The tech stack that runs inside ArmorPoint.
Tech Alliances are the technology partners whose products are part of how ArmorPoint delivers service. Not just data sources we ingest. Today, that's EDR. MXDR requires one. We sell through CrowdStrike, SentinelOne, or Cybereason inside the package, or we plug into the EDR you already own.
- →Technology that's part of how ArmorPoint operates. Not optional integrations.
- →EDR is the current category. Other categories will follow as the alliance program expands.
- →Different from integrations, which is the broader catalog of tools we ingest data from.
Two paths. Same outcome. Your choice.
MXDR is a managed SOC service that runs on top of an EDR. We don't build our own EDR, and we don't pretend to be neutral about it. We've selected three vendors that meet our operational bar. You can buy through us as part of the MXDR package, or bring your own if you already own one of the three.
Buy through ArmorPoint
EDR licensing rolls into the MXDR package. One contract, one invoice, one renewal date. We handle provisioning, tenant setup, and platform integration. The customer never sees a separate purchase order.
- →Don't currently have an EDR they want to keep
- →Want one vendor relationship, one renewal cycle, one accountable team
- →Going through a service provider partner who packages it that way
Bring your own EDR
Already running CrowdStrike, SentinelOne, or Cybereason? We connect to your existing tenant. You keep your direct vendor relationship and licensing terms. MXDR runs on top.
- →Already own EDR licensing they want to retain
- →Have an existing direct relationship with the EDR vendor
- →Procurement prefers separate contracts for tooling and service
Both paths support the same MXDR service. The decision is commercial and procurement-driven, not technical. Either way, the EDR has to be one of the three vendors below.
Three EDR vendors. All operationally proven.
Our SOC operates on all three at scale. The choice between them is usually driven by what the customer already owns, what their procurement team prefers, and which platform's strengths line up with their environment. Final selection is part of the discovery call.
CrowdStrike Defend
Cloud-native architecture with industry-leading threat intelligence (Falcon Intelligence) and consistent recognition as a market leader in EDR/XDR. Strong on the AV-replacement story for organizations modernizing legacy endpoint stacks.
Enterprises and regulated mid-market organizations with mature security operations. Common in healthcare, financial services, and federal environments. The default choice when an organization wants brand recognition the audit committee will know.
SentinelOne Complete
Autonomous on-device detection and response that operates without continuous cloud connection. Well known for the Singularity platform's behavioral AI approach and the Storyline correlation engine that traces attack chains end-to-end.
Distributed environments, remote workforces, and organizations with intermittently connected endpoints. Common in manufacturing, utilities, and education where field assets matter. Often picked by teams that value strong autonomous response without analyst-driven workflow.
Cybereason Enterprise
MalOp engine that groups related telemetry into single, investigable malicious operations rather than discrete alerts. Strong in environments where reducing alert volume and improving analyst signal-to-noise ratio is a priority.
Teams that have struggled with alert fatigue from other EDRs and want a different operational model. Common where a lean SOC needs maximum signal per analyst hour. Strong international presence including organizations with European data residency requirements.
That's fine. Most customers don't arrive with an EDR opinion. Our team walks through your environment, compliance requirements, and existing relationships to recommend a fit during scoping. The final decision is yours.
Our SOC operates the EDR. You see the unified view.
Tech Alliance partnerships aren't just a licensing relationship. Our SOC analysts are trained and certified on each platform. Detection rules are tuned in the EDR console. Response actions happen there. Then everything surfaces in the ArmorPoint operations plane alongside identity, cloud, SaaS, and network telemetry.
Detection & response actions
Our analysts work in your EDR tenant directly: triage alerts, isolate hosts, kill processes, hunt threats. We are the operating team on the EDR, not a passive consumer of its data.
Cross-source correlation
EDR alerts join identity events, cloud activity, network telemetry, and threat intel on one data plane. An endpoint detection that correlates to a Microsoft 365 anomaly becomes one investigable incident, not two tickets.
Continuous control evidence
Endpoint coverage, response SLAs, isolation actions, and configuration state all feed continuous compliance evidence. SOC 2, HIPAA, PCI, CMMC framework mapping happens against live EDR data.
EDR is the current Tech Alliance category. Others will follow.
We use "Tech Alliances" because the structural relationship is bigger than EDR. Over time, the program will expand to include other technology partners whose products are part of how ArmorPoint operates, not just data sources we read. The selection bar will stay the same: our SOC has to operate the tech at scale.
- EDR: CrowdStrike, SentinelOne, Cybereason
Tech Alliances vs. integrations. What goes where.
MXDR uses these alliances
EDR is a required component of MXDR. See how the managed SOC service uses the EDR layer to deliver detection, response, and compliance evidence.
Integrations are different
The broader integrations catalog covers tools we ingest data from. Those vendors are not in the Tech Alliance. They're sources, not stack components.
Bring us your environment. We'll match the EDR.
30 minutes with a security engineer. Tell us what you currently run, what your compliance posture requires, and what your procurement team prefers. We'll recommend a fit and lay out both commercial paths.