBuilder, a Swedish enterprise-software company operating since 1999. Today we protect more than 40 Swedish kommuner, regions and EU-regulated enterprises from our Sweden-based 24/7 SOC, and were selected for a multi-year engagement to strengthen Sweden's critical public sector.

We work with mid-market companies and the public sector across Sweden and the EU, including more than 40 Swedish kommuner, regions and EU-regulated enterprises. We are a strong fit for organisations in NIS2 scope, such as energy, transport, health, digital infrastructure and public administration, that need senior security without building a full in-house team.

Our SOC is independently audited and certified to ISO 27001, the international information-security standard. We are also a CrowdStrike Authorized Partner and operate aligned to NIS2 (Sweden's Cybersäkerhetslagen) and GDPR. Certificates and current scope are available on request for your procurement or audit team.

We work alongside your team, not instead of it. Your IT keeps its tools and control while our SOC adds 24/7 monitoring, investigation and response on top. You get a named analyst as a direct point of contact, and we agree escalation steps around your existing processes so nothing is duplicated.

Our home market is Sweden, but we support organisations across the EU, including groups with Swedish headquarters and international sites. We work in both Swedish and English across reporting, analyst contact and documentation. Your data still stays in Sweden regardless of where your offices are located.

If you are not sure, start with a free 30-minute review. We look at your current posture, your regulatory scope and your gaps, then help you choose the right mix, whether that is MDR, penetration testing, awareness training, CISO advisory, or a combination. There is no obligation to proceed.

Yes, several, all free. Start with a free 30-minute security review where a Sweden-based analyst maps your gaps to NIS2, with no obligation. You can also run our Domain Breach Detector, a read-only, GDPR-compliant scan across 14 billion leaked credentials, and request our NIS2 Compliance Gap Checklist, a board-ready self-assessment that takes about 20 minutes.

The first step is a short briefing with a Sweden-based analyst, who answers your questions and helps you shape a plan you are comfortable with. From there, onboarding is quick: MDR can reach full 24/7 coverage in about three days, with no downtime and no rip-and-replace of your existing tools.

eBuilder's MDR is a fully managed service run from our Sweden-based 24/7 SOC. AI contains threats in milliseconds, a named analyst validates and responds in a 3-minute median, and you get monthly reporting and NIS2-ready incident documentation. For the full list of what is and is not included, see our MDR page.

No. The sensor runs quietly in the background and deploys through your existing device management, so staff notice nothing and there is no downtime. It is lightweight by design and does not interfere with day-to-day work. Full technical detail is on our MDR page.

Most days, very little, which is the point. Our Sweden-based SOC handles monitoring and response in the background. You get a named analyst to call, monthly threat summaries and a quarterly review, plus immediate contact if a serious incident is confirmed.

Both. Beyond 24/7 detection and response, our analysts run regular proactive threat hunts mapped to MITRE ATT&CK, catching intrusions that automated rules miss. Findings feed back into hardening recommendations, so your security posture improves over time rather than staying static.

You need AIDR if your staff use AI tools like ChatGPT or Copilot, or you run AI agents, since that creates shadow AI, prompt-injection and data-leak risks that normal security does not cover. AIDR discovers and governs that AI layer for you. See our AIDR page for how it works in detail.

Probably more than you think. Many staff already use AI tools without IT's knowledge, so most organisations have shadow AI they cannot see. AIDR starts by discovering your actual AI exposure, then governs it. Even at low usage, it puts you ahead of the EU AI Act and NIS2 obligations now landing.

MDR protects endpoints, identities, networks and cloud. AIDR adds the AI layer on top, monitoring prompts, models and AI agents in real time and blocking threats like prompt injection and data leakage that traditional MDR was never built to see. The two run together, validated by the same Sweden-based SOC.

You do not have to ban them. AIDR lets you allow AI use while keeping it governed: it shows which tools and agents are in use, enforces your AI-usage policy, and blocks risky prompts and data leaks in real time. So staff stay productive and you stay in control.

eBuilder's penetration testing is human-led, run by Sweden-based testers who exploit weaknesses the way a real attacker would, then give you a CVSS-rated report and a free retest to confirm the fixes hold. Findings stay in Sweden. For scope, methodology and pricing, see our penetration testing page.

Yes, they do different jobs. A penetration test is a point-in-time check that proves what an attacker could exploit today, so you can fix it. MDR is continuous monitoring that catches and contains threats as they happen. Testing finds the gaps, MDR watches them. Most organisations need both, and they reinforce each other.

No. We agree scope, timing and rules of engagement in writing before any testing begins, and work to avoid disruption to production. Testing runs within agreed limits, and high-risk actions are coordinated with your team. You receive a clear, prioritised report with remediation guidance afterwards.

