ThreatDefend™ — Fully Managed mXDR · Powered by CrowdStrike

We Bring the Technology. You Stay Protected.

No license shopping. No vendor evaluation. No technology to manage. Vijilan deploys, manages, and defends with the world’s leading endpoint security platform across every domain. SOC actively contains threats on every tier — not just at Premium.

Zero

license management required

Every

tier includes SOC actions

Core

includes identity protection

24/7

global human SOC coverage

Zero Complexity - What That Means

Vijilan manages all Falcon licensing
Vijilan has already vetted the technology
Vijilan deploys and configures everything
Vijilan tunes, updates and optimizes
Identity protection included at Core - not gated behind Advanced

TD Modules - All Vijilan-Managed

Service Overview Video

See ThreatDefend in Action

Watch how Vijilan turns managed detection into active containment, guided remediation, and post-incident hardening through a 24/7 expert SOC.

Two Products. One Partner Program.

Choose the Right Path for Each Client

ThreatRespond and ThreatDefend cover the same six domains. The difference is who brings the technology.

ThreatRespond™

We monitor it. We respond to it.

Vendor-agnostic. Vijilan’s SOC wraps around whatever tools the client already runs — any EDR, any firewall, any cloud. No rip-and-replace. Active containment on existing tools at Premium tier.

ThreatDefend™

We bring it. We manage it. You stay protected.

Vijilan deploys and manages the full CrowdStrike Falcon stack. Zero procurement complexity. Zero license management. SOC actively contains threats on every tier from Core — including identity lockdown and endpoint isolation.

The ThreatDefend Technology Stack — TD Modules

Hand-Selected. Fully Vetted. Enterprise-Grade.

Every technology in ThreatDefend was selected because it is the leader in its domain. Vijilan manages all licensing, deployment, configuration and tuning. Partners and clients never touch it.

Endpoint Domain

TD EDR — ThreatDefend EDR

CrowdStrike Falcon MSSP Defend Bundle

Falcon Prevent, Falcon Insight XDR, Firewall Management, Device Control and Threat Graph Standard. Vijilan SOC can isolate hosts, terminate processes, quarantine files, and guide eradication and recovery on every tier.

SIEM Domain

TD SIEM — ThreatDefend SIEM

CrowdStrike Falcon Next-Gen SIEM / LogScale

High-speed log management and real-time cross-domain correlation. Vijilan absorbs ingest costs, so partners and clients never see data volume charges.

Identity Domain - Included at Core

TD ITDR — ThreatDefend Identity

CrowdStrike Falcon Identity Threat Protection

Full ITDR across Active Directory, Entra ID and Okta. Detects credential abuse, impossible travel, privilege escalation, BEC precursors and Golden Ticket attacks in real time.

Exposure Domain - Advanced+

TD XPM — ThreatDefend Exposure

Falcon Exposure Management

CrowdStrike combined exposure SKU covering Falcon Spotlight, Falcon Discover and external attack surface management in a single module. Risk prioritization is based on active threat context, not only CVSS scores.

Threat Hunting Layer - Premium+

TD Hunt — ThreatDefend Threat Hunting

Falcon OverWatch

CrowdStrike elite 24/7 threat hunting inside Falcon. At Premium and above, it operates alongside Vijilan SOC hunting for two independent hunting layers.

Data Pipeline

Cribl Stream — Universal Ingestion

Cribl Stream Data Pipeline & Routing

Connects and normalizes data from firewalls, cloud platforms, email gateways, SaaS applications and other technology in the environment. Vijilan configures and manages the full pipeline.

Why Identity Is Included at Core

Identity cannot wait for an upgrade.

Identity is the number-one attack vector. More than 80% of breaches involve compromised credentials. Every client needs Entra ID and Active Directory watched from day one, so TD ITDR is included at Core.

What Partners Never Have to Do

ThreatDefend™ Service Tiers

Core, Advanced, Premium, Elite

Every tier includes 24/7 active SOC containment, full white-label, PSA integration and zero license management. Pricing is available exclusively through your Channel Manager.

EDR + identity + SIEM - day one

Core

Endpoint, identity and M365 are all managed. SOC acts immediately.

TD EDR - Falcon Prevent, Insight XDR, Firewall Management, Device Control and Threat Graph
TD SIEM - LogScale with no data volume charges
TD ITDR - Falcon Identity Protection across Entra ID, AD and Okta
M365 and Entra ID monitoring included at Core
SOC host isolation, process kill, file quarantine and account lockdown
PSA integration and full white-label

Vijilan Manages

Exposure + asset intelligence

Advanced

Adds full exposure visibility across assets, vulnerabilities, shadow IT and external attack surface.

