MSSP tiers are priced by environment size — base retainer plus per-user coverage. TLINK PRO public tools are free. The full analyst workspace ships with every managed engagement.
All MSSP engagements begin with a scoping conversation to match the right tier to your environment and risk profile.
All MSSP tiers start with a base monthly retainer plus per-protected-user coverage. Engagements are scoped through a security assessment to ensure the right fit for your environment. A protected user is any employee, endpoint, or identity asset under active coverage.
Use the price calculator to estimate your monthly cost based on users, endpoints, and add-ons.
$499/month base
+ $10 per protected user / month
$1,499/month base
+ $15 per protected user / month
$3,500+/month
+ $20+ per user / month · custom scoped
Most organizations layer one or two add-ons onto their base tier. These are the configurations ThreatGrid most frequently recommends — each one starts with a scoping assessment to confirm the right fit.
Full analyst workspace — asset monitoring, IP reputation, exposure scanning, AI threat summaries, investigation tracking, and executive reporting portal.
Security posture baseline, asset inventory, initial hardening review, and TLINK PRO environment configuration during the first engagement cycle.
Monthly coverage summaries with threat activity, alert disposition, posture trends, and recommended actions — formatted for technical and executive audiences.
Actionable remediation recommendations for identified exposure, misconfigured services, and preventable attack surface based on TLINK findings.
Direct access to a ThreatGrid analyst — not a ticketing queue. Every engagement has a named contact for questions, escalations, and advisory.
Month-to-month engagements available. Annual commitments include a rate discount. Scope can be adjusted as your environment changes.
| Feature | Essential | Advanced Defense | Enterprise |
|---|---|---|---|
| Monitoring & Detection | |||
| Threat monitoring | Business hours | Continuous | 24/7 SOC-aligned |
| Alert triage | Email alerts | Analyst-reviewed | Priority escalation |
| Incident response | Guidance provided | Contained & guided | IR playbook + retainer option |
| Response SLA | Next business day | 4 hours | 1 hour |
| Reporting | |||
| Coverage reports | Monthly | Monthly + on-demand | Executive + governance |
| Posture trend tracking | ✓ | ✓ | ✓ |
| Executive briefings | — | Optional add-on | ✓ Quarterly included |
| TLINK PRO Platform | |||
| Platform access | ✓ | ✓ | ✓ Custom config |
| Asset monitoring & alerts | ✓ | ✓ | ✓ |
| AI threat summaries | ✓ | ✓ | ✓ |
| Investigation tracking | ✓ | ✓ | ✓ |
| Compliance & Advisory | |||
| Hardening guidance | ✓ | ✓ | ✓ |
| Compliance advisory | — | Optional add-on | ✓ Included |
| Gap analysis | — | Optional add-on | ✓ Included |
| IR readiness & playbooks | — | — | ✓ Included |
| Engagement | |||
| Named analyst contact | ✓ | ✓ | ✓ Dedicated |
| Onboarding | Standard | Priority | White-glove |
| Contract | Month-to-month | Month-to-month or annual | Annual (custom) |
Available as additions to any MSSP tier or as standalone engagements for organizations not yet ready for full managed coverage.
A structured scoping engagement that maps your environment, identifies exposure, and produces a prioritized remediation plan. Required starting point for all MSSP engagements.
Ongoing advisory for HIPAA Security Rule, GLBA Safeguards, SOX ITGC, or PCI DSS. Includes gap analysis, policy review, and audit preparation support.
Pre-committed incident response capacity for guaranteed response times, tabletop exercises, and playbook development. Available standalone or as a supplement to any tier.
Analyst-delivered briefing for leadership and board audiences. Covers threat landscape, posture trends, incident summary, and strategic recommendations — formatted for non-technical stakeholders.
Full analyst workspace without a managed service engagement. Asset monitoring, IP reputation, exposure scanning, AI summaries, and investigation tracking — priced per organization.
Analyst review of TLINK PRO tool output — DNS, SSL, IP reputation, exposure scan, or email deliverability findings — with prioritized remediation guidance for your specific environment.
Five diagnostic tools are publicly accessible at no cost — DNS, WHOIS, IP Lookup, SSL/TLS Analyzer, and Security Header Analyzer. The full TLINK PRO analyst workspace adds asset monitoring, IP reputation, exposure scanning, AI-generated threat summaries, investigation tracking, and executive reporting. Included with all MSSP tiers and available standalone on request.
A complete reference for all ThreatGrid services, tiers, and add-ons. All MSSP engagements begin with a scoping assessment — final pricing is confirmed during that conversation.
All month-to-month tiers qualify for a rate discount on annual agreements. Ask during your scoping conversation.
A protected user is any employee, endpoint, or identity asset under active monitoring and coverage. This typically maps 1:1 to headcount for standard environments. For organizations with contractors, shared accounts, or service identities, ThreatGrid scopes during the initial assessment to define the appropriate coverage unit for your environment.
There is no separate setup fee — onboarding is included in the monthly retainer. Month-to-month engagements are available on Essential and Advanced Defense. Enterprise engagements are typically annual and scoped individually. Annual commitments on any tier include a rate discount.
Yes. All MSSP engagements begin with a scoping assessment — a structured conversation that maps your environment, identifies current gaps, and confirms the right tier for your situation. The assessment is included in the onboarding cycle, not billed separately. It's also available as a standalone engagement for organizations not ready to commit to managed coverage.
Yes. TLINK PRO is available as a standalone platform subscription for organizations that want the analyst workspace, asset monitoring, and tool suite without a full managed engagement. Pricing is per organization and scoped based on environment size. Use the request form to start the conversation.
The Essential tier is designed for small businesses and is suitable for teams as small as a single location with a handful of users. If your environment is unusually small or you're not sure managed coverage is the right fit yet, TLINK PRO standalone or a one-time security assessment may be better starting points. Contact ThreatGrid to talk through your situation.
ThreatGrid covers all industries but has purpose-built coverage frameworks for healthcare (HIPAA Security Rule, PHI/EHR environments), legal (ABA Model Rule 1.6, BEC/wire fraud, domain impersonation), and financial services (GLBA Safeguards, SOX ITGC, PCI DSS, SEC cyber disclosure). See the security services pages for industry-specific details.
On Advanced Defense and Enterprise tiers, active incidents trigger direct analyst escalation within the SLA window (4 hours and 1 hour respectively). On Essential, ThreatGrid provides guidance and remediation steps within the next business day. For organizations that need guaranteed rapid response without full managed coverage, the IR Retainer add-on provides pre-committed capacity at all tier levels.