For teams who've already invested in security tools

You bought the tools. Now get the team that watches them 24/7.

You don't need to rip out your stack to get a real SOC. Keep your EDR, your SIEM, your identity provider — and add our AI-augmented Security Operations Center on top. Your tools. Our SOC.

Book a DemoSee Pricing
Your Tools. Our SOC.

Vendor-agnostic by design.

ThreatRespond works with what you already run — SentinelOne, Microsoft Defender, Carbon Black, CrowdStrike, Cylance, Sophos, and more. No rip-and-replace. No retraining. Praxis ingests your existing telemetry, maps it to MITRE ATT&CK, correlates across all six domains, and surfaces real threats in seconds. A human analyst verifies and — from the Advanced tier — acts.

One SOC. Every surface.

Six security domains monitored simultaneously.

Endpoints & Devices

Any existing EDR — SentinelOne, Microsoft Defender, CrowdStrike, Carbon Black, Cylance, Sophos

Identity & Access

AD, Entra ID, Okta, Google Workspace, Duo

Data & Cloud Apps

M365, Exchange, SharePoint, Teams, Salesforce

Networks & Firewalls

Palo Alto, Fortinet, Cisco, SonicWall, Meraki

Cloud Infrastructure

Azure, AWS, GCP — API activity and control-plane events

Applications & SaaS

Custom app logs, WAF, custom parsers (Advanced+)

Four tiers. Pick how deep the SOC goes.

Per user / month. $500/mo platform minimum. 15% annual prepay discount. Volume discounts auto-apply at 250+ users.

Essential

$4/user/mo

SOC advises, your team acts

24/7 monitoring across all six domains
ThreatLog™ SIEM — no data caps, 7-year retention
MITRE ATT&CK mapping on every alert
White-label ready for MSP delivery
PSA/ITSM integration (ConnectWise, Autotask, HaloPSA, FreshService, Zendesk)
Most Popular

Advanced

$7/user/mo

SOC acts via ThreatContain™

ThreatContain™ — SOC disables accounts, isolates hosts, and blocks malicious IPs directly on your tooling
Full ITDR — dark web credential monitoring, impossible travel, MFA-fatigue, BEC, OAuth abuse, lateral movement
External Attack Surface Management — finds internet-facing assets and shadow IT before attackers do
15-minute response SLA
Volume discounts auto-apply at 250+ users
Full ITDR Included

Premium

$12/user/mo

SOC acts + proactive threat hunting

Proactive threat hunting — hypothesis-driven hunts mapped to MITRE ATT&CK, not just reactive triage
EASM — continuous external attack surface monitoring
CMMC Level 2 evidence package — audit-ready documentation
Compliance reporting for HIPAA, PCI DSS, NIST CSF, SOC 2, ISO 27001
Full ITDR Included

Elite

Dedicated concierge analyst

Named senior analyst — dedicated point of contact
Custom SLA — negotiated response and resolution targets
vCISO advisory — strategic security leadership
IR retainer — pre-committed incident response hours
Full ITDR Included

Frequently asked questions

Do I have to replace my current EDR?

No. ThreatRespond is vendor-agnostic and works with any major EDR. That's the entire point — keep what you have, add the SOC.

When does the SOC take action versus just alerting?

At Essential, the SOC advises and your team acts. From Advanced upward, ThreatContain™ lets the Vijilan SOC act directly — disabling accounts, isolating hosts, blocking IPs.

Is identity threat detection included?

ITDR is included from the Advanced tier up. Essential is monitoring and guided response.

How long is onboarding?

About one hour, using the ThreatSensor™ virtual appliance powered by Cribl Stream.

Is there a data cap on the SIEM?

No. ThreatLog™ has no data caps and no per-GB fees, with 7-year retention.

Keep your tools. Add the SOC they were missing.

Book a Demo Compare with ThreatDefend