Pricing
Transparent.
No Surprises.
Flat deployment cost — not per GB, not per EPS. Ingest everything, detect everything.
- SIEM — 500+ log connectors
- SOAR — 50 built-in playbooks
- Threat Intel — MITRE ATT&CK & CISA KEV
- Compliance Engine — 5 frameworks
- Basic UEBA — anomaly alerts
- Email & Slack alerting
- Standard support (business hours)
- Cloud or on-prem deployment
- Everything in Starter
- UEBA — full ML baselines + peer benchmarking
- ITDR — 300+ identity attack patterns
- NTA — 150+ protocol decoders, 100G capture
- CSPM — AWS, Azure, GCP, Kubernetes
- Compliance Engine — 15+ frameworks
- Full Threat Intel — 1.2M+ IOCs, 20+ feeds
- SOAR — unlimited custom playbooks
- AI Assistant — NL threat hunting, RAG triage
- Priority 24/7 support + dedicated CSM
- On-prem, cloud, or hybrid deployment
- Everything in Professional
- Multi-tenancy & MSSP white-label
- Custom Sigma rule development
- OT/ICS/SCADA monitoring
- FinTech module (SWIFT, Open Banking)
- Telco module (SS7, Diameter, 5G)
- Custom compliance framework builder
- On-site deployment & training
- Dedicated threat intel analyst
- SLA: <15 min response, 99.99% uptime
- Everything in Enterprise
- Full air-gap deployment (no internet required)
- Offline LLM integration (Llama / Mistral)
- Offline threat intel updates (USB/SFTP)
- Hardware appliance option
- Sovereign key management (no cloud KMS)
- Government security clearance support
- FedRAMP High, NATO STANAG, DISA STIG
- Source code escrow available
- Custom SLA & contractual commitments
Flat deployment cost. Ingest everything without surprise bills.
Dedicated engineer gets you to full coverage in 30 days or less.
Full feature parity in isolated networks. No internet required.
Your data never leaves your infrastructure. Zero cloud dependency.
Feature Comparison
Everything, Side by Side
| Feature | Starter | Professional | Enterprise | Sovereign |
|---|---|---|---|---|
| CORE PLATFORM | ||||
| SIEM (log management & correlation) | ||||
| SOAR (automated playbooks) | 50 playbooks | Unlimited | ||
| Threat Intelligence | Basic | |||
| Compliance Engine | 5 frameworks | 15+ frameworks | ||
| AI Threat Hunting Assistant | Offline LLM | |||
| DETECTION MODULES | ||||
| UEBA — behavioural analytics | Basic | |||
| ITDR — identity threat detection | ||||
| NTA — network traffic analysis | ||||
| CSPM — cloud security posture | ||||
| OT/ICS/SCADA monitoring | ||||
| FinTech monitor (SWIFT / PCI-DSS) | ||||
| Telco monitor (SS7 / 5G) | ||||
| DEPLOYMENT & SOVEREIGNTY | ||||
| Cloud deployment | ||||
| On-premises deployment | ||||
| Air-gap (offline) deployment | ||||
| Hardware appliance | ||||
| Multi-tenancy / MSSP white-label | ||||
| Source code escrow | ||||
| SUPPORT & SLA | ||||
| Support hours | Business hours | 24/7 | 24/7 | 24/7 |
| Dedicated Customer Success Manager | ||||
| On-site deployment & training | ||||
| Response SLA | 4 hrs | 1 hr | 15 min | 15 min |
FAQ
Common Questions
DKTrace is priced as a flat deployment fee based on your environment size — not by log volume or EPS. Ingest everything without filtering, which dramatically improves detection coverage.
Yes. The Sovereign tier is purpose-built for air-gapped, classified, and sovereign environments. Threat intel updates arrive via USB or SFTP. The AI assistant runs on a local LLM. No internet required.
Professional covers most enterprise SOC teams. Enterprise adds specialised vertical modules (OT/ICS, FinTech, Telco), multi-tenancy for MSSPs, on-site deployment, and a dedicated threat intel analyst.
We offer a live guided demo and a proof-of-concept deployment in your environment. Contact our team to arrange a scoped PoC with your own data.
Cloud and on-prem deployments are typically operational within 30 days. Air-gap appliance deployments take 6–8 weeks including site survey and hardware shipping.
Yes. Enterprise and Sovereign tiers include full multi-tenancy and white-label options for MSSPs. Contact our partner team for OEM and reseller pricing.
Get Started
Talk to a Security Expert
No canned demos. We'll walk through your environment, your threat model, and show you exactly what DKTrace detects in your network — live.