We Bring the Technology. You Stay Protected.
No license shopping. No vendor evaluation. No technology to manage. Vijilan deploys, manages, and defends with the world’s leading endpoint security platform across every domain. SOC actively contains threats on every tier — not just at Premium.
- Vijilan manages all Falcon licensing
- Vijilan has already vetted the technology
- Vijilan deploys and configures everything
- Vijilan tunes, updates and optimizes
- Identity protection included at Core - not gated behind Advanced
- TD EDR - Falcon MSSP Defend Bundle
- TD SIEM - CrowdStrike LogScale
- TD ITDR - Falcon Identity Protection
- TD XPM - Falcon Exposure Management
- TD Hunt - Falcon OverWatch at Premium+
Choose the Right Path for Each Client
ThreatRespond and ThreatDefend cover the same six domains. The difference is who brings the technology.
We monitor it. We respond to it.
Vendor-agnostic. Vijilan’s SOC wraps around whatever tools the client already runs — any EDR, any firewall, any cloud. No rip-and-replace. Active containment on existing tools at Premium tier.
We bring it. We manage it. You stay protected.
Vijilan deploys and manages the full CrowdStrike Falcon stack. Zero procurement complexity. Zero license management. SOC actively contains threats on every tier from Core — including identity lockdown and endpoint isolation.
Hand-Selected. Fully Vetted. Enterprise-Grade.
Every technology in ThreatDefend was selected because it is the leader in its domain. Vijilan manages all licensing, deployment, configuration and tuning. Partners and clients never touch it.
TD EDR — ThreatDefend EDR
Falcon Prevent, Falcon Insight XDR, Firewall Management, Device Control and Threat Graph Standard. Vijilan SOC can isolate hosts, terminate processes, quarantine files, and guide eradication and recovery on every tier.
- Vijilan manages all licensing, deployment, configuration and tuning.
TD SIEM — ThreatDefend SIEM
High-speed log management and real-time cross-domain correlation. Vijilan absorbs ingest costs, so partners and clients never see data volume charges.
- 90-day hot plus 7-year cold at Core. 1-year hot plus 7-year cold at Advanced and above.
TD ITDR — ThreatDefend Identity
Full ITDR across Active Directory, Entra ID and Okta. Detects credential abuse, impossible travel, privilege escalation, BEC precursors and Golden Ticket attacks in real time.
- Included at Core. No tier upgrade required.
TD XPM — ThreatDefend Exposure
CrowdStrike combined exposure SKU covering Falcon Spotlight, Falcon Discover and external attack surface management in a single module. Risk prioritization is based on active threat context, not only CVSS scores.
- One SKU covers vulnerability prioritization, asset inventory, shadow IT and external ASM.
TD Hunt — ThreatDefend Threat Hunting
CrowdStrike elite 24/7 threat hunting inside Falcon. At Premium and above, it operates alongside Vijilan SOC hunting for two independent hunting layers.
- Augments Vijilan SOC. It does not replace it.
Cribl Stream — Universal Ingestion
Connects and normalizes data from firewalls, cloud platforms, email gateways, SaaS applications and other technology in the environment. Vijilan configures and manages the full pipeline.
- Connects any data source. Vijilan handles the pipelines.
Identity cannot wait for an upgrade.
Identity is the number-one attack vector. More than 80% of breaches involve compromised credentials. Every client needs Entra ID and Active Directory watched from day one, so TD ITDR is included at Core.
- Evaluate security vendors
- Purchase or negotiate technology licenses
- Deploy or configure security platforms
- Manage software updates or renewals
- Track license counts or renewals
Core, Advanced, Premium, Elite
Every tier includes 24/7 active SOC containment, full white-label, PSA integration and zero license management. Pricing is available exclusively through your Channel Manager.
- Pricing available exclusively through your Channel Manager or Partner Portal. Never on this page.
Core
Endpoint, identity and M365 are all managed. SOC acts immediately.
- TD EDR - Falcon Prevent, Insight XDR, Firewall Management, Device Control and Threat Graph
- TD SIEM - LogScale with no data volume charges
- TD ITDR - Falcon Identity Protection across Entra ID, AD and Okta
- M365 and Entra ID monitoring included at Core
- SOC host isolation, process kill, file quarantine and account lockdown
- PSA integration and full white-label
- CrowdStrike MSSP Defend Bundle
- CrowdStrike LogScale SIEM
- Falcon Identity Threat Protection
- Deployment, tuning, renewals and reporting
Advanced
Adds full exposure visibility across assets, vulnerabilities, shadow IT and external attack surface.
- Everything in Core, plus TD XPM
- Falcon Exposure Management combined SKU
- Asset inventory and shadow IT visibility
- Vulnerability prioritization by active threat context
- External attack surface discovery
- 1-year hot plus 7-year cold SIEM retention
- HIPAA, PCI DSS 4.0, NIST CSF 2.0 and CMMC L1 support
- Falcon Exposure Management license
- Spotlight, Discover and external ASM
- Risk prioritization and exposure reporting
- Zero licensing complexity across all modules
Premium
OverWatch hunts inside Falcon while Vijilan SOC hunts across all six domains.
