FOR MANAGED SECURITY SERVICE PROVIDERS

Scale your SOC across every client — without scaling your headcount.

Vigil Nexa is the autonomous SOC layer you run once and operate across every client: multi-tenant from day one, white-labeled to your brand, and powered by the same defense engine your analysts share — so coverage scales linearly with the tenants you onboard, not with the headcount you can hire.

Built for MSSPs operating multi-tenant environments — your brand, your SLAs, every tenant defended.

The MSSP operating problem

Every new client adds tenancy, alert vocabulary, and an SLA clock— while senior SOC talent stays scarce.

As your tenant footprint grows, each new client is a fresh environment with its own telemetry stream, its own detection policy, and its own response SLA. Meanwhile, hiring, training, and retaining senior SOC analysts stays a long, expensive game. Without per-tenant isolation and a shared analyst surface, the math breaks the moment tenant count outpaces the team that watches it.

  • Same alert volume per tenant, more tenants to watchAlert noise compounds. Without tier-1 automation, the SOC team becomes the bottleneck before the tooling does.
  • Per-tenant tooling sprawl is unmaintainable at scaleStitching together one console per customer makes cross-tenant visibility and consistent response playbooks impossible.
  • SLAs require a defense posture that doesn't sleepYour tenants' MTTD / MTTR commitments don't compress when your on-call rotation does. The defensive layer has to be autonomous.

Platform Capabilities

Multi-tenant by design. Analyst-leverage by default.

Six platform capabilities engineered around two pillars: per-tenant isolation that keeps every client inside their own SLA envelope, and a shared analyst surface that lets one team defend every tenant without context switching.

Multi-tenant isolation

Every client is isolated by policy, role, and data scope from day one — onboarding a new tenant is a config change, not a fork of the platform.

White-label the SOC console

Brand the console, alert surfaces, and customer-facing reports with your identity. Clients see your SOC, not Aegis internals.

Per-tenant policy and SLA

Different clients negotiate different MTTR commitments. Policy isolation per tenant means each one stays inside their own SLA envelope without bleeding into neighbors.

Tunable per-tenant response

Set containment aggressiveness, allowed response actions, and notification thresholds per tenant — gold-plate the loudest customers without slowing the quiet ones.

Cross-tenant visibility for partner ops

Operators see fleet-wide health, alert posture, and detection regressions across every tenant — without losing the per-tenant drill-down when you need it.

Shared analyst surface

A single working surface for your SOC team flips between tenants without context switching. Triage, investigate, and ship post-incident reports across clients in one pass.

Under the hood

Onboard your first tenant in 14 days.

Three rollouts, structured for an MSSP operating cadence — pilot tenant first, then cohort onboarding with repeatable playbooks.

1
Day 1 – 5

Pilot tenant — connect and baseline

Stand up the platform against one customer environment. Connect via lightweight agent or API integration; Vigil Nexa baselines traffic, user behavior, and system interactions without disrupting existing tooling.

2
Day 6 – 10

White-label config and SOC integration

Brand the console to your identity, wire alert routing into your ticketing / SOAR stack, and confirm per-tenant policy and SLA thresholds. Anomaly response runs end-to-end against your pilot tenant.

3
Day 11 – 14

Cohort onboarding — repeatable playbook

Roll the same runbook out to the next cohort of tenants using the configs validated on the pilot. Onboard each new tenant in days, not quarters, with no per-tenant engineering load.

Partner Economics

Built so the unit economics move your favor.

Partner pricing, revenue share, and per-analyst leverage are governed by the live partner program brief — not by marketing copy on a landing page. The numbers below are structural; the actual terms are confirmed one-on-one with our partner ops lead.

Revenue share per tenant onboarded

The partner program prices co-selling against per-tenant economics rather than per-seat list price, so onboarding a customer compounds partner revenue alongside your managed-services revenue.

White-label margin without a fork

White-labeling is a configuration surface — you do not run a separate product line. Margin scales with tenants onboarded, not with engineering headcount to maintain a forked copy.

Per-analyst leverage, not per-tenant headcount

Tier-1 detection and triage run autonomously, so your senior analysts stay focused on the investigations that need them — coverage scales linearly with the SOC team you have, not linearly with the tenants you run.

SLAs held by the engine, not by the rota

On-call compressions and shift changes do not weaken the defensive layer. MTTD / MTTR commitments are held continuously by the autonomous layer your team shares.

Confirm the partner-program numbers with our ops lead.

The exact revenue share, tier margins, and analyst-leverage figures are confirmed in your partner-program brief — not surfaced on the public landing page.

Ask Partner Ops

Same defense engine, every tenant you run

The SOC machinery your analysts share.

Every tenant onboarded into the partner program runs through the same Aegis core engine as the home demo. The visuals below are reused — not reimplemented — from /, so the demo you see is the product your SOC team ships.

Aegis core · per-tenant
deterministic
AEGISvigil-fw203.0.113.99198.51.100.7edge-gwcore-gwWebAPIDBSMTPRDPSSHCacheStorageAuthMetricshost-1host-2host-3host-4host-5host-6

Anomalies converge on the Aegis core the same way for every tenant in your fleet — the visual is reused here to keep the partner demo aligned with the primary landing-page demo.

Shared engine · click Run demo
your brand on top
Idle
seed 1337 · deterministic timeline
Laptop-ALaptop-BServer-CMobile-DOps-E203.0.113.99198.51.100.7edge-gwcore-gwvigil-fwWebAPIDBSMTPRDPSSHCacheStorageAuthMetricshost-1host-2host-3host-4host-5host-6

  1. Click Run demo to start.

Same scripted timeline as the home demo — wrapping it for your tenants is a white-label config, not a fork. Bring it into your own SOC integration walkthrough without rebuilding the engine.

Partner program — apply

Become a partner and onboard your first tenant in 14 days.

We'll send you the live partner-program brief — tier structure, revenue share, white-label setup, and the 14-day onboarding runbook — and walk through how Vigil Nexa slots into your existing SOC operations.

No sales funnel. No automated chatbot. Your message lands directly with our MSSP partner-ops lead, who'll reply within one business day.