Pay for What You Need
Take the whole platform as a bundle, or pick any of the eleven tools on its own. Either way you are replacing overpriced point products at a fraction of the cost.
Every plan includes a 7-day free trial.
All eleven tools. One bundle.
All 11 tools, the Mendicant AI analyst, and the unified portal — in a single subscription priced by trust posture, not feature count. The tier determines where it runs and the SLA it carries. The detection is identical across all three.
Platform
Most popularSmall business to mid-market
$5,500/mo
SaaS or per-tenant data isolation
- All 11 tools + the portal
- Mendicant AI included — no per-token cost
- Autonomous alert triage + response
- Per-tenant data isolation
- Federated threat intel + UEBA
- SSO + priority support
Sovereign
Regulated, government & defense
$11,000/mo
Customer-controlled data plane + keys
- Everything in Platform, deployed in your trust boundary
- On-prem or fully air-gapped — your data never leaves
- Self-hosted AI — run models inside your boundary, no third-party inference API
- Customer-held encryption keys + customer-controlled data plane
- Deployment support for FedRAMP, CMMC, HIPAA, and ITAR
- Priority support
Eleven tools, à la carte
Need just one or two? Each tool is an independent subscription, priced to undercut the single-purpose vendor it replaces. No bundle required.
CloudGuard
Cloud-native application protection (CNAPP) — posture, entitlements, containers, IaC, attack-paths
One subscription for full CNAPP — posture, CIEM, containers, IaC, and attack-paths — with one bill and one team, not a tool to stitch in.
Sandworm SIEM
SIEM + UEBA — correlation, C2 detection, ATT&CK coverage, threat hunting
SIEM and UEBA in one engine — correlation, C2 detection, and ATT&CK coverage without a separate analytics add-on.
Stillsuit NGFW
One inline engine: stateful firewall, WAF, IPS, DDoS protection, TLS inspection
Packet filter, stateful, NGFW, WAF, and IPS from one rule engine — one deployment instead of a rack of appliances.
Sandworm EDR
Cross-platform endpoint detection & response — Rust + eBPF, live response, YARA
Endpoint detection and response with live response, FIM, and YARA in one lightweight agent.
Sandworm SASE
Secure access service edge — ZTNA, SWG, CASB, DLP, FWaaS, and RBI in one fabric
ZTNA, SWG, CASB, DLP, FWaaS, and RBI in one SASE fabric — one policy plane, not six consoles.
Truthsayer
Anti-social-engineering — email, OAuth consent, lookalike domains, MFA-bombing, help-desk
Email, OAuth, lookalike-domain, MFA-bombing, and help-desk defense — one layer on top of the mail security you already run.
Sandworm BAS
Breach & attack simulation — campaigns, purple teaming, detection-gap mapping
Continuous breach-and-attack simulation and purple teaming — always-on validation, not a point-in-time test.
Sandworm SCA
Supply-chain security — SBOM, dependency & license risk, CVE watchlist, build provenance
SBOM, CVE triage, and build provenance across your repos and CI in one supply-chain view.
Sandworm AI Security
AI / LLM security — prompt & output scanning, jailbreak detection, agent firewall, AI-BOM
Prompt and output scanning, jailbreak defense, an agent firewall, and AI-BOM for the AI you ship.
Sight
Threat intelligence — actor & campaign tracking, IoC management, dark-web & brand monitoring
Dark-web, brand, and sandbox threat intelligence in one feed, wired into the rest of your stack.
Elm
SOAR — case management, war room, evidence vault, playbooks, AI runbook generator
Cases, war room, evidence vault, and playbooks that orchestrate across the tools you already run.
Meter the AI directly.
Mendicant comes bundled with every tier at no additional charge. If you prefer direct metering — for custom pipelines or high-volume workloads — the token rate is below what leading frontier model APIs charge.
$2.25 / 1M input
$11.25 / 1M output
Priced below Claude Sonnet 4.6 ($3.00 / $15.00 per 1M). At the Sovereign tier, Mendicant runs in-house — no third-party API in the path.
Typical Small Business
50 devices, 25 remote workers
<$875/mo
Sandworm
$4-8K/mo
Legacy vendors
Up to 90% savings
Frequently Asked Questions
Should I buy the bundle or individual tools?
Either path works. The full-platform bundle (all 11 tools + Mendicant + the portal) is one subscription — one bill, one team — instead of stitching together separate point products. If you only need one or two tools, a single subscription delivers the same detection quality.
How is Mendicant AI priced?
Mendicant is bundled at no additional cost on every tier. If you prefer to meter it directly — for your own workflows or high-volume pipelines — usage is $2.25 / 1M input tokens and $11.25 / 1M output. That's roughly a quarter below what comparable frontier models charge.
How does payment work?
Billing is monthly or annual by credit card. Annual plans settle upfront at a 10% discount. Cancel anytime — you keep access through the current billing cycle.
Can I upgrade, downgrade, or cancel?
Yes. Tier changes and tool additions apply immediately. Downgrades take effect at the start of your next billing cycle. There are no exit fees or lock-in penalties.
What payment methods do you accept?
All major credit cards (Visa, Mastercard, American Express) and ACH bank transfers for annual commitments.
Pick your plan and get moving.
Every trial runs for seven days at full capability. No credit card required to start — just connect your first integration and watch the queue populate.