Everything You Need to Know Before
Choosing a Security Partner

eBuilder Security is a Sweden-based, human-led cybersecurity partner for the mid-market and public sector, delivering MDR, AI Detection and Response, penetration testing, security awareness and CISO advisory. What makes us different: a named Swedish analyst you can reach, not a ticket queue, a 3-minute median response when most providers measure in hours, and 100% of your data kept in Sweden.

We have run cybersecurity operations since 2002, as part of eBuilder, a Swedish enterprise-software company. Today we protect more than 40 Swedish kommuner, regions and EU-regulated enterprises from our Sweden-based 24/7 SOC, and were selected for a multi-year engagement to strengthen Sweden's critical public sector.

We work with mid-market companies and the public sector across Sweden and the EU, including more than 40 Swedish kommuner, regions and EU-regulated enterprises. We are a strong fit for organisations in NIS2 scope, such as energy, transport, health, digital infrastructure and public administration, that need senior security without building a full in-house team.

Yes. Our SOC is independently audited and certified to ISO 27001, the international information-security standard. We are also a CrowdStrike Authorized Partner and operate aligned to NIS2 (Sweden's Cybersäkerhetslagen) and GDPR. Certificates and current scope are available on request for your procurement or audit team.

We work alongside your team, not instead of it. Your IT keeps its tools and control while our SOC adds 24/7 monitoring, investigation and response on top. You get a named analyst as a direct point of contact, and we agree escalation steps around your existing processes so nothing is duplicated.

Our home market is Sweden, but we support organisations across the EU, including groups with Swedish headquarters and international sites. We work in both Swedish and English across reporting, analyst contact and documentation. Your data still stays in Sweden regardless of where your offices are located.

If you are not sure, start with a free 30-minute review. We look at your current posture, your regulatory scope and your gaps, then help you choose the right mix, whether that is MDR, penetration testing, awareness training, CISO advisory, or a combination. There is no obligation to proceed.

Yes, several, all free. Start with a free 30-minute security review where a Sweden-based analyst maps your gaps to NIS2, with no obligation. You can also run our Domain Breach Detector, a read-only, GDPR-compliant scan across 14 billion leaked credentials, and request our NIS2 Compliance Gap Checklist, a board-ready self-assessment that takes about 20 minutes.

The first step is a short briefing with a Sweden-based analyst, who answers your questions and helps you shape a plan you are comfortable with. From there, onboarding is quick: MDR can reach full 24/7 coverage in about three days, with no downtime and no rip-and-replace of your existing tools.

eBuilder's MDR is a fully managed service run from our Sweden-based 24/7 SOC. AI contains threats in milliseconds, a named analyst validates and responds in a 3-minute median, and you get monthly reporting and NIS2-ready incident documentation. For the full list of what is and is not included, see our MDR page.

No. The sensor runs quietly in the background and deploys through your existing device management, so staff notice nothing and there is no downtime. It is lightweight by design and does not interfere with day-to-day work. Full technical detail is on our MDR page.

Most days, very little, which is the point. Our Sweden-based SOC handles monitoring and response in the background. You get a named analyst to call, monthly threat summaries and a quarterly review, plus immediate contact if a serious incident is confirmed.

Both. Beyond 24/7 detection and response, our analysts run regular proactive threat hunts mapped to MITRE ATT&CK, catching intrusions that automated rules miss. Findings feed back into hardening recommendations, so your security posture improves over time rather than staying static.

You need AIDR if your staff use AI tools like ChatGPT or Copilot, or you run AI agents, since that creates shadow AI, prompt-injection and data-leak risks that normal security does not cover. AIDR discovers and governs that AI layer for you. See our AIDR page for how it works in detail.

Probably more than you think. Many staff already use AI tools without IT's knowledge, so most organisations have shadow AI they cannot see. AIDR starts by discovering your actual AI exposure, then governs it. Even at low usage, it puts you ahead of the EU AI Act and NIS2 obligations now landing.

MDR protects endpoints, identities, networks and cloud. AIDR adds the AI layer on top, monitoring prompts, models and AI agents in real time and blocking threats like prompt injection and data leakage that traditional MDR was never built to see. The two run together, validated by the same Sweden-based SOC.

You do not have to ban them. AIDR lets you allow AI use while keeping it governed: it shows which tools and agents are in use, enforces your AI-usage policy, and blocks risky prompts and data leaks in real time. So staff stay productive and you stay in control.

eBuilder's penetration testing is human-led, run by Sweden-based testers who exploit weaknesses the way a real attacker would, then give you a CVSS-rated report and a free retest to confirm the fixes hold. Findings stay in Sweden. For scope, methodology and pricing, see our penetration testing page.

Yes, they do different jobs. A penetration test is a point-in-time check that proves what an attacker could exploit today, so you can fix it. MDR is continuous monitoring that catches and contains threats as they happen. Testing finds the gaps, MDR watches them. Most organisations need both, and they reinforce each other.

No. We agree scope, timing and rules of engagement in writing before any testing begins, and work to avoid disruption to production. Testing runs within agreed limits, and high-risk actions are coordinated with your team. You receive a clear, prioritised report with remediation guidance afterwards.

Very little to start. In a short scoping call we agree the targets, depth and testing window, then put the rules of engagement in writing before any testing begins. For grey or white box tests we may need limited credentials or documentation. Your team stays informed throughout, with minimal day-to-day involvement.

Yes. Our penetration testers hold recognised industry certifications such as CREST, and every engagement follows established methodologies including OWASP, PTES and NIST. Testing is run by Sweden-based specialists, so your findings and report stay within Swedish jurisdiction. For full methodology, see our penetration testing page.

eBuilder runs vulnerability management as a managed service: we continuously scan your estate, prioritise findings by real risk, drive each one to verified closure, and report it mapped to NIS2 and ISO 27001. It runs on the scanner you already use, from our Sweden-based team. For the full lifecycle and pricing, see our vulnerability management page.

Yes, they do different jobs. Vulnerability management keeps your baseline healthy by finding and fixing weaknesses before they are exploited. MDR watches around the clock for threats that slip through and contains them. One reduces your attack surface, the other catches active attacks. Most regulated organisations run both, and they reinforce each other.

No. Scanning runs quietly in the background with no impact on performance or availability, on the platform you already use. We schedule and tune it to your environment so day-to-day operations are not affected. You get the findings and a prioritised action list without any disruption to your systems.

Security awareness training teaches staff to recognise and resist attacks like phishing, a leading cause of breaches. We deliver it through Complorer, our security awareness training platform, combining short lessons with realistic phishing simulations to build lasting habits and strengthen your human layer of defence. See our security awareness training page for what's included.

Simulations are coaching, not punishment. An employee who clicks is taken straight into a short, supportive lesson rather than named or shamed. You see risk trends improve at team and organisation level while individuals learn privately, which builds a stronger security culture instead of fear.

Yes. NIS2 expects ongoing cyber-hygiene and staff training as part of your risk-management measures. Complorer, our security awareness training platform, provides documented, recurring training and phishing-simulation results, with dashboards and reports that give you evidence an auditor will accept.

Yes. Most breaches start with a person, not a system, through a convincing phishing email or a stolen password. Technical controls like MDR catch a lot, but attackers deliberately target staff to get around them. Training your people closes the gap that tools alone cannot, and regulators now expect it.

Very little. Complorer, our training platform, uses short, self-paced video modules staff can complete in a few minutes around their work, not long classroom sessions. Phishing simulations run quietly in the background. The aim is steady, lasting habits with minimal disruption, which is why around 95% of staff complete their training.

CISO as a Service gives you senior cybersecurity leadership, covering governance, compliance, vendor risk and incident readiness, without the cost of a full-time hire. It suits organisations in NIS2 scope, or growing fast, that need credible security ownership at board level but cannot yet justify a permanent CISO. See our CISO advisory page for the full scope.

You get a named senior advisor who owns your security strategy. They build your risk framework, write policies, assess vendor risk, report to your board, and prepare you for incidents and audits. Where you are in NIS2 scope, they address the Article 20 management duties that cannot be delegated to a tool.

You get the same seniority and accountability on a fractional basis, available immediately and scaled to your budget, without a long executive recruitment. Your advisor is also backed by our wider SOC and analyst team, so the role does not stall when one person is unavailable.

Yes, often, because they do different jobs. Your IT team runs and secures the systems day to day. A CISO as a Service sets the security strategy, owns risk and compliance, manages vendor risk, and answers to your board. It is a governance and leadership role that complements your IT team, not a replacement for it.

