Posture moves every day. New models ship, identities multiply, attackers adapt. VIGILE is the operating framework that keeps Saint Fox work visible, controlled, and improving on a weekly cadence across AI, SOC, cloud, and identity.
Three rhythms, one loop. Nothing sits still long enough to drift.
01VValidate
02IIdentify
03GGuard
04IImplement
05LLearn
06EEnhance
SAINT FOX PROPRIETARY FRAMEWORK FOR ENTERPRISES IN THE AI ERA
Why a loop
A security program is never finished. The moment it stands still, the gap between your defenses and your exposure starts to grow. VIGILE turns that program into a motion you repeat, so the posture you assessed last quarter is the posture you are still defending today.
VIGILE is the operating framework behind every Saint Fox engagement. You engage one or more of the four solutions, and VIGILE is the discipline that connects assessment, discovery, hardening, operations, learning, and maturity into a single cycle your Board can follow and your engineers can run.
Select a motion to jump to its detail
Six motions, repeated on a cadence
Each motion hands its output to the next. Validation sets the baseline, discovery maps what matters, guardrails reduce blast radius, operations run the controls, learning sharpens detection, and maturity raises the floor. Then the loop runs again.
The cadence is deliberate. Some motions run continuously, some on a weekly review, some on a quarterly Board rhythm. The point is that nothing sits still long enough to drift.
ContinuousGuard and Implement run live, every hour the SOC is on watch.
WeeklyIdentify and Learn refresh discovery and tune detections.
QuarterlyValidate and Enhance reset the baseline and report to the Board.
The six motions
What each motion does, and what it hands forward
V
Validate
Assess · posture, exposure, evidence
01 / 06
Assess the real security posture across cloud, AI, identity, data, and business critical systems. We find control gaps, exposed assets, and compliance drift before they become Board problems, and we capture the evidence that proves where you stand today.
Work in this motion
AI, cloud, and identity posture assessment
Attack path and exposure validation
SOC 2, ISO, HIPAA, PCI DSS readiness
Cloud security posture assessment
Compromise and breach readiness review
Hands forward toIdentify
I
Identify
Detect · assets, identities, shadow AI
02 / 06
Map what matters. We discover risky identities, shadow AI, unmanaged assets, third party exposure, sensitive data, and threat signals across the environment, so every control decision that follows is grounded in what actually exists.
Work in this motion
AI inventory and shadow AI discovery
Identity and privilege risk mapping
Sensitive data discovery and classification
Third party cyber risk management
Threat signal and asset correlation
Hands forward toGuard
G
Guard
Protect · controls, guardrails, blast radius
03 / 06
Deploy controls that reduce blast radius. We harden cloud, identity, endpoint, email, network, and AI usage with Zero Trust, least privilege, policy as code, and continuous monitoring, so a single compromise stays contained.
Work in this motion
Zero Trust and least privilege guardrails
Cloud native application protection
Endpoint, email, and network defense
AI usage controls and prompt risk guardrails
Policy as code and continuous control checks
Hands forward toImplