TRA-CE.ai
Request Access
Features Proof Pricing Docs Blog
Request Access

Causal intelligence,
priced to deploy.

Every plan includes causal chain analysis, behavioral baselining, evidence grading, and post-quantum encrypted transport.

14-day trial · No credit card required

Starter

Small security teams · up to 100 endpoints
$599/mo
Billed annually ($7,188/year)
14-day trial · 30-day money-back guarantee
Capacity: 100 endpoints · 5 users · 500K events/day
Data: 30-day live · 90-day retained · 1-year archive
AI: 200 credits/month (Sonnet default)
  • Causal chain analysis (4-heuristic linking)
  • Behavioral baselines & anomaly detection
  • Campaign detection (MITRE stage progression)
  • 64 built-in Sigma rules + 20 custom
  • Post-quantum encrypted transport
  • Mandatory 2FA & row-level tenant isolation
  • CISA KEV, NVD, GitHub Advisory feeds
  • Weekly digest & monthly PDF reports
  • 1 collector · 3 data source integrations
  • Email support (24h response, Mon–Fri)
Request Access
Recommended

Professional

Growing SOC teams · up to 500 endpoints
$3,999/mo
Billed annually ($47,988/year)
30-day trial · 30-day money-back guarantee
Capacity: 500 endpoints · 15 users · 2.5M events/day
Data: 30-day live · 180-day retained · 3-year archive
AI: 500 credits/month + 50 autonomous investigations/month
  • Everything in Starter, plus:
  • Autonomous AI investigations (70+ score campaigns)
  • SSO (SAML + OIDC — Azure AD, Okta, Google)
  • 100 custom Sigma rules + community import
  • Ticketing (Jira, ServiceNow, PagerDuty)
  • Compliance reports (HIPAA, PCI, SOC 2, NIST CSF, CIS)
  • Tamper-evident audit trail
  • Scheduled exports (S3, SFTP, email)
  • 3 collectors · 10 data source integrations
  • Email + chat support (4h response, Mon–Fri)
Request Access

MSSP Starter

5–15 clients
$1,499/mo base
+ $299/client (Standard) or $499/client (Professional)
Minimum 5 client seats
SOC: 10 analyst seats
Per client: 100–500 endpoints · 500K–2.5M events/day
Console: Cross-client dashboard · unified alert queue
  • Multi-tenant management console
  • Per-client tenant isolation
  • Client provisioning & deprovisioning
  • Bulk Sigma rule deployment
  • Billing visibility per client
  • Email + chat support (4h response)
Request Access
Most Popular

MSSP Professional

16–50 clients
$2,999/mo base
+ $249/client (Standard) or $449/client (Professional)
Autonomous investigation included
SOC: 25 analyst seats
Console: Cross-client threat correlation · SLA tracking
Compliance: All templates included for all clients
  • Everything in MSSP Starter, plus:
  • Cross-client threat correlation
  • Campaign tracking across portfolio
  • Ticketing (Jira, ServiceNow, PagerDuty)
  • Bulk compliance reporting
  • Email + chat + phone (2h response)
Request Access

MSSP Enterprise

51+ clients
$4,999/mo base
+ $199/client (Standard) or $399/client (Professional)
White-label branding included
SOC: Unlimited analyst seats
Console: Multi-SOC · API-driven provisioning · SIEM forwarding
Archive: 5 years on Professional seats
  • Everything in MSSP Professional, plus:
  • White-label branding (logo, colors, domain)
  • Multi-SOC / follow-the-sun support
  • API-driven client lifecycle
  • SIEM forwarding per client
  • Dedicated CSM · 24/7 support (1h response)
Contact Sales

Enterprise

Custom-scoped for large organizations
$25,000/mo floor
Typical range $35K–$75K/month · 12-month minimum
30–60 day POC, no cost, up to 500 endpoints
Deployment: SaaS · Customer VPC · On-prem hybrid
Retention: 5 years standard, extendable to 10+
SLA: 99.99% uptime · 30-min critical response
  • Everything in Professional, plus:
  • Dedicated single-tenant infrastructure
  • Dedicated Customer Success Manager
  • 24/7 support with 30-minute critical response
  • Unlimited AI investigations (all models)
  • SOC 2 Type II report available
  • 3 custom integrations/year included
  • On-site onboarding + training (up to 3 days)
  • Cross-region failover
Request Enterprise Quote

Federal / Government

Mission-critical & classified environments
$50,000/mo floor
Typical range $75K–$200K/month
1 base year + 4 option years typical
Deployment: GovCloud · On-prem · Air-gapped
Crypto: FIPS 203/204 post-quantum (shipping today)
SLA: 99.99% · 30-min critical · cross-region failover
  • Everything in Enterprise, plus:
  • GovCloud deployment (AWS/Azure Government)
  • FIPS 203 (ML-KEM-768) & FIPS 204 (ML-DSA-65) today
  • STIG-hardened infrastructure
  • FedRAMP security documentation package
  • US-person support staff
  • ATO support documentation
  • Air-gapped deployment support
  • GSA Schedule / SEWP / CIO-SP3 procurement
Contact Federal Sales

Where TRA-CE fits
in your stack

TRA-CE is not a SIEM replacement. It sits beside your existing tools and answers the question they cannot.

