Channel-Exclusive · MSP · MSSP · VAR
Any Technology. Or Ours. Either Way — One Elite SOC.
Two products. Six security domains. One 24/7 human SOC. ThreatRespond wraps around whatever your clients already run. ThreatDefend brings CrowdStrike Falcon — fully managed, zero procurement. Both include active containment, full white-label, and no minimums.
24/7 Global Human SOC SOC 2 Type 2 + ISO 27001 CrowdStrike Authorized Partner Full White-Label — Every Tier No Minimums · No Lock-In ~1 Hour Onboarding
2
Products — one answer for every client
6
Security domains — both products
1m
Median time to contain
~1hr
Full onboarding time
None
Minimums or lock-in
Choose Your Solution
One Question Decides It
Does the client want to keep their existing security tools — or have Vijilan provide the technology? Both products cover all six domains with the same 24/7 human SOC.
ThreatRespond™ — Vendor-Agnostic Managed XDR
Your Stack. Our SOC.
"Works with the tools your clients already run."
ThreatRespond is fully vendor-agnostic. Vijilan’s SOC wraps around whatever the client already has — any EDR, any firewall, any cloud, any identity provider. No rip-and-replace. At Premium tier, our SOC actively acts on the client’s existing tools without replacing them.
The Differentiator
At Premium tier, Vijilan’s SOC isolates a host running SentinelOne, disables an account in Entra ID, or blocks a phishing domain on the client’s email gateway — without replacing any technology. No competitor does this at any price.
Four Tiers — Choose Your Remediation Model
ThreatDefend™ — Fully Managed mXDR · Powered by CrowdStrike
We Bring the Technology.
"Zero license management. Zero procurement. Just protection."
ThreatDefend is for clients who want zero technology complexity. Vijilan deploys and manages the full CrowdStrike Falcon stack — TD EDR, TD SIEM, TD ITDR, TD XPM, and TD Hunt. The client pays one fee. Vijilan handles everything. SOC actively contains threats on every tier.
The Differentiator
Core already includes endpoint, SIEM, identity protection, and M365/Entra monitoring — things competitors charge extra for. Every ThreatDefend tier includes active SOC containment. No waiting. No guided-only tiers.
Four Tiers — SOC Acts on Every Single One
If the client has...
Existing security tools they want to keep
→ ThreatRespond wraps around their stack. Active containment on existing tools at Premium tier.
⟷
If the client wants...
Zero technology complexity
→ ThreatDefend brings CrowdStrike Falcon, manages everything. SOC acts on every tier from Core.
Attack Surface Coverage
Six Domains. Both Products. Always.
Whether a client chooses ThreatRespond or ThreatDefend, Vijilan’s SOC covers the same six security domains simultaneously. Cross-domain correlation catches the attacks that single-domain tools miss.
Endpoint
Workstations, laptops, servers — any EDR or Falcon
Network
Firewalls, switches, routers — any vendor
Identity
AD, Entra ID, Okta, Google Workspace
Cloud & SaaS
AWS, Azure, GCP, Microsoft 365
Email & Data
Mimecast, Proofpoint, Exchange, Defender for O365
Apps · IoT · OT
Web apps, IIS, IoT/OT devices, mobile
SIEM Included — No Data Volume Charges
Vijilan’s SIEM powered by CrowdStrike LogScale is included with both products at every tier. No separate purchase. No per-GB pricing. 90-day hot + 7-year cold retention at Core. 1-year hot + 7-year cold at Advanced and above.
Why Cross-Domain Correlation Matters
A phishing email compromises an identity. That identity accesses a cloud workload. The workload exfiltrates via an application API. Only a SOC monitoring all six domains simultaneously catches the full chain — not just the endpoint alert.
Tier Comparison
Core → Advanced → Premium → Elite
Every tier includes 24/7 SOC, SIEM, PSA integration, and full white-label. Pricing available exclusively through your Channel Manager.
🔒 Pricing available exclusively through your Channel Manager or Partner Portal. Never on this page.
ThreatRespond™ — Vendor-Agnostic Tiers
Core
Any tech · Entry tier
“24/7 SOC across all 6 domains. Any technology stack.”
📋 Guided — SOC instructs
- ✓24/7 SOC — all 6 domains
- ✓Any EDR — vendor-agnostic
- ✓Network & firewall monitoring
- ✓Active Directory + Entra ID
- ✓Microsoft 365 monitoring
- ✓Vijilan SIEM — 90-day hot
- ✓ThreatSensor (Cribl Stream)
- ✓Guided remediation
- ✓PSA integration + white-label
- — Full ITDR — Advanced
- — Active containment — Premium
⭐ Most Popular
Advanced
Compliance · ITDR
“Full identity, dark web, compliance reporting.”