- Everything in Advanced, plus TD Hunt
- Falcon OverWatch threat hunting across endpoint and identity telemetry
- Vijilan SOC threat hunting across network, email, cloud, apps, IoT/OT and mobile
- Two independent hunting layers operating simultaneously
- CMMC L2 and SOC 2 audit evidence packages
- Dedicated named SOC concierge
- Monthly threat intelligence briefing by vertical
- Falcon OverWatch
- Vijilan cross-domain hunt workflows
- Named SOC concierge
- Assessor-ready evidence packages
Elite
Designed for advanced partner programs that need custom engineering, advisory support and high-touch response.
- Everything in Premium, plus custom YARA detection rules
- vCISO advisory hours and board-ready reporting
- Forward-deployed Vijilan engineer
- Custom compliance for CMMC L3, DORA and NIS2
- Cribl data pipeline optimization
- 1-hour IR retainer SLA
- Custom response playbooks
- Detection engineering
- Forward-deployed engineering support
- Bespoke compliance and incident response coordination
The SOC Acts. On Every Tier.
ThreatDefend is not a monitoring service that sends tickets. It is an active defense operation. Vijilan’s SOC detects, investigates and contains threats — on every tier, without waiting for partner or client approval.
Endpoint Isolation
SOC isolates infected hosts from the network immediately using CrowdStrike Falcon real-time response capabilities.
Identity Lockdown
SOC disables compromised accounts in Entra ID and AD, revokes active sessions and enforces MFA in real time. Available at Core.
File Quarantine & Process Kill
SOC quarantines malicious files and terminates active malicious processes across Falcon-protected endpoints upon confirmation.
Eradication & Recovery Assist
After containment, the SOC assists through threat eradication, system recovery and post-incident reporting.
CrowdStrike OverWatch
CrowdStrike’s elite threat hunting team operates inside the Falcon platform, hunting across endpoint and identity telemetry using global threat intelligence.
Six-domain context OverWatch cannot reach
Vijilan’s SOC hunts across firewalls, network, email gateways, cloud, SaaS, applications, IoT/OT and mobile using client-specific context and history.
At Premium and above, both operate simultaneously.
They complement each other. They do not overlap.
Add Individual TD Modules Without Switching Products
ThreatRespond clients can purchase individual ThreatDefend modules that run independently alongside their existing tools. No product switch. No tool replacement.
TD ITDR - Falcon Identity Protection
Full ITDR across AD, Entra ID and Okta. Deploys via lightweight identity sensor, independent of any existing EDR. Works alongside SentinelOne, Defender or any other endpoint agent without conflict.
- Compatible with any existing EDR
TD XPM - Falcon Exposure Management
Asset inventory, vulnerability prioritization, shadow IT visibility and external attack surface management in a single combined SKU. Vijilan manages the license.
- Works alongside any existing endpoint tool
SaaS Security Posture Management
Security posture management across 150+ applications including M365, Google Workspace, Salesforce and Slack. Misconfiguration detection, shadow SaaS discovery and GenAI governance.
- API-based monitoring, no endpoint agent needed
TD Browser (Falcon Secure Access / Seraphic) is also available for browser protection across Chrome, Edge, Safari and Firefox. Available à la carte outside standard tiers, subject to minimum requirements. Contact your Channel Manager.
Everything Partners Need to Know
Why is identity protection included at Core and not Advanced?
Because identity is the number-one attack vector. More than 80% of breaches involve compromised credentials. Every client’s Entra ID and Active Directory should be monitored from day one, so Vijilan includes full ITDR at Core.
Do clients need to purchase any CrowdStrike licenses?
No. Vijilan manages 100% of Falcon licensing, deployment, configuration, tuning and renewals. Clients pay one managed service fee. Zero procurement complexity.
What is TD XPM and what does it include?
TD XPM maps to Falcon Exposure Management, CrowdStrike combined SKU for Falcon Spotlight, Falcon Discover and external attack surface management. It runs on the existing Falcon agent with zero additional endpoint deployment.
How does TD Hunt work with Vijilan's SOC threat hunting?
They are two independent, complementary hunting layers. Falcon OverWatch hunts endpoint and identity telemetry inside Falcon. Vijilan SOC hunts across all six domains, including firewalls, email, cloud, applications and IoT/OT. At Premium, both operate simultaneously.
Can ThreatRespond clients add ThreatDefend modules?
Yes. ThreatRespond clients can add TD ITDR, TD XPM or Managed SaaS Security without switching products. TD ITDR deploys independently of any EDR, with no conflict with SentinelOne, Defender or other endpoint agents.
What does Elite include and why is it by invitation?
Elite includes everything in Premium plus custom YARA detection engineering, vCISO advisory hours, 1-hour IR retainer SLA and a forward-deployed Vijilan engineer. It is designed for advanced partner programs and enterprise MSSP use cases.
Machine Speed. Human Judgment. One Minute to Contain.
Praxis is Vijilan’s proprietary AI detection and investigation engine — the intelligence layer running inside our SOC on every alert, across every domain, before a human analyst acts.
- LangGraph multi-agent investigation
- MITRE ATT&CK mapping
- IOC enrichment
- Auto-triage and severity scoring
- Cross-domain correlation
- Human SOC amplifier
We Bring the Technology. You Stay Protected.
ThreatDefend is priced per endpoint and per user per month. No flat fees, no data volume charges on SIEM and no hidden costs. Exact pricing is available exclusively to verified Vijilan partners through the Partner Portal or your Channel Manager.