For your practice

Cybersecurity for practices that cannot afford downtime.

You run on client records, patient files, schedules, billing, email, and trust. If those systems go down, the work stops. Obsidian Ridge gives small professional practices managed detection, identity protection, and plain-English security guidance — without adding another dashboard your team has to watch.

See plans Schedule a discovery call

Aligned with

NIST CSF 2.0ISO 27001SOC 2HIPAAPCI-DSS

CISSP-led • Senior practitioner on every engagementHuntress Partner

TL;DR

What this is, who it's for, what it costs.

Managed cybersecurity for small professional practices — law firms, dental and medical offices, accountants, consultants — that depend on email, records, scheduling, billing, and devices staying available and private. Pricing starts at $15 per device per month, with bundles that add account monitoring and staff training for $32 per user, or a full audit-ready program from $55 per user. The difference is one accountable practitioner running the program for you, not a portal you have to learn.

The reality

Small practices carry serious data without enterprise security teams.

Law firms, dental offices, clinics, accountants, and consultants all depend on the same fragile set of systems: email, workstations, billing, records, scheduling, and cloud accounts. Attackers know these environments are busy, under-staffed, and rarely watched around the clock. Insurers and regulators are paying attention too.

The risk is not theoretical. One compromised account or infected workstation can interrupt appointments, delay client work, expose sensitive records, and create weeks of cleanup. Obsidian Ridge closes that gap — quietly, without adding another tool your team has to manage.

Pricing

Service Plans

Prices in USD · per agent or per user

Tier 01 · Foundation

Foundation

$15/ agent / mo

Month-to-month · no minimum

Always-on protection for the computers your practice depends on, monitored 24/7 by a real security team. Built to catch suspicious activity early and keep one bad laptop from stopping the day.

What's included

Always-on protection on every computer in your practice.MDR / EDR: suspicious activity on workstations is watched 24/7 by a real security team, so one compromised laptop is less likely to interrupt client work.
Human review before alerts reach you.SOC triage: a real analyst reviews suspicious activity first, so your team is not expected to interpret raw security alerts during a busy day.
Quarterly review of how your security is holding up.Posture review: we look at what changed, what improved, and what still needs attention before small gaps become expensive problems.
Direct email support from a senior practitioner.Security advisory: you have a person to ask when something feels off, instead of being routed into a generic ticket queue.
Add or remove devices at any time.Agent-based deployment: coverage can follow the computers your practice actually uses without locking you into unused seats.

Replaces or complements

Antivirus subscriptions that flag everything and stop nothing
Generic IT-installed protection with no one reviewing alerts
Monthly log review your team never finds time for

Cyber insurance baselineSOC 2 readinessHIPAA Security Rule

Request pricing

Protected

$32/ user / mo

Annual term · billed monthly

Adds monitoring of the email and Microsoft 365 / Google Workspace accounts your practice runs on, plus story-driven training so staff can spot phishing — and the documentation your insurer or auditor will ask for.

Everything in Foundation, plus

Email and cloud account monitoring.ITDR: Microsoft 365 or Google Workspace accounts are watched for break-in attempts and identity-based attacks.
Security training for staff.security awareness training: short lessons and realistic phishing simulations help your team recognize common attacks before they become an incident.
Training records for audits and insurance.Compliance evidence: you have documentation ready when HIPAA, SOC 2, ISO 27001, client questionnaires, or insurers ask what your staff received.
Monthly security summary in plain English.Executive reporting: you see what was watched, what was investigated, and what needs a decision without learning another dashboard.
Direct email support from a senior practitioner.Security advisory: a person to ask when something feels off, not a generic ticket queue.

Replaces or complements

Standalone antivirus or endpoint subscriptions
Separate phishing-training tools you bought and forgot to roll out
One-off compliance gap assessments with no follow-through

Cyber insurance baselineSOC 2 readinessHIPAA · add-on

Request pricing

Tier 03 · Complete

Complete

from$55/ user / mo

Scoped · log sources priced separately

Connects every security tool you already run — firewall, cloud, identity, devices — into one place we watch, with 90 days of logs and quarterly rehearsals. For practices that feel the weight of compliance and want it handled.

