Turn Your Security Data Into Direction.
Advise layers expert guidance onto the ArmorPoint platform you already run: richer reporting, tuned detections, and dedicated advisors who help you build a stronger, more resilient security operation.
You bought the platform. Are you getting everything it can deliver?
ArmorPoint is running. But are your detections tuned to your environment? Is your reporting telling the story leadership needs? Is anyone turning the data into a plan? Advise adds the expertise and visibility to move from running the platform to running an operation.
Your reports don't land with leadership
Raw metrics, not a story the board and auditors actually follow.
Detections aren't tuned to your environment
Generic rules mean more noise, or worse, blind spots.
You're reacting, not improving
No one is turning the data into a forward plan for the program.
You rely on it. Advise helps you make it resilient.
Pick the level of support you need.
Each tier includes everything in the tier below it. Advise builds on your active ArmorPoint subscription; cadence and hours are set on your order form.
Best for teams that want to do more on their own. Value comes through the platform, no advisory hours.
- Enhanced dashboards: risk posture, compliance scorecards, coverage heatmaps
- MITRE ATT&CK coverage map
- Vulnerability trend analytics
- Threat-intelligence feed dashboard
- Environmental health scorecard
- Automated monthly posture report + on-demand report builder
Best for mid-market teams with moderate complexity. A named advisor and operational extension of your team.
- Named Technical Resource
- Monthly or quarterly security operations review
- Detection rule tuning
- IR runbook development & review
- Onboarding & integration acceleration
- Incident post-mortem reviews + remediation prioritization
Best for larger or complex environments where ArmorPoint is a virtual extension of your security program.
- Dedicated Security Engineer (hands-on)
- Custom detection engineering
- Scheduled threat-hunting engagements
- Compliance program support & evidence packages
- Architecture review & telemetry gap analysis
- Executive threat briefings + expanded post-eradication hours
- Annual security program maturity assessment
Tiers are cumulative (Active includes Foundations; Strategic includes Active). The annual tabletop exercise is a priced add-on. Cadence and monthly advisory-hour allocations are set on the order form; unused hours do not roll over.
What's in each tier.
| Capability | Foundations | Active | Strategic |
|---|---|---|---|
| Enhanced dashboards & metrics | ✓ | ✓ | ✓ |
| Automated posture reports | ✓ | ✓ | ✓ |
| Custom report builder | ✓ | ✓ | ✓ |
| Named Technical Resource | – | ✓ | ✓ |
| Security operations reviews | – | Monthly / quarterly | Monthly |
| Detection tuning | – | ✓ | ✓ + custom |
| Incident post-mortem reports | – | ✓ | ✓ |
| Threat-hunting engagements | – | – | ✓ |
| Compliance support | – | – | ✓ |
| Architecture review | – | – | ✓ |
| Executive threat briefings | – | – | ✓ |
| Expanded post-eradication hours | – | – | ✓ |
| Maturity assessment | – | – | ✓ |
| Tabletop exercise (add-on) | – | Annual | Annual + hunts |
Add-on items are priced separately. Capabilities operate on, and report against, your existing ArmorPoint deployment.
An advisor who knows your environment.
Advise starts with discovery, then runs on a set cadence (monthly or quarterly for Active, monthly for Strategic). Everything is delivered remotely via secure virtual sessions.
Discovery
An initial session to understand your business goals, security objectives, and environment.
Recurring review
Your advisor reviews deployment, incidents, and trends, then presents recommendations and training (Active & Strategic).
Report & act
A written Service Review Report lands in your portal with recommendations, next steps, and tracked action items.
For tiers with a dedicated resource, meetings, report preparation, training, and follow-ups all draw from your monthly advisory-hour allocation. Foundations is delivered through the platform, with no advisory hours.
Advisory, with hands-on muscle when you need it.
Advise is an advisory service: ArmorPoint provides the expertise, analysis, and recommendations, and your team implements. At the Strategic tier, a dedicated security engineer also does hands-on operational work, custom detections, configurations, and troubleshooting, as an extension of your team. Advise builds on your existing ArmorPoint subscription; it does not replace your managed service.
We advise. You decide. At Strategic, we also build.
The foundation that lifts the platform higher
Advise doesn't replace the platform: it sits beneath it, holds it up, and reaches higher.
Out of scope: incident response and forensics (these run under your managed service), endpoint or appliance configuration, migrations, feature development, and implementation of recommendations (your team acts on our guidance). See your agreement for the full list.
Priced by tier and cadence.
Advise is priced by the tier and cadence you choose, set on your order form, and builds on an active ArmorPoint subscription. Additional advisory hours and the tabletop exercise are available as add-ons.
Do I need an ArmorPoint subscription for Advise?
Yes. Advise builds on your active ArmorPoint platform or managed service. It operates on, and reports against, your existing deployment.
What's the difference between the tiers?
Foundations is platform value with no advisory hours. Active adds a named advisor. Strategic adds a dedicated security engineer and strategic program work. Each tier includes the ones below it.
Does Advise do the work, or just advise?
Mostly advisory: we analyze and recommend; your team implements. At the Strategic tier, a dedicated security engineer also does hands-on operational work as an extension of your team.
Is incident response included?
No. Incident response runs under your underlying ArmorPoint managed service. Strategic adds expanded post-eradication hours, delivered under that managed service.
Can I change tiers or add a tabletop exercise?
Yes. Tiers are cumulative, so moving up is additive, and the annual tabletop exercise is available as a priced add-on.
Get more from ArmorPoint, with the people who know it best.
Talk through which Advise tier fits your team, your environment, and where you want your security program to go.