ThreatDefendโข โ Fully Managed mXDR ยท Powered by CrowdStrike
We Bring the Technology. You Stay Protected.
No license shopping. No vendor evaluation. No technology to manage. Vijilan deploys, manages, and defends with the world’s leading endpoint security platform across every domain. SOC actively contains threats on every tier โ not just at premium.
Zero Complexity โ What That Means
- Zero license purchasing โ Vijilan manages all Falcon licensing
- Zero vendor evaluation โ Vijilan has already vetted the best tools
- Zero implementation โ Vijilan deploys and configures everything
- Zero ongoing management โ Vijilan tunes, updates, and optimizes
- Identity protection included at Core โ not gated behind Advanced
ThreatDefendโข โ At a Glance
Zero
License management required from client
Every
Tier โ SOC actively contains threats
Core
Includes identity protection โ not gated
24/7
Global human SOC + OverWatch at Premium
TD Modules โ All Vijilan-Managed
- TD EDR โ Falcon MSSP Defend Bundle
- TD SIEM โ CrowdStrike LogScale
- TD ITDR โ Falcon Identity Protection
- TD XPM โ Falcon Exposure Management
- TD Hunt โ Falcon OverWatch (Premium+)
Two Products. One Partner Program.
Choose the Right Path for Each Client
ThreatRespond and ThreatDefend cover the same six domains. The difference is who brings the technology.
ThreatRespondโข
Your clients' technology.
We monitor it. We respond to it.
Vendor-agnostic. Vijilan’s SOC wraps around whatever tools the client already runs โ any EDR, any firewall, any cloud. No rip-and-replace. Active containment on existing tools at Premium tier.
You Are Here
ThreatDefendโข
Vijilan's technology.
We bring it. We manage it. You stay protected.
Vijilan deploys and manages the full CrowdStrike Falcon stack. Zero procurement complexity. Zero license management. SOC actively contains threats on every tier from Core โ including identity lockdown and endpoint isolation.
The ThreatDefend Technology Stack โ TD Modules
Hand-Selected. Fully Vetted. Enterprise-Grade.
Every technology in ThreatDefend was selected because it is the leader in its domain. Vijilan manages all licensing, deployment, configuration, and tuning. Partners and clients never touch it.
Endpoint Domain
TD EDR โ ThreatDefend EDR
CrowdStrike Falcon MSSP Defend Bundle
Falcon Prevent (NGAV) + Falcon Insight XDR (EDR) + Firewall Management + Device Control + Threat Graph Standard. Charlotte AI drives agentic detection workflows at machine speed. SOC: host isolation, process termination, file quarantine, eradication + recovery assist on every tier.
โ Vijilan manages all licensing & deployment
SIEM Domain
TD SIEM โ ThreatDefend SIEM
CrowdStrike Falcon Next-Gen SIEM / LogScale
High-speed log management and real-time cross-domain correlation. Powers Vijilan’s ViSH SIEM platform. Vijilan absorbs all ingest costs โ partners and clients never see data volume charges. 90-day hot + 7-year cold at Core. 1-year hot + 7-year cold at Advanced+.
โ No data volume charges โ ever
Identity Domain โ Included at Core
TD ITDR โ ThreatDefend Identity
CrowdStrike Falcon Identity Threat Protection
Full ITDR across Active Directory, Entra ID, and Okta. Detects credential abuse, impossible travel, privilege escalation, BEC precursors, Golden Ticket attacks in real time. Deploys via lightweight identity sensor โ independent of endpoint agent. No EDR conflicts. SOC-authorized: account disable, session revoke, MFA enforce.
โ Included at Core โ no tier upgrade required
Exposure Domain โ Advanced+
TD XPM โ ThreatDefend Exposure
Falcon Exposure Management (Combined SKU)
CrowdStrike’s combined exposure SKU โ includes Falcon Spotlight (vulnerability prioritization), Falcon Discover (asset inventory + shadow IT), and external attack surface management in a single module. Runs on existing Falcon agent โ zero additional endpoint deployment. Risk prioritization based on active threat context, not just CVSS scores.
โ One SKU covers Spotlight + Discover + external ASM
Threat Hunting Layer โ Premium+
TD Hunt โ ThreatDefend Threat Hunting
Falcon OverWatch โ CrowdStrike Elite Threat Hunting
CrowdStrike’s 24/7 elite threat hunting team operating inside the Falcon platform โ AI-powered hunting across endpoint and identity telemetry at machine speed. At Premium+, operates alongside Vijilan SOC threat hunting โ two independent layers covering different domains simultaneously.
โ Augments Vijilan SOC โ not a replacement
Data Pipeline โ All Tiers
Cribl Stream โ Universal Ingestion
Cribl Stream โ Data Pipeline & Routing
Connects and normalizes data from any source โ firewalls, cloud platforms, email gateways, SaaS applications, and any other technology in the environment. Routes all signals into TD SIEM with proper formatting and enrichment. Vijilan manages the full Cribl deployment and all data pipeline configuration.
โ Connects any data source โ Vijilan configures all pipelines
Why Identity Is Included at Core
Identity is the #1 attack vector. 80%+ of breaches involve compromised credentials. Making identity monitoring a paid upgrade is a Toyota decision. We include TD ITDR at Core because every client’s Entra ID and Active Directory needs to be watched from day one โ not after they’ve been breached.
What Partners Never Have to Do
- Evaluate security vendors
- Purchase or negotiate technology licenses
- Deploy or configure security platforms
- Manage software updates or renewals
- Track license counts or renewals
ThreatDefendโข Service Tiers
Core โ Advanced โ Premium โ Elite
Every tier includes 24/7 active SOC containment, full white-label, PSA integration, and zero license management. Pricing available exclusively through your Channel Manager.
๐ Pricing available exclusively through your Channel Manager or Partner Portal. Never on this page.
Core
EDR + identity + SIEM โ day one
“Endpoint, identity, M365 โ all managed. SOC acts immediately.”
โก SOC Acts โ Every Tier
TD EDRTD SIEMTD ITDR
- โTD EDR โ Falcon Prevent + Insight XDR + Firewall Mgmt + Device Control + Threat Graph
- โTD SIEM โ LogScale, no data volume charges, 90-day hot + 7-year cold
- โTD ITDR โ Falcon Identity Protection โ full ITDR on Entra ID, AD, Okta
- โM365 + Entra ID monitoring โ included at Core
- โCharlotte AI agentic detection
- โSOC: host isolation, process kill, file quarantine, account lockdown
- โSOC-assisted eradication & full recovery
- โPSA integration + full white-label
- โTD XPM (Exposure Mgmt) โ Advanced
- โTD Hunt (OverWatch) โ Premium
Vijilan manages all licensing for
โญ Most Popular
Advanced
Exposure + asset intelligence
“Adds full exposure โ every asset, every vulnerability, every risk.”
โก SOC Acts + Exposure Intelligence
TD EDRTD SIEMTD ITDR+ TD XPM
- โEverything in Core, plus:
- โฆTD XPM โ Falcon Exposure Management (combined SKU: Spotlight + Discover + external attack surface) โ Vijilan manages the license
- โฆAsset inventory + shadow IT visibility
- โฆVulnerability prioritization by active threat context
- โฆExternal attack surface discovery
- โฆ1-year hot + 7-year cold SIEM retention
- โฆHIPAA, PCI DSS 4.0, NIST CSF 2.0, CMMC L1
- โฆZero licensing complexity across all modules
Adds at this tier โ Vijilan manages
Premium
Dual threat hunting ยท Full mXDR
“OverWatch inside Falcon. Vijilan SOC across all 6 domains.”
โก SOC Acts + Dual Hunt Layer
TD EDRTD SIEMTD ITDR+ TD XPM+ TD Hunt
- โEverything in Advanced, plus:
- โฆTD Hunt โ Falcon OverWatch โ CrowdStrike’s elite 24/7 threat hunting inside Falcon โ endpoint + identity telemetry
- โฆVijilan SOC threat hunting โ network, email, cloud, apps, IoT/OT โ domains OverWatch cannot reach
- โฆTwo independent hunting layers operating simultaneously
- โฆCMMC L2 + SOC 2 audit evidence packages (ready for assessors)
- โฆDedicated named SOC concierge
- โฆCross-domain coordinated response
- โฆMonthly threat intelligence briefing by vertical
Adds at this tier โ Vijilan manages
By Invitation
Elite
Enterprise MSSPs ยท Bespoke
“Makes Premium the obvious rational choice.”
