ABTDS
Pilot

Pricing

Honest per-endpoint pricing.
Every dollar buys explainability.

Three tiers. No "contact us" pricing games. 30-day free pilot on every paid tier — no credit card to start.

Up to 50 endpoints

Starter

Everything an SMB IT manager needs to read an alert.

$4 /endpoint/month

Billed annually · 2 months free

  • 9-factor explainable risk scoring
  • MITRE ATT&CK technique on every alert
  • Sigma starter rule pack (10 rules)
  • Gemini LLM analysis on CRITICAL alerts
  • Email notifications · CRITICAL fan-out
  • 4-state triage workflow + FP feedback loop
  • Markdown playbook library
  • Weekly adaptive retraining + canary validation
  • Shared VPS · Singapore region
  • Email support · 48h SLA
  • 30-day audit log retention
  • Not included — needs next tier:
    Custom Sigma rules
    SSO / SAML
    Dedicated VPS
Start free pilot

30 days · up to 50 endpoints · no card

Most popular
Up to 500 endpoints

Pro

For the IT manager who wants every alert AI-analysed and the data on their own VPS.

$7 /endpoint/month

Billed annually · 2 months free

  • Everything in Starter, plus —
  • Full Sigma rule library + author your own
  • Gemini LLM analysis on CRITICAL + HIGH
  • Per-assignee handoff emails + user-warning emails
  • Custom playbooks (markdown)
  • Dedicated VPS in your region (AU / EU / US / SG)
  • SSO via Google + Microsoft Entra
  • Daily adaptive retraining
  • Unlimited honeypot accounts
  • Email + chat support · 12h SLA
  • 1-year audit log retention
  • Not included — needs next tier:
    SAML / Okta / SCIM
    Private LLM (uses Gemini API)
    On-prem deployment
Start free pilot

30 days · up to 250 endpoints · no card

Unlimited endpoints

Enterprise

For regulated industries, multi-tenant MSSPs, and air-gapped environments.

Custom

Billed annually · 2 months free

  • Everything in Pro, plus —
  • On-prem / your cloud / air-gapped deploy
  • Private LLM endpoint (no Gemini)
  • SAML / Okta / SCIM
  • Bring-your-own Sigma rules + canaries
  • Continuous adaptive retraining
  • Multi-tenant (MSSP) dashboards
  • PagerDuty / Slack / Teams integration
  • Custom playbook authoring service
  • Dedicated CSM · 4h SLA
  • Unlimited audit log + export
  • Quarterly review with founders
Talk to founders

Proof-of-value with SOW

The math

Why $7 is the right number.

We could have priced lower — race-to-the-bottom marketing copy is cheap. But the LLM analysis, the dedicated VPS, and the 12-hour support SLA aren't free for us to deliver. Here's where Pro sits in the market.

Microsoft Defender for Business
$3
$/endpoint/mo

No MITRE, no explainability. You're already here — that's why you're reading this.

CrowdStrike Falcon Go
$5–8
$/endpoint/mo

Black-box ML. Score-only alerts. No Sigma. No LLM analysis.

SentinelOne Singularity Core
$8–12
$/endpoint/mo

Strong on auto-response. Weak on explainability. Same opaque score.

Huntress MDR
$8–15
$/endpoint/mo

Excellent — but it's a human analyst service, not a product. You wait for their queue.

ABTDS Pro
$7
$/endpoint/mo

Between Defender and Huntress. Full explainability. No managed-service markup.

Competitor pricing reflects publicly-listed rates as of 2026-05. Quotes vary; enterprise discounts are routine. The point isn't the exact number — it's that ABTDS Pro sits between "Defender + a feeling" and "Huntress + a six-month wait for an analyst." We're the explainable product in between.

Founder's deal limited

First 10 customers get lifetime 30% off Pro — and a co-authored case study.

We're early. We need real customers more than we need top-tier margins. Help us prove the product works in the field — and pay 30% less every year you stay. Forever.

10 /10 spots remaining
Claim a founder spot Read the fine print →

Questions

The things every IT manager asks.

Does the per-endpoint price include the VPS?

Starter: yes (shared VPS in Singapore). Pro: yes (dedicated VPS in your region — AU, EU, US, SG). Enterprise: brings-your-own infrastructure, the per-endpoint number covers software + support only.

What's the difference between 'pilot' and 'paid'?

Pilots are 30 days free, no credit card. We email you on day 25 and ask. There is no auto-billing — if you don't reply, the data is exported and deleted within 7 days on request.

Can I move data out if I leave?

Yes. JSON export of every alert + processed event, no API fees, no 'data egress' charges. You own your audit trail. We send it as a tarball within 48 hours of request.

What about non-Windows endpoints?

Today we only support Windows endpoints (Sysmon + Security log). Linux + macOS are on the roadmap for Q3 2026 — Pro and Enterprise customers vote on order.

Do we count VMs, containers, or just physical machines?

We count any operating-system instance running Winlogbeat — physical, VM, container. If a host runs the agent, it's one endpoint.

Why is there no free forever tier?

Security tools have a heavy support load even for hobbyists. We'd rather charge fairly and keep the team focused on customers who depend on us than run a free tier we under-serve.

Founder's deal — what's the catch?

You commit to two things: a 30-minute monthly call where we ask what's working and what isn't, and permission to co-author a case study after 90 days. In return: 30% off Pro tier for as long as your account exists. No catch beyond that.

What happens at the end of the pilot if I want to keep using ABTDS?

You pick monthly or annual billing, drop in a card, and the data stays where it is. No re-onboarding. No data migration. The dashboard URL doesn't change.

The right decision

If you're tired of alerts you can't explain, starting an ABTDS pilot is the right decision.

30 days. Up to 50 endpoints. No card. No call required to start. Real data, your VPS, your decision at the end.

Start your pilot See the demo first

Or email founders@abtds.io — we read every one