Vulnerability management is the continuous process of scanning your systems for known weaknesses, prioritising them by risk and tracking remediation over time. A penetration test is a point-in-time, human-led exercise that actively exploits weaknesses to prove real-world impact. Vulnerability management gives you ongoing coverage; a pen test gives you depth at a moment in time. Most organisations use both.

We scan continuously, with scheduling agreed to fit your environment and change cadence. You get prioritised findings mapped to severity, clear remediation guidance, and tracking so you can see what is open, in progress and resolved, plus reporting suitable for NIS2 and audit evidence.

Security awareness training teaches staff to recognise and resist attacks like phishing, which are behind most breaches. Delivered through our Complorer platform, it combines short lessons with realistic phishing simulations to build lasting habits. It strengthens your human layer of defence, usually the first thing attackers target.

Simulations are coaching, not punishment. An employee who clicks is taken straight into a short, supportive lesson rather than named or shamed. You see risk trends improve at team and organisation level while individuals learn privately, which builds a stronger security culture instead of fear.

Yes. NIS2 expects ongoing cyber-hygiene and staff training as part of your risk-management measures. Complorer provides documented, recurring training and phishing-simulation results, with NIS2 awareness-training reporting included each quarter, giving you evidence an auditor will accept.

CISO as a Service gives you senior cybersecurity leadership, covering governance, compliance, vendor risk and incident readiness, without the cost of a full-time hire. It suits organisations in NIS2 scope, or growing fast, that need credible security ownership at board level but cannot yet justify a permanent CISO.

You get a named senior advisor who owns your security strategy: building your risk framework, writing policies, assessing vendor risk, reporting to your board, and preparing you for incidents and audits. Where you are in NIS2 scope, they address the Article 20 management duties that cannot be delegated to a tool.

You get the same seniority and accountability on a fractional basis, available immediately and scaled to your budget, without a long executive recruitment. Your advisor is also backed by our wider SOC and analyst team, so the role does not stall when one person is unavailable.

NIS2, implemented in Sweden as Cybersäkerhetslagen, applies to essential and important entities in sectors such as energy, transport, health, water, digital infrastructure and public administration, generally medium and large organisations. If you are unsure, a short review will confirm whether you are in scope and what your obligations are.

Under NIS2 you must submit an early warning within 24 hours of becoming aware of a significant incident, a fuller notification within 72 hours, and a final report within one month, to the supervisory authority (MCF, formerly MSB). Our MDR service produces the documentation these reports require.

Yes. Under Article 20, management bodies must approve and oversee cybersecurity risk-management measures and can be held personally accountable for failures. This is why NIS2 is a board-level issue, not just an IT one. Our CISO advisory helps management meet these duties.

You own your data at all times. eBuilder acts only as your data processor under GDPR, and a full Data Processing Agreement sets out your rights as the controller, what we process, and for how long. We never use your data for anything beyond delivering your service. For where it is stored and who can access it, see the MDR page.

Your data stays yours throughout. On exit we hand over your case history and detection data in a usable format, then securely delete it from our environment on a defined, documented schedule. Contracts include a clear exit clause and no automatic renewal traps, so there is no lock-in.

Where we rely on sub-processors to deliver your service, they are listed in our Data Processing Agreement along with their role and location, and they are bound by equivalent data-protection obligations. The current list is available to your procurement or privacy team on request.

We help you meet the frameworks that apply to Swedish and EU organisations: NIS2 (Cybersäkerhetslagen), GDPR, ISO 27001, and DORA for financial entities. Our services map to the specific controls auditors check, and our CISO advisory covers the wider governance.

NIS2 (Cybersäkerhetslagen) governs cybersecurity risk management for essential and important entities. GDPR governs personal-data protection and breach notification. DORA governs digital operational resilience for financial entities. They overlap on incident handling, and our services map to all three so you can satisfy them together.

We map your current state against every NIS2 Article 21 control, then close the gaps: 24/7 monitoring and incident reporting through MDR, supply-chain and governance work through CISO advisory, and staff training through Complorer. Many clients reach Article 21 alignment within days. A free gap checklist is the quickest starting point.

Pricing depends on the services and your environment, but the model is simple and predictable: flat, per-endpoint pricing for MDR with no per-gigabyte log charges, no incident surcharges and no per-feature add-ons, plus scoped quotes for testing and advisory. You get a tailored quote within a couple of business days of a short briefing.

Yes. We are built to make enterprise-grade security accessible to mid-market and public-sector organisations, not just large enterprises. You get the same Sweden-based SOC, named analysts and 3-minute response regardless of size, on a predictable cost that scales with you and stays well below the cost of building an in-house team.

No. Affordable does not mean cut-down. Every client gets the same ISO 27001-certified SOC, the same named Swedish analysts and the same response standards. We keep costs down through automation and an efficient flat-rate model, not by reducing the quality or the people behind your security.