Everything in Core, plus TD XPM
Falcon Exposure Management combined SKU
Asset inventory and shadow IT visibility
Vulnerability prioritization by active threat context
External attack surface discovery
1-year hot plus 7-year cold SIEM retention
HIPAA, PCI DSS 4.0, NIST CSF 2.0 and CMMC L1 support

Vijilan Manages

Dual threat hunting + full mXDR

Premium

OverWatch hunts inside Falcon while Vijilan SOC hunts across all six domains.

Everything in Advanced, plus TD Hunt
Falcon OverWatch threat hunting across endpoint and identity telemetry
Vijilan SOC threat hunting across network, email, cloud, apps, IoT/OT and mobile
Two independent hunting layers operating simultaneously
CMMC L2 and SOC 2 audit evidence packages
Dedicated named SOC concierge
Monthly threat intelligence briefing by vertical

Vijilan Manages

Enterprise MSSPs + bespoke

Elite

Designed for advanced partner programs that need custom engineering, advisory support and high-touch response.

Everything in Premium, plus custom YARA detection rules
vCISO advisory hours and board-ready reporting
Forward-deployed Vijilan engineer
Custom compliance for CMMC L3, DORA and NIS2
Cribl data pipeline optimization
1-hour IR retainer SLA

Vijilan Manages

Legacy Package Mapping

Old ThreatRemediate Packages, Aligned to Current ThreatDefend Tiers

The previous Essential, Essential & Add-ons, and Premium structure is preserved conceptually, but mapped into the current Core, Advanced, Premium, and Elite ThreatDefend model.

Essential

Now represented by ThreatDefend Core: managed EDR/XDR, SIEM, identity protection, 24/7 SOC monitoring, automated response, and active containment.

Essential & Add-ons

Now represented by Advanced or selected TD modules: adds exposure management, identity depth, cloud/SaaS visibility, and additional risk context.

Premium

Now represented by ThreatDefend Premium: complete managed XDR with advanced add-ons, dual hunting layers, compliance evidence, and named SOC support.

Active Containment - Every Tier

The SOC Acts. On Every Tier.

ThreatDefend is not a monitoring service that sends tickets. It is an active defense operation. Vijilan’s SOC detects, investigates and contains threats — on every tier, without waiting for partner or client approval.

Endpoint Isolation

SOC isolates infected hosts from the network immediately using CrowdStrike Falcon real-time response capabilities.

Identity Lockdown

SOC disables compromised accounts in Entra ID and AD, revokes active sessions and enforces MFA in real time. Available at Core.

File Quarantine & Process Kill

SOC quarantines malicious files and terminates active malicious processes across Falcon-protected endpoints upon confirmation.

Eradication & Recovery Assist

After containment, the SOC assists through threat eradication, system recovery and post-incident reporting.

TD Hunt - Premium+

CrowdStrike OverWatch

CrowdStrike’s elite threat hunting team operates inside the Falcon platform, hunting across endpoint and identity telemetry using global threat intelligence.

Vijilan SOC Threat Hunting

Six-domain context OverWatch cannot reach

Vijilan’s SOC hunts across firewalls, network, email gateways, cloud, SaaS, applications, IoT/OT and mobile using client-specific context and history.

At Premium and above, both operate simultaneously.

They complement each other. They do not overlap.

Complete Protection Lifecycle

How ThreatDefend Delivers Complete Protection

The legacy 6-step ThreatRemediate lifecycle is retained as a clean ThreatDefend operating model: prepare, detect, investigate, remediate, harden, and continuously improve.

Prepare & Prevent

Build playbooks, tune controls, and prepare the environment before incidents start.

Detect

Use AI-assisted detection across endpoint, identity, cloud, network, application, and data signals.

Investigate

24/7 SOC analysts validate every signal and eliminate false positives before escalation.

Respond & Remediate

SOC takes direct action: isolate endpoints, disable accounts, quarantine files, and neutralize threats.

Report & Harden

Deliver incident reports, remediation notes, and security-hardening recommendations.

Review & Refine

Improve detection, response, and prevention logic after every incident for stronger resilience.

Available to ThreatRespond Partners

Add Individual TD Modules Without Switching Products

ThreatRespond clients can purchase individual ThreatDefend modules that run independently alongside their existing tools. No product switch. No tool replacement.

Managed Identity Threat Detection

TD ITDR - Falcon Identity Protection

Full ITDR across AD, Entra ID and Okta. Deploys via lightweight identity sensor, independent of any existing EDR. Works alongside SentinelOne, Defender or any other endpoint agent without conflict.