📋 Guided — SOC instructs
- ✓Everything in Core, plus:
- ✦Full ITDR — BEC, impossible travel, credential stuffing, OAuth abuse, lateral movement
- ✦Okta + Google Workspace
- ✦AWS, Azure, GCP monitoring
- ✦Dark web monitoring
- ✦1-year hot + 7-year cold SIEM
- ✦HIPAA, PCI DSS 4.0, NIST CSF 2.0, CMMC L1
- ✦Priority 15-min SLA
- ✦White-labeled QBR templates
Premium
Regulated · High-risk
“SOC acts on clients’ existing tools — no replacement.”
⚡ SOC Acts — Existing Tech
- ✓Everything in Advanced, plus:
- ✦Isolate hosts on SentinelOne, Defender, any EDR
- ✦Disable accounts in Entra ID / AD
- ✦Block phishing domains on email gateways
- ✦Enforce firewall rules — any vendor
- ✦Exposure management via SOC
- ✦IoT/OT + mobile monitoring
- ✦CMMC L2 + SOC 2 audit evidence
- ✦Dedicated named SOC concierge
By Invitation
Elite
Enterprise MSSPs
“Makes Premium the obvious rational choice.”
⚡ Bespoke mXDR
- ✓Everything in Premium, plus:
- ✓Custom detection engineering
- ✓vCISO advisory hours
- ✓IR retainer — 1-hour SLA
- ✓Forward-deployed engineer
- ✓CMMC L3, DORA, NIS2
Pricing anchor — Elite makes Premium look like the rational choice for most clients.
ThreatDefend™ — CrowdStrike-Powered Tiers
Core
Full protection — day one
“EDR + identity + M365 + SIEM — all managed. SOC acts.”
⚡ SOC Acts — Every Tier
- ✓TD EDR — Falcon Prevent + Insight XDR + Firewall Mgmt + Device Control
- ✓TD SIEM — LogScale, no data volume charges
- ✓TD ITDR — Falcon Identity Protection — full ITDR on Entra ID, AD, Okta
- ✓M365 + Entra ID monitoring — included
- ✓SOC: host isolation, process kill, file quarantine, account lockdown
- ✓Charlotte AI agentic detection
- ✓Vijilan manages all licensing
- — TD XPM — Advanced
- — TD Hunt (OverWatch) — Premium
⭐ Most Popular
Advanced
Exposure + asset intelligence
“Adds full exposure management — every asset, every risk.”
⚡ SOC Acts + Exposure
- ✓Everything in Core, plus:
- ✦TD XPM — Falcon Exposure Management (includes Spotlight + Discover + external attack surface)
- ✦Asset inventory + shadow IT visibility
- ✦Vulnerability prioritization by active threat context
- ✦External attack surface discovery
- ✦1-year hot + 7-year cold SIEM retention
- ✦HIPAA, PCI DSS 4.0, NIST CSF 2.0, CMMC L1
- ✦Zero licensing complexity across all modules
Premium
Dual threat hunting
“OverWatch inside Falcon. Vijilan SOC across all 6 domains.”
⚡ SOC Acts + Dual Hunt
- ✓Everything in Advanced, plus:
- ✦TD Hunt — Falcon OverWatch — CrowdStrike elite 24/7 threat hunting inside Falcon platform
- ✦Vijilan SOC threat hunting — network, email, cloud, apps, IoT/OT (domains OverWatch cannot reach)
- ✦Two independent hunting layers simultaneously
- ✦CMMC L2 + SOC 2 audit evidence packages
- ✦Dedicated named SOC concierge
- ✦Cross-domain coordinated response
By Invitation
Elite
Enterprise MSSPs
“Makes Premium the obvious rational choice.”
⚡ Bespoke mXDR
- ✓Everything in Premium, plus:
- ✓Custom YARA detection engineering
- ✓vCISO advisory hours
- ✓IR retainer — 1-hour SLA
- ✓Forward-deployed Vijilan engineer
- ✓CMMC L3, DORA, NIS2
Pricing anchor — Elite makes Premium look like the rational choice.
MSP Partner Program
Registered. Silver. Gold. Built to Scale With You.
No minimum to start. NFR licenses at Silver and Gold let your team experience both products on your own environment before you sell them. The first time Vijilan locks a compromised account on your own Entra ID tenant — automatically, without waking anyone up — that’s the moment you’re sold.
NFR Licenses by Partner Tier
| Tier | ThreatRespond NFR | ThreatDefend NFR |
|---|---|---|
| Registered | Core — 10 users Guided | Not included |
| Silver | Advanced — 25 users SOC Acts | Core — 10 endpoints SOC Acts |
| Gold | Premium — 50 users Full Active | Advanced — 25 endpoints SOC Acts + XPM |
Internal use only · Partner's own production environment · Renewed annually
Common Questions
Everything Partners Need to Know
What's the difference between ThreatRespond and ThreatDefend?
