Authority Opens Procurement for EDR Deployment and SOC Monitoring
A new contract for Endpoint Detection and Response with continuous SOC monitoring shows how public bodies are shifting towards managed cybersecurity services.
A new contract for Endpoint Detection and Response with continuous SOC monitoring shows how public bodies are shifting towards managed cybersecurity services.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
Implementation of Endpoint Detection and Response (EDR) technology with Security Operations Center (SOC) monitoring is at the heart of a new contract from Märkischer Kreis - Der Landrat. The procurement couples an EDR roll‑out with continuous SOC monitoring and operation, illustrating how local public administrations are turning to managed cybersecurity services to meet rising regulatory expectations under the NIS 2 Directive and to strengthen their response to cyber attacks.
The contract notice, published on 26th November 2025, is succinct: it calls for the “implementation of an Endpoint Detection & Response solution for Märkischer Kreis with continuous monitoring and operation by a Security Operations Center.” Even in a few lines, it sets out an important shift: the authority is procuring not just a security product, but an operational monitoring service wrapped around it.
Endpoint Detection and Response focuses on the devices where people work and where attacks often start. By monitoring endpoint activity and supporting rapid response, EDR platforms are intended to improve the chances of spotting and containing intrusions early. Tying that capability to a Security Operations Center means alerts and incidents are handled through a dedicated function rather than left to individual IT teams.
The emphasis on “continuous monitoring and operation” matters. Instead of relying on periodic checks or local oversight, the district wants an EDR deployment that is watched and managed on an ongoing basis. That aligns with a broader move in the public sector away from one‑off technology purchases and towards outcomes delivered as managed services.
New cybersecurity requirements under the EU’s NIS 2 Directive are pushing public bodies to strengthen monitoring, detection and incident response. The Märkischer Kreis project reflects this by building SOC operation into the core of its EDR deployment, rather than treating monitoring as an optional extra.
Across Europe, recent notices show the same pattern of pairing advanced detection tools with round‑the‑clock oversight. In October 2025, Durham County Council issued a prior information notice for a market engagement on Extended Detection and Response solutions. It set out plans to protect endpoints and email while being “complemented by 24/7 Security Operations Centre services” to enhance cybersecurity measures.
Several other contracting authorities now explicitly require 24/7 or real‑time monitoring:
Taken together, these notices show continuous oversight is becoming standard for public bodies. The Märkischer Kreis procurement fits squarely into that landscape by specifying SOC‑based monitoring from the outset.
Beyond the focus on continuity, many 2025 tenders combine EDR with broader security operations capabilities. Some are building new SOCs around EDR; others are folding EDR into wider modernisation programmes.
In October 2025, CNOSF launched a contract for the creation of a SOC and Cyber Threat Intelligence system, combined with selection and integration of an EDR solution. In July 2025, Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) sought Security Operations Center services as a Managed Detection and Response offering, covering several institutions that could order services according to their own needs.
Regional and local administrations are also turning to outsourced, managed SOC models. Région Grand Est is procuring an outsourced SOC service to support its Digital Directorate, complete with managed EDR/Endpoint Protection Platform and centralised log collection.
The financing model is shifting as well. Rather than buying perpetual software licences and running everything internally, several public buyers are opting for subscription or rental approaches tied to services:
This broader pattern helps explain the shape of the Märkischer Kreis procurement. By specifying continuous SOC monitoring alongside EDR implementation, the district is signalling that it expects a service‑oriented relationship with its supplier, not just delivery of software and a brief handover.
The Märkischer Kreis notice also sits within a visible cluster of EDR and SOC procurements from district administrations, city authorities and universities in the German‑speaking public sector.
In June 2025, MGS Münchner Gesellschaft für Stadterneuerung mbH went to market for a Managed Security Operations Center to provide continuous monitoring, incident response services and integration with existing IT infrastructure. In July 2025, Stadtverwaltung Ellwangen issued a tender for a cloud‑based EDR solution with managed security services, aiming to boost protection against cyber threats and ensure continuous security operations.
Higher education is taking a similar route. The Technical University of Berlin is procuring an EDR‑based antivirus endpoint protection solution to strengthen its defences against ransomware and advanced persistent threats across a diverse IT environment. Landkreis Uckermark is seeking an integrated EDR/MDR solution tailored to the needs of public administration and designed to ensure comprehensive coverage of security standards.
Even law‑enforcement bodies and EU institutions are moving in the same direction. Kantonspolizei Bern is tendering for SOC support, replacing and expanding services for EDR, incident response, vulnerability management and SIEM while integrating new solutions with external partners. At EU level, the European Investment Bank is establishing an off‑site SOC through its IT security managed services tender, aiming for continuous security monitoring and incident response across the EIB Group’s IT infrastructure.
Across these procurements, a few themes recur: integration with existing infrastructure, clear division of responsibilities between in‑house teams and external SOC providers, and alignment with formal security standards. The managed SOC tenders from MGS Münchner Gesellschaft für Stadterneuerung and Brandenburgische Technische Universität Cottbus‑Senftenberg, for example, both stress integration with current IT environments and coordination with established incident response arrangements.
As NIS 2 cybersecurity requirements continue to shape public‑sector risk management, more authorities are likely to follow Märkischer Kreis in combining EDR deployments with continuous SOC monitoring. The success of this EDR and SOC contract will be an indicator of how district‑level administrations can balance centralised monitoring with local accountability for cyber risk.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.