Managed Exposure Management

TD XPM - Falcon Exposure Management

Asset inventory, vulnerability prioritization, shadow IT visibility and external attack surface management in a single combined SKU. Vijilan manages the license.

Managed SaaS Security

SaaS Security Posture Management

Security posture management across 150+ applications including M365, Google Workspace, Salesforce and Slack. Misconfiguration detection, shadow SaaS discovery and GenAI governance.

TD Browser (Falcon Secure Access / Seraphic) is also available for browser protection across Chrome, Edge, Safari and Firefox. Available à la carte outside standard tiers, subject to minimum requirements. Contact your Channel Manager.

Jen AI Guidance

Questions About Active Remediation?

Keep the Jen AI sales-assist experience from the older page, but align the prompts with the current ThreatDefend messaging and service tiers.

Try asking Jen AI:

Fast Next Steps

Partners can use Jen AI to clarify package fit, compare tiers, understand modules, and guide prospects toward the right Vijilan service path.

Frequently Asked Questions

Everything Partners Need to Know

Why is identity protection included at Core and not Advanced?

Because identity is the number-one attack vector. More than 80% of breaches involve compromised credentials. Every client’s Entra ID and Active Directory should be monitored from day one, so Vijilan includes full ITDR at Core.

Do clients need to purchase any CrowdStrike licenses?

No. Vijilan manages 100% of Falcon licensing, deployment, configuration, tuning and renewals. Clients pay one managed service fee. Zero procurement complexity.

What is TD XPM and what does it include?

TD XPM maps to Falcon Exposure Management, CrowdStrike combined SKU for Falcon Spotlight, Falcon Discover and external attack surface management. It runs on the existing Falcon agent with zero additional endpoint deployment.

How does TD Hunt work with Vijilan's SOC threat hunting?

They are two independent, complementary hunting layers. Falcon OverWatch hunts endpoint and identity telemetry inside Falcon. Vijilan SOC hunts across all six domains, including firewalls, email, cloud, applications and IoT/OT. At Premium, both operate simultaneously.

Can ThreatRespond clients add ThreatDefend modules?

Yes. ThreatRespond clients can add TD ITDR, TD XPM or Managed SaaS Security without switching products. TD ITDR deploys independently of any EDR, with no conflict with SentinelOne, Defender or other endpoint agents.

What does Elite include and why is it by invitation?

Elite includes everything in Premium plus custom YARA detection engineering, vCISO advisory hours, 1-hour IR retainer SLA and a forward-deployed Vijilan engineer. It is designed for advanced partner programs and enterprise MSSP use cases.

What is ThreatDefend?

ThreatDefend is Vijilan’s fully managed mXDR service, powered by CrowdStrike and operated by Vijilan’s 24/7 SOC. It covers endpoint, identity, SIEM, exposure, cloud/SaaS, and threat hunting depending on tier, with active containment included rather than simple alert forwarding.

How is ThreatDefend different from ThreatRespond?

ThreatRespond wraps Vijilan’s SOC around the security tools a client already owns. ThreatDefend is for clients who want Vijilan to bring, deploy, manage, tune, and operate the security technology stack. ThreatRespond is vendor-agnostic; ThreatDefend is fully managed and powered by CrowdStrike.

What happens when ThreatDefend detects a threat?

Vijilan’s SOC investigates and acts. Depending on the incident, the SOC may isolate an endpoint, disable or lock down an identity, quarantine malicious files, terminate malicious processes, and support eradication and recovery. Afterward, the client receives reporting and hardening recommendations.

What technology powers ThreatDefend?

ThreatDefend uses enterprise-grade CrowdStrike technology including Falcon EDR/XDR, LogScale SIEM, Falcon Identity Protection, Falcon Exposure Management, and Falcon OverWatch at higher tiers. Vijilan also manages ingestion and routing workflows so partners do not need to manage the tooling.

Does ThreatDefend include identity protection?

Yes. Identity protection is included from Core in the new ThreatDefend model. The service monitors identity risk across Entra ID, Active Directory, and Okta, helping detect credential abuse, privilege escalation, lateral movement, and account compromise.

Praxis AI Engine

Machine Speed. Human Judgment. One Minute to Contain.

Praxis is Vijilan’s proprietary AI detection and investigation engine — the intelligence layer running inside our SOC on every alert, across every domain, before a human analyst acts.

LangGraph multi-agent investigation
MITRE ATT&CK mapping
IOC enrichment
Auto-triage and severity scoring
Cross-domain correlation
Human SOC amplifier

Pricing - User-Based, Transparent, No Surprises