Enterprise tier

Enterprise-grade security infrastructure with a published SLA and a contract-bound autonomous security engineer.

Designed to replace the AppSec hiring stack with a contract-bound autonomous security engineer. Every line item below is concrete or explicitly marked “contract negotiable” — procurement can evaluate from this page alone.

Enterprise Standard

$50,000/mo starting

SaaS in Securie's managed cloud — tenant-isolated, frontier-blocked.

99.95% uptime SLA (SLA target)
Watch (managed eBPF) included
4 productized pentests / year
White-label Lite (UI surfaces)
24/7 SOC analyst response per contract

Enterprise Sovereign

$100,000/mo typical (custom)

Tenant-side deployment — Customer-VPC, on-prem, or air-gapped.

5-min P1 ack, 30-min triage
24/7 SOC analyst (Watch Sovereign)
Continuous red-team (monthly + on-demand)
Customer-controlled — key custody and host are yours
White-label Full (custom domain + tenant App)

Health tech

PHI-facing changes, agent access policy, secrets, audit trails, HIPAA BAA.

Finance

Payment, auth, customer-data, PCI Requirement 6, deploy gates, remediation proof.

Gov / regulated

NIST SSDF, change-control evidence, SIEM export, SSO/SCIM, VPC/on-prem, no-frontier-model paths.

Feature matrix

Standard vs Sovereign, line by line. Selected rows shown; the full matrix is shared during procurement.

Service-level agreement

Line item	Standard	Sovereign
Uptime	99.95%	99.95% (tenant-controlled)
P1 incident — ack	≤ 15 min	≤ 5 min
P1 incident — triage	≤ 1 h	≤ 30 min
Service-credit cap	30 % MRR	50 % MRR · uncapped negotiable

Watch (runtime defense)

Line item	Standard	Sovereign
Managed eBPF sidecar	included	included
Stateful detector classes	6	6
24/7 SOC analyst response	—	included · 5-min P0/P1 triage
Containment automation	pre-approved runbook	+ tenant-custom runbooks

Red-team / offensive testing

Line item	Standard	Sovereign
Productized pentests / year	4 (productized SKUs)	4 + continuous
Continuous red-team	1 anniversary engagement	monthly + 72-h on-demand
Production-system targeting	tenant-authorized per scope	tenant-authorized per scope
Audit-grade report	yes — per engagement	yes — per engagement

White-label

Line item	Standard	Sovereign
UI rebrand (Lite)	included	included
Custom domain + tenant App (Full)	—	+ $5K/mo add-on
Attestation chain	names Securie	dual signature (Securie + tenant)
PR-comment author	Securie	tenant-controlled GitHub App

Deployment

Line item	Standard	Sovereign
SaaS in Securie's managed cloud	default	—
Customer VPC (Helm + Terraform)	—	yes
On-premises / air-gapped	—	yes (signed-bundle update stream)
Encryption-key custody	Securie	tenant exclusively

Compliance

Line item	Standard	Sovereign
SOC 2 Type II — Securie's own	in progress — first observation window opens with our first Business customer	in progress — first observation window opens with our first Business customer
EU AI Act	model card + risk-management docs	+ tenant-side conformity option
HIPAA BAA	available	tenant retains all PHI
(out of scope — pair with a GRC platform) / IL4 / IL5	in progress	sovereign deployment unblocks sponsorship
Sector packs	included	included

Support & onboarding

Line item	Standard	Sovereign
Dedicated CSM	named individual	+ named SRE on-call rotation
Onboarding sessions	6 over 4 weeks	10 over 8 weeks
Quarterly business review	60-min	90-min · on-site option
Annual security architecture review	included	+ custom threat-model

Sovereign deployment options

Three topologies. Tenant key custody and signed-bundle update stream in every mode; in sovereign deployments the customer owns the host and holds the keys, so Securie has no access path.

Customer VPC

Helm + Terraform modules into your AWS / GCP / Azure account. No inbound from Securie; outbound proxy-restricted to model-stack endpoints + Sigstore rekor.

On-premises bare-metal

Same Helm chart applies. Tenant operates the cluster; Securie ships signed update bundles for tenant-controlled rollout timing.

Air-gapped (offline updates)

Tenant takes signed update bundles via approved transfer. Zero network egress. Differentially-private aggregated counters only (ε ≤ 1.0).

Procurement checklist

Paste into your vendor evaluation rubric — every box is published, not negotiated.

Published uptime SLA with penalty
Published incident-response time SLA per severity
Defined SOC analyst scope (include + exclude)
Defined red-team cadence + scope
Defined white-label scope (3 levels)
Defined deployment topology options
Defined compliance framework list with audit status
Defined onboarding cadence
Defined add-on SKU list (no sprawl)
Defined out-of-scope items
Concrete spec source (no marketing drift)

Talk to a founder

Enterprise sales is founder-led at this stage. The 24/7 SOC, continuous red-team, and named-CSM capacity in the matrix above is provisioned per signed Enterprise contract — contracted capability, not standing staff today. Submit the form below; expect a reply within two business days.

What Enterprise tier does NOT include

Honest scope. We do not replace these adjacent-market products:

· Employee endpoint EDR / EPP (CrowdStrike, SentinelOne)
· Generic malware forensics (Mandiant, ReversingLabs)
· Email gateway (Proofpoint, Abnormal, Mimecast)
· Realtime deepfake / voice-clone defense (Pindrop, RealityDefender)
· OT / ICS / SCADA runtime (Dragos, Claroty)
· Firmware / IoT / hardware (ReFirm, Finite State)

Securie's scope is the customer's code, running apps, dependency supply chain, app identity, and AI features inside their apps. The 24/7 SOC bundled with Watch Sovereign refers attribution beyond infrastructure-level forensics to a partner (e.g. Mandiant). We don't pretend to do what we don't do.

See pricing for lower tiers (Free, Pro, Team, Business, Scale)