Pricing

Predictable. Partner-led. No hidden modules.

Annual contract, scaled to your environment, not your incident volume. Every deployment includes the full platform, with no per-module paywalls inside it. The services and integrations you add on are always quoted separately and clearly, never buried in the bill.

How our pricing works

Predictable pricing
PILLAR 1

Predictable.

Annual price quoted up front, scaled to your environment size. No incident-based surcharges, no per-event surprise bills, no overage fees during normal operations.

Annual contract, locked rate
No per-event surcharges
Post-eradication hours included monthly
Partner-led delivery
PILLAR 2

Partner-led.

We sell through partners. Your trusted reseller, MSP, or integrator quotes you, contracts with you, and stays in the loop on delivery. We're the platform behind their service. Never above it.

Quote & contract through your partner
TD SYNNEX-distributed
Co-delivered, never disintermediated
No hidden modules
PILLAR 3

No hidden modules.

Every deployment includes the full platform: vulnerability management, vendor risk, and external attack surface, with no per-module paywalls inside it. Add-ons like Advise, Guided Implementation, and the Integration Marketplace are always quoted separately, never bolted on mid-contract.

Full platform included
No per-module paywalls
One contract, one quote
What's included

The full platform. Every deployment.

Things some vendors charge extra for. We don't.

24/7 U.S.-based SOC

included

Human Tier 1, Tier 2, and incident response analysts on U.S. soil. Critical/High response targets at 30 minutes.

All five hubs

included

Visualize, Operations, Governance, Environment, Threat Intel. Every hub on every deployment.

AI triage + incident response

included

AI classifies every alert with a confidence score and written rationale; a SOC analyst reviews each one. The always-on six-phase IR workflow runs on every incident.

Vulnerability management

included

Inventory, CVSS scoring, POAM linkage from the same data plane your SOC operates on.

Vendor risk & attestations

included

Ongoing BAA / DPA tracking with aging and renewal reminders.

External attack surface

included

Continuous outside-in view of exposed assets, mapped to internal ownership. Included up to 300 subdomains, expandable.

All control matrices

included

CMMC L2, SOC 2, PCI DSS v4.0, HIPAA, NIST CSF. Every framework, every deployment.

FAIR-USE NOTE

Post-eradication hours: 5 hrs/month, included.

A use-it-or-lose-it monthly bank for post-eradication forensics, hardening, or follow-up investigation. If you exceed it, additional hours are quoted by your partner. Most months, customers don’t.

5 hrs
monthly bank
Add-ons

Add the services you want. Nothing you don’t.

The platform is whole on its own. These are quoted separately and clearly, so you only pay for what you choose.

Advise

add-on

Senior security advisors on the same U.S. residency standard as the SOC. Strategy, framework readiness, and post-incident guidance, quoted alongside the platform.

Guided Implementation

add-on

Hands-on onboarding to stand up your environment, connect sources, and tune detections faster. A fixed-scope engagement, not open-ended consulting.

Integration Marketplace

add-on

Bidirectional integration packages beyond your included sources. Activated per package, when you need them.

EDR licensing

add-on

Bring your own EDR, or license SentinelOne, CrowdStrike, or Cybereason through ArmorPoint. Microsoft Defender is supported as a two-way integration.

How pricing scales

Tied to your environment, not your incidents.

For organizations

Quote based on environment size: identities, endpoints, data sources, and frameworks in scope. Annual contract, locked rate. Multi-year discounts available through partners.

Identities & endpoints scope-based
Data source count scope-based
Compliance frameworks all included
SOC monitoring 24/7 included

For MSPs & service providers

Volume-tiered. Per-tenant economics that improve with scale. White-label reporting with optional co-delivery. The margin question MSPs actually want answered, not avoided.

Tenant volume tiered
White-label reporting included
Co-delivered SOC optional
Cross-tenant visibility RBAC-scoped

Deployment model affects cost too: cloud is standard, and physical sites that need network monitoring add sensors. Your partner provides a specific quote on the demo call.

Pricing questions

The questions buyers ask before the demo call.

Why don’t you publish prices?
Pricing scales to environment size, framework count, and tenant model. None of which map cleanly to a price-per-seat sticker. We give you a real number on the demo call, quoted by your partner. Not a "starting at" anchor that turns into something else.
What about incident-volume surcharges?
None during normal operations. The 5 hours/month post-eradication bank covers nearly all customer engagement; additional hours are quoted by your partner only if you exceed the bank, and most months our customers don’t.
Are modules priced separately?
The platform itself isn’t sliced into paywalled modules. Every deployment includes all five hubs, vulnerability management, vendor risk, external attack surface, and every framework matrix. What is quoted separately, and always clearly, are services like Advise and Guided Implementation, the Integration Marketplace, and EDR licensing. No surprise module unlocks at renewal.
Do you sell direct?
We sell through partners. Your partner quotes you, contracts with you, and stays engaged through delivery. If you don’t have a partner relationship yet, our team will introduce you to one that fits your sector. We don’t disintermediate that relationship once it’s set.
What happens at renewal?
Renewal pricing tracks environment growth. If your scope is the same, the price is the same. We don’t use renewals as a leverage point to bolt on modules you didn’t need at year one.

Trust signals

24/7 U.S.-based SOC
24/7 U.S.-based SOC
Human analysts in U.S. operations centers. Critical/High response targets at 30 minutes.
No procurement theater
No procurement theater
Pricing, deployment, and integration timelines on the demo call, not a six-week round trip.
Clean exit terms
Clean exit terms
90-day data return window. Standard export formats. No exit penalties.
Ready when you are

Get a real number on the demo call.

30 minutes with a security engineer. We'll scope your environment, your partner quotes the price, and you walk away with deployment timelines on the same call.