You work with experienced, Sweden-based security leaders, not junior consultants. Our advisors have advised Swedish organisations across the public and private sector, including kommuner, regions and EU-regulated enterprises, so they understand Swedish regulation, procurement and the realities of a public-sector environment from the inside.

NIS2 applies if you operate in a covered sector, such as energy, transport, health, water, digital infrastructure or public administration, and you are at least medium-sized, which classifies you as an essential or important entity. In Sweden it is implemented as the Cybersäkerhetslagen (SFS 2025:1506), in force since 15 January 2026, bringing around 8,000 organisations into scope. If you are unsure, our free 30-minute review confirms whether you are in scope.

NIS2 requires ten baseline risk-management measures, including risk analysis and policies, incident handling and reporting, business continuity, supply-chain security, access control, encryption, and staff training. Your management body must also approve and oversee them under Article 20. In Sweden these apply under the Cybersäkerhetslagen, scaled to your size and risk.

NIS2 sets a three-stage timeline for significant incidents. You must send an early warning within 24 hours, a fuller incident notification within 72 hours, and a final report within one month. In Sweden these go to the supervisory authority MCF (formerly MSB). We help you produce reporting that meets these deadlines and formats.

Ignoring NIS2 carries real consequences. Supervisory authorities can investigate, issue binding orders, and impose fines of up to €10 million or 2% of global turnover for essential entities, and €7 million or 1.4% for important ones. Senior management can be held personally accountable, and an unreported incident can cause far greater operational and reputational damage.

Yes. eBuilder operates as your data processor under a full GDPR Data Processing Agreement, so you remain the controller and own your data at all times. We process it only to deliver your security service, never for any other purpose. For where it is stored and who can access it, see the MDR page.

Your data stays yours throughout. On exit we hand over your case history and detection data in a usable format, then securely delete it from our environment on a defined, documented schedule. Contracts include a clear exit clause and no automatic renewal traps, so there is no lock-in.

Yes. Your data is hosted in Sweden and kept within Swedish jurisdiction by contract, not simply EU-hosted. That matters because Schrems II warns that EU hosting alone is not enough if a provider can be compelled to hand data to a foreign government, such as under the US CLOUD Act. Choosing a Sweden-based partner is how regulated organisations close that gap.

We help Swedish and EU organisations meet the frameworks that apply to them: NIS2 (Cybersäkerhetslagen), GDPR, ISO 27001, and DORA for financial entities. Our services map to the specific controls each one requires, and our CISO advisory covers the wider governance, so you have one partner across all of them.

NIS2 (Cybersäkerhetslagen) governs cybersecurity risk management for essential and important entities. GDPR governs personal-data protection and breach notification. DORA governs digital operational resilience for financial entities. They overlap on incident handling and risk management, and many Swedish organisations are subject to more than one. We help you meet all three together.

Partly, but not fully. ISO 27001 gives you a strong information-security foundation that maps to many NIS2 measures, so you are ahead. But NIS2 adds duties ISO does not, such as 24-hour incident reporting to MCF and personal accountability for your management body. We help you close the gap between the two.

We map your current state against the NIS2 requirements, then close the gaps with our services. MDR covers monitoring, detection and reporting, Vulnerability Management and Penetration Testing cover security testing, Security Awareness covers staff training, and CISO advisory covers governance, supply-chain risk and the Article 20 management-accountability duty, giving you the Article 21 and 20 evidence an auditor expects.

Pricing depends on the services and the size of your environment, but the model is simple and predictable. MDR is flat per-endpoint with no per-gigabyte log charges, incident surcharges or per-feature add-ons, and testing and advisory are scoped per project. You get a tailored quote within a couple of business days of a short briefing.

Yes. We are built to make enterprise-grade security accessible to mid-market and public-sector organisations, not just large enterprises. You get the same Sweden-based SOC, named analysts and 3-minute median response regardless of your size, on a predictable cost that scales with you as you grow.

No. Affordable does not mean cut-down. Every client gets the same ISO 27001-certified SOC, the same named Swedish analysts and the same response standards. We keep costs down through automation and an efficient flat-rate model, not by reducing the quality or the people behind your security.

For most mid-market and public-sector organisations, yes, by a wide margin. A 24/7 in-house SOC means hiring six to eight analysts to cover every shift, plus tooling, training and management, which can run to several million kronor a year. With managed MDR you get the same round-the-clock coverage and senior analysts for a predictable fraction of that, with no recruitment to run.