โก Bespoke mXDR + Custom Engineering
- โEverything in Premium, plus:
- โCustom YARA detection rules for third-party sources in TD SIEM
- โvCISO advisory hours โ board-ready reporting, risk register
- โIR retainer โ 1-hour SLA
- โForward-deployed Vijilan engineer
- โCustom compliance โ CMMC L3, DORA, NIS2
- โCribl data pipeline optimization
Pricing anchor โ Elite makes Premium look like the rational choice. And Premium still costs less than most competitors’ base packages.
Active Containment โ Every Tier
The SOC Acts. On Every Tier.
ThreatDefend is not a monitoring service that sends tickets. It is an active defense operation. Vijilan’s SOC detects, investigates, and contains threats โ on every tier, without waiting for partner or client approval.
Endpoint Isolation
SOC isolates infected hosts from the network โ immediately, without waiting for approval. Powered by CrowdStrike Falcon’s real-time response capabilities.
Identity Lockdown
SOC disables compromised accounts in Entra ID and AD, revokes active sessions, and enforces MFA โ all in real time. Available at every tier including Core.
File Quarantine & Process Kill
SOC quarantines malicious files and terminates active malicious processes across all Falcon-protected endpoints โ immediately upon confirmation.
Eradication & Recovery Assist
After containment, the SOC assists through complete threat eradication and system recovery โ not just detection and a ticket. Full post-incident report included.
TD Hunt โ Two Independent Hunting Layers at Premium+
Falcon OverWatch
CrowdStrike’s elite threat hunting team operating inside the Falcon platform. Hunts across endpoint and identity telemetry using CrowdStrike’s global threat intelligence โ 2.7M+ detections monthly.
Vijilan SOC Threat Hunting
Vijilan’s SOC hunts across all 6 domains โ firewalls, network, email gateways, cloud, SaaS, applications, IoT/OT, and mobile. Domains OverWatch cannot reach. Client-specific context and history.
At Premium+: Both operate simultaneously as independent layers. They complement each other. They do not overlap.
SOC Actions by Tier
Available to ThreatRespond Partners
Add Individual TD Modules Without Switching Products
ThreatRespond clients can purchase individual ThreatDefend modules that run independently alongside their existing tools. No product switch. No tool replacement.
Managed Identity Threat Detection
TD ITDR โ Falcon Identity Protection
Full ITDR across AD, Entra ID, and Okta. Deploys via lightweight identity sensor โ completely independent of any existing EDR. Works alongside SentinelOne, Defender, or any other endpoint agent without conflict.
Compatible with: Any existing EDR โ Falcon Identity deploys independently, no conflicts
Standalone โ no product switch required
Managed Exposure Management
TD XPM โ Falcon Exposure Management
Asset inventory, vulnerability prioritization, shadow IT visibility, and external attack surface management in a single combined SKU. Vijilan manages the license. Risk prioritization based on active threat context.
Compatible with: Any environment โ works alongside any existing EDR or endpoint tool
Standalone โ no product switch required
Managed SaaS Security
Falcon Shield โ SSPM
SaaS Security Posture Management across 150+ applications including M365, Google Workspace, Salesforce, Slack. Misconfiguration detection, shadow SaaS discovery, GenAI governance. API-based โ no endpoint agent required.
Compatible with: Any environment โ pure API-based monitoring, no endpoint agent needed
Standalone โ no product switch required
TD Browser (Falcon Secure Access / Seraphic) is also available โ browser protection across Chrome, Edge, Safari, and Firefox. Available ร la carte outside standard tiers. Subject to minimum requirements. Contact your Channel Manager.
Frequently Asked Questions
Everything Partners Need to Know
Why is identity protection included at Core and not Advanced?
Because identity is the #1 attack vector and making it optional is a mistake. 80%+ of breaches involve compromised credentials. Every client’s Entra ID and AD should be monitored from day one โ not after they’ve been breached. No competitor includes full ITDR at their entry tier. We do, intentionally.
Do clients need to purchase any CrowdStrike licenses?
No. Vijilan manages 100% of Falcon licensing โ TD EDR, TD SIEM, TD ITDR, TD XPM, and TD Hunt. Clients pay one managed service fee. Vijilan handles all CrowdStrike licensing, deployment, configuration, tuning, and renewals. Zero procurement complexity.