Everything in Protected, plus

Audit-ready security records.SIEM: logs from your devices, accounts, firewall, and cloud tools are collected so insurance, HIPAA, SOC 2, PCI-DSS, and client questionnaires are easier to answer.
Searchable evidence for 90 days.Log retention: when someone asks what happened, we can investigate from stored security records instead of piecing together screenshots after the fact.
Quarterly practice drill.Tabletop exercise: we walk through what your team would do if a real incident hit, before the pressure is real.
Senior security advisory.Practitioner hours: four hours per month are reserved for security questions, policy decisions, vendor reviews, or audit preparation.
Annual security assessment and audit-prep support.Framework alignment: we turn the year of security work into a clearer story for insurers, auditors, clients, and leadership.

Replaces or complements

Separate logging and alerting tools no one reads
Advisory retainers with no monitoring behind them
A patchwork of security tools that don’t talk to each other

Cyber insurance baselineSOC 2 Type IIHIPAA · PCI-DSS

Talk to a practitioner

From $15 / agent / moStart with Foundation

Request pricing

Pricing reflects starting rates. Final pricing depends on environment complexity, number of users, and chosen options. All plans include onboarding.

Centralized security visibility

When the auditor asks, the answer comes back in minutes.

See what's happening across every layer of your practice — without dashboards your team has to learn.

Most small practices run security tools that work in isolation — a firewall here, endpoint protection there, identity for logins, cloud accounts you forgot you connected. When something goes wrong, the evidence is scattered across five different systems, and nobody on your team has time to piece it together.

In the Complete tier, we connect your existing security tools — firewall, endpoint agents, identity providers, cloud accounts — into one place we watch. A SIEM collects security records from your tools so we can investigate activity and produce evidence when insurers, auditors, or clients ask.

Behind the scenes, our 24/7 SOC reviews the data. In front of you, a written monthly report in plain English — what we observed, what we investigated, what you should know.

What you get

One view across your firewall, devices, identity systems, DNS filtering, and cloud accounts
24/7 monitoring by a real security operations team behind the scenes
A monthly summary in plain English — what we saw, what we did, what you should know
Evidence that satisfies cyber-insurance, SOC 2, HIPAA, PCI-DSS, and CMMC logging requirements
No new dashboards for your team. We watch; you get the summary.

What this replaces or complements

Standalone log-management platforms (Splunk, Datadog, Microsoft Sentinel) — typically $15K–$80K/year at small-practice scale
Managed SOC services from larger MSSPs (typically $50K-$200K/year minimums)
Internal log review your team isn't doing because they don't have time
Reactive-only security where threats are noticed after the fact

Integrations grid

Works with what you already have.

Firewalls

SonicWallFortinet FortiGatepfSenseWatchGuardCisco MerakiSophosPalo Alto NetworksBarracuda CloudGenCisco Secure Firewall ASACisco FirepowerArista NGUbiquiti

Endpoints

Windows Event LogsLinux Event LogsSyslog

Identity

Cisco Duo1PasswordBitwardenLastPassKeeper

DNS Filtering

DNSFilterCisco Umbrella

Cloud

Microsoft AzureAWS CloudTrailAWS S3Google Cloud (coming soon)

Cloud Security

Wiz

RMM

NinjaOne

Infrastructure

Cloudflare

Generic

HTTP Event Collector for custom integrations

Included in the Complete tier (from $55/user/mo) • Available as an add-on for Protected ($32/user/mo)

See if this fits your environment

What makes this different

Built for practice owners, not security buyers.

Real partnership, not a portal.

A dedicated security practitioner who knows your practice — not a ticketing system and a faceless team.

Enterprise tools at small-practice prices.

The same security platforms used by hospitals, banks, and Fortune 500 firms — made accessible at small-practice scale.

Built for the audits you'll face.

Whether it's HIPAA, SOC 2, your state bar, or a client security questionnaire, the program produces the evidence and controls you'll need.

Who this is for

Is this for your practice?

You run a professional practice with 5 to 200 staff — clinic, law firm, dental office, accounting firm, consultancy, or similar
You don't have a dedicated internal security person
You're seeing more cyber-insurance questions, HIPAA / state-bar / industry compliance pressure, or client security questionnaires
You've had a scare — a phishing email, a ransomware threat, an account that got hacked — and you don't want to relive it
You want to know your practice is protected without becoming a cybersecurity expert yourself

How It Works

How does this work?

Discovery call.

A 30-minute conversation to understand your practice, your concerns, and what you actually need.

Scoped proposal.

A clear written proposal with pricing, scope, and timeline — no hidden fees.

Onboarding.

Tools deployed, accounts onboarded, baseline established. Most practices are fully running within 2–4 weeks.

Ongoing operation.

24/7 monitoring, monthly reports in plain English, and a practitioner you can call when something feels off.

Honest fit check

Who this is not for

Obsidian Ridge is the right fit for most professional practices. It is not the right fit if any of the following describe you:

You want a ticket-only IT provider that responds to your tickets but never tells you what to do.
You're looking for a one-time PDF report you'll file and forget. Buy a consultant.
You already have an in-house security team and just need someone to procure tools. Buy a tool reseller.
You expect cybersecurity to be a checkbox you do once. It's a practice, not a purchase.

If any of those describe you, we'll tell you on the triage call and point you somewhere that fits better. No hard feelings.

FAQ

What size practices do you work with?

Sweet spot is 5–200 staff. Below 5, the Ridge Watch personal tier may be a better fit. Above 200, custom engagements are available.

Do you work with HIPAA-covered practices?

Yes. Medical, dental, and behavioral-health practices are core clients. The program produces the evidence the HIPAA Security Rule asks for and aligns with what insurers and auditors expect to see.

What about state-bar or other professional rules?

We work with law firms held to state-bar confidentiality and reasonable-care obligations, accounting firms under professional standards, and consultancies with client confidentiality clauses. The practitioner explains where each rule actually intersects with the technical work.

What if we already use other security tools?

Existing tools are evaluated during onboarding. In most cases, what you already pay for gets integrated rather than replaced.

How are payments structured?

Monthly billing, invoiced in advance. Annual prepay discount available. Most practices commit to 12-month terms once they're past Foundation.

What happens during an incident?

Active incidents are responded to within hours, not days. The 24/7 SOC handles initial detection and isolation; serious incidents are escalated to a senior practitioner for hands-on response and communication with you.

Are you a reseller or a service provider?

Both. The security platforms are licensed through partnerships; the service wrapped around them — strategy, response, compliance, executive reporting — is delivered directly. One accountable point of contact.

Do you sign mutual NDAs and MSAs?

Yes, both are standard before any engagement begins.

Not sure if we're a fit?

Free 20-minute triage call

Not ready for a full briefing? Book a free 20-minute triage instead. We confirm fit, scope, and whether you actually need us — or something simpler. No follow-up sequence if it's not a match.

Book free triage

Ready to scope it

Book the 30-minute briefing

Every practice has different needs, risks, and budgets. The best way to find out if this is a fit is a 30-minute discovery call — no commitment, no pressure.

Schedule Discovery Call

Recently published

What should you read before a discovery call?

June 17, 2026 · 9 min read

Do You Need CMMC? A Small Manufacturer's Guide to the 2026 Rules

If you make anything for the defense supply chain — even as a sub-tier subcontractor — CMMC may now gate your contracts. Here's who's actually in scope, what Level 2 requires, and what non-defense manufacturers should do instead.

SMB

Read article

June 17, 2026 · 9 min read

Do Auto Dealers Have to Comply with the FTC Safeguards Rule? (2026)

Most dealerships that arrange financing are 'financial institutions' under the FTC Safeguards Rule — which means a specific, named cybersecurity program is required by regulation. Here's what's on the list and how to satisfy it.

SMB

Read article

June 17, 2026 · 9 min read

GLBA, the SEC, and Your Small Advisory: Which Cybersecurity Rules Actually Apply

RIAs, insurance agencies, and small advisory firms sit under overlapping cybersecurity rules — the FTC/GLBA Safeguards Rule and, for registered firms, the SEC and FINRA. Here's which ones actually apply to you, plain-English.

SMB

Read article

Founder

A practitioner-led service model

"After over a decade working with security operations and helping organizations through compliance audits, we built Obsidian Ridge to give small practices the same defense capability enterprises have — without the enterprise price tag or dashboards no one has time to use."

— Kfir, CISSP | Founder

About Kfir Book a briefing

Cybersecurity for practices that cannot afford downtime.

What this is, who it's for, what it costs.

Who this is not for

Obsidian Ridge is the right fit for most professional practices. It is not the right fit if any of the following describe you:

You want a ticket-only IT provider that responds to your tickets but never tells you what to do.

You're looking for a one-time PDF report you'll file and forget. Buy a consultant.

You already have an in-house security team and just need someone to procure tools. Buy a tool reseller.

You expect cybersecurity to be a checkbox you do once. It's a practice, not a purchase.

If any of those describe you, we'll tell you on the triage call and point you somewhere that fits better. No hard feelings.

A practitioner-led service model

— Kfir, CISSP | Founder