ThreatRespond works with whatever technology clients already run — any EDR, any firewall, any cloud. No replacement required. ThreatDefend is Vijilan’s fully managed service — we bring CrowdStrike Falcon, manage all licensing, and the SOC acts on every tier. Both cover all six security domains.
Can I offer both products to different clients?
Yes — and most Vijilan partners do. ThreatRespond is right for clients with existing security investments they want to keep. ThreatDefend is right for clients who want zero technology complexity. Both are available through the same partner agreement and portal.
Does ThreatDefend Core really include identity protection?
Yes. TD ITDR (Falcon Identity Protection) is included at Core — not gated behind Advanced. This covers full behavioral ITDR across Entra ID, Active Directory, and Okta. No competitor includes identity at their entry tier. That’s intentional. We believe identity is too critical to be optional.
What does "SOC Acts" mean exactly?
At ThreatDefend, the SOC acts on every tier — isolating endpoints, disabling accounts, quarantining files, and assisting through eradication and recovery. At ThreatRespond Premium, the SOC acts on the client’s existing tools — isolating a SentinelOne host, blocking a domain on Mimecast, disabling an account in Entra ID — without replacing any technology.
Are there minimum seat counts or annual contracts?
No minimums of any kind. No minimum seat count, no minimum spend, no annual contract. Partners can start with a single client. A 30-day no-questions-asked opt-out trial is available for both products.
What is TD Hunt and how does it work with Vijilan's SOC threat hunting?
TD Hunt is Falcon OverWatch — CrowdStrike’s elite 24/7 threat hunting team operating inside the Falcon platform across endpoint and identity telemetry. Vijilan’s SOC simultaneously hunts across all six domains — including network, email, cloud, applications, and IoT/OT, which OverWatch cannot see. At Premium, these are two independent hunting layers.
Two Products. Every Client Covered.
ThreatRespond works with what they have. ThreatDefend brings what they need. Both start in about an hour. Neither requires a minimum commitment.
ThreatRespond™
Vendor-agnostic. Any technology. Active containment at Premium on existing tools.
ThreatDefend™
CrowdStrike-powered. Fully managed. SOC acts on every tier. Identity included at Core.
Partner Program
Registered, Silver, Gold. NFR licenses at Silver and Gold. No minimums. 30-day opt-out.
Pricing exclusively through your Channel Manager or Partner Portal
Praxis AI Engine
The AI Brain Behind Every Response
Praxis is Vijilan’s proprietary AI detection and investigation engine — the intelligence layer running inside our SOC on every alert, across every domain, before a human analyst acts.
What Praxis Does
Machine Speed. Human Judgment. One Minute to Contain.
Every alert from every security domain passes through Praxis before a human analyst sees it. Praxis doesn’t replace the human SOC — it makes our analysts operate at a speed and fidelity no purely human team can match. It’s the engine behind Vijilan’s 1-minute median time to contain.
Investigation
Multi-agent LangGraph pipeline automatically investigates every alert — correlating signals across all six domains simultaneously before presenting findings to the analyst.
Enrichment
IOC enrichment from threat intelligence feeds, MITRE ATT&CK technique mapping, and severity scoring derived from real adversary behavior — not just CVE scores.
Triage
Automated alert triage separates confirmed threats from false positives before they reach a human analyst — reducing noise and ensuring every escalation is a real threat.
Context
RAG-powered threat context retrieves relevant historical patterns, similar incident precedents, and client-specific environment data to inform every investigation decision.
Praxis Capabilities
LangGraph Multi-Agent MITRE ATT&CK Mapping IOC Enrichment Auto-Triage Cross-Domain Correlation RAG Threat Context Behavioral Scoring Human SOC Amplifier
What Praxis Is Not
Praxis is not an autonomous agent that replaces human judgment. It is a force multiplier — the AI layer that enriches, correlates, and prioritizes so that human analysts spend their time on confirmed threats, not alert noise. Every containment decision is made by a trained human analyst informed by Praxis — not by an algorithm acting alone.
The Result
1-minute median time to contain.
Partners benefit from Praxis automatically — on every tier, both products. No configuration. No additional cost. Praxis is built into the Vijilan SOC, and the Vijilan SOC is what partners are buying.
Pricing — User-Based, Transparent, No Surprises
Vijilan managed security is priced per endpoint and per user per month — no flat fees, no data volume charges on SIEM, no hidden costs. Pricing scales with the client, not against them. Exact pricing is available exclusively to verified Vijilan partners through the Partner Portal or your Channel Manager.