What is TD XPM and what does it include?
TD XPM maps to Falcon Exposure Management โ CrowdStrike’s combined SKU that includes Falcon Spotlight (vulnerability prioritization), Falcon Discover (asset inventory + shadow IT), and external attack surface management in a single module. Runs on the existing Falcon agent โ zero additional endpoint deployment.
How does TD Hunt work with Vijilan's SOC threat hunting?
They are two independent, complementary hunting layers. TD Hunt (Falcon OverWatch) hunts inside the Falcon platform โ endpoint and identity telemetry using CrowdStrike’s global threat intelligence. Vijilan SOC hunts across all 6 domains โ including firewalls, email, cloud, applications, and IoT/OT, which OverWatch cannot reach. At Premium, both operate simultaneously.
Can ThreatRespond clients add ThreatDefend modules?
Yes. ThreatRespond clients can add TD ITDR, TD XPM, or Managed SaaS Security without switching products. TD ITDR deploys completely independently of any EDR โ no conflicts with SentinelOne, Defender, or any other endpoint agent. All modules are licensed and managed by Vijilan.
What does Elite include and why is it "By Invitation"?
Elite includes everything in Premium plus custom YARA detection engineering, vCISO advisory hours, 1-hour IR retainer SLA, and a forward-deployed Vijilan engineer. It is By Invitation because it is designed as a pricing anchor โ it makes Premium look like the rational, obvious choice for most clients. Both serve different client profiles.
We Bring the Technology. You Stay Protected.
Zero license management. Zero vendor evaluation. SOC actively contains threats on every tier. Identity included at Core.
Become a Partner
No minimums. No lock-in. 30-day opt-out. NFR licenses at Silver and Gold.
Pricing via Channel Manager
Pricing exclusively through your Channel Manager or Partner Portal. Never on this page.
Talk to Jen AI
Instant answers about ThreatDefend, TD modules, tiers, and CMMC โ 24/7.
Praxis AI Engine
The AI Brain Behind Every Response
Praxis is Vijilan’s proprietary AI detection and investigation engine โ the intelligence layer running inside our SOC on every alert, across every domain, before a human analyst acts.
What Praxis Does
Machine Speed. Human Judgment. One Minute to Contain.
Every alert from every security domain passes through Praxis before a human analyst sees it. Praxis doesn’t replace the human SOC โ it makes our analysts operate at a speed and fidelity no purely human team can match. It’s the engine behind Vijilan’s 1-minute median time to contain.
Investigation
Multi-agent LangGraph pipeline automatically investigates every alert โ correlating signals across all six domains simultaneously before presenting findings to the analyst.
Enrichment
IOC enrichment from threat intelligence feeds, MITRE ATT&CK technique mapping, and severity scoring derived from real adversary behavior โ not just CVE scores.
Triage
Automated alert triage separates confirmed threats from false positives before they reach a human analyst โ reducing noise and ensuring every escalation is a real threat.
Context
RAG-powered threat context retrieves relevant historical patterns, similar incident precedents, and client-specific environment data to inform every investigation decision.
Praxis Capabilities
LangGraph Multi-Agent MITRE ATT&CK Mapping IOC Enrichment Auto-Triage Cross-Domain Correlation RAG Threat Context Behavioral Scoring Human SOC Amplifier
What Praxis Is Not
Praxis is not an autonomous agent that replaces human judgment. It is a force multiplier โ the AI layer that enriches, correlates, and prioritizes so that human analysts spend their time on confirmed threats, not alert noise. Every containment decision is made by a trained human analyst informed by Praxis โ not by an algorithm acting alone.
The Result
1-minute median time to contain.
Partners benefit from Praxis automatically โ on every tier, both products. No configuration. No additional cost. Praxis is built into the Vijilan SOC, and the Vijilan SOC is what partners are buying.
Pricing โ User-Based, Transparent, No Surprises
ThreatDefend is priced per endpoint and per user per month โ no flat fees, no data volume charges on SIEM, no hidden costs. Pricing scales with the client, not against them. Exact pricing is available exclusively to verified Vijilan partners through the Partner Portal or your Channel Manager.