01

Small Business

You have a firewall, maybe an EDR, and no dedicated security team. TRA-CE replaces the analyst you cannot afford. It ingests events from your existing tools, builds causal chains, and tells you in plain language what happened and what to do about it.

No SIEM required. Deploy one collector, connect your data sources, and TRA-CE does the rest.

FITS WITH: Any EDR · Microsoft 365 · Google Workspace · AWS CloudTrail
02

Medium Business

You have a SIEM and a small SOC team drowning in alerts. TRA-CE sits beside your SIEM and transforms correlated alerts into proven causal chains with evidence grades. Your analysts investigate real threats instead of chasing false positives.

Behavioral baselines learn what normal looks like for your environment. Anomalies surface automatically.

FITS WITH: Splunk · Elastic · Sentinel · CrowdStrike · SentinelOne
03

MSSP

You manage security for multiple clients with different tools and maturity levels. TRA-CE provides a unified causal intelligence layer across your portfolio with per-client tenant isolation.

Cross-client threat correlation detects when the same attacker hits multiple clients. White-label your dashboard. Push enriched chains back into each client's SIEM.

FITS WITH: Any SIEM per client · ConnectWise · Datto · ticketing systems
04

Enterprise

You have a mature SOC, multiple SIEMs, and cross-domain visibility challenges. TRA-CE normalizes events from all sources into a single causal graph. Investigations that took hours now take minutes with autonomous AI triage and formal evidence chains.

FITS WITH: Splunk · Sentinel · CrowdStrike · Okta · AWS · GCP · Azure
05

Federal / Government

You need provable evidence chains for incident reporting, FIPS-compliant cryptography, and deployment in classified environments. TRA-CE ships FIPS 203/204 post-quantum encryption today — ahead of the 2035 mandate.

Deploy on GovCloud, on-premise, or air-gapped. STIG-hardened. ATO documentation provided.

FITS WITH: Splunk GovCloud · Elastic · CrowdStrike GovCloud · DISA STIG

How deployment works

One container, outbound only. No agents on endpoints. No firewall changes.

01 DEPLOY

Deploy the Collector

A lightweight Docker container (~512MB) that runs inside your network. Outbound only — no inbound ports, no firewall changes. Configure your data sources through a guided wizard.

02 ENCRYPT

Encrypted Transport

All data leaving your network is encrypted via Avon — our post-quantum transport using ML-KEM-768 + X25519 hybrid key exchange with ML-DSA-65 signatures. Session keys rotate every 30 seconds.

03 ANALYZE

Causal Intelligence

Events flow into the TRA-CE platform where they are linked into causal chains using four inference heuristics. Each link is evidence-graded. Behavioral baselines learn your normal. AI investigation runs automatically on high-confidence campaigns.

Security & encryption

We protect your security data with the same rigor we apply to analyzing it.

Post-Quantum Transport

All collector-to-platform communication uses ML-KEM-768 + X25519 hybrid key exchange with ML-DSA-65 digital signatures. AES-256-GCM encrypts every payload. Session keys rotate every 30 seconds. FIPS 203/204 compliant — shipping today.

Tenant Isolation

Every customer's data is isolated at the database level using PostgreSQL row-level security policies. No tenant can see another tenant's data, even in error. Mandatory 2FA on all accounts. Full audit trail of every action.

Data Protection

AES-256-GCM encryption at rest. Automated backups with point-in-time recovery. Your data is processed for security analysis only — never mined, never used for AI model training.

Frequently asked
questions

Why no free tier?

TRA-CE processes sensitive security telemetry and builds causal chains that reveal real attack paths. Free tiers attract noise and create support load that takes away from paying customers. We invest in making the product exceptional for teams that are serious about security.

How does the trial work?

Starter plans include a 14-day trial. Professional plans include a 30-day trial. Full platform access, your real data, no credit card required. We help you set up during onboarding.

What is a causal chain?

A directed sequence of security events linked by proven causation, not just time proximity. Each link is evidence-graded: PROVABLE when backed by direct system evidence, MIXED when correlated across sources, INFERRED when pattern-matched. You always know what is proven and what is not.

Can I self-host?

Enterprise plans support deployment in your VPC or on-premise. Federal plans support air-gapped and GovCloud deployments. The collector always runs on your infrastructure.

What data sources are supported?

Elastic, Splunk, Microsoft Sentinel, CrowdStrike, SentinelOne, Okta, Google Workspace, AWS CloudTrail, and more. The collector normalizes events from any source into a unified format.

Is there a discount for nonprofits?

Yes. We offer reduced pricing for verified nonprofits, NGOs, and educational institutions. Contact us at jrandolph@tra-ce.ai.

Ready to know why?

Request access and our team will walk you through a personalized demo, recommend the right plan, and help you deploy in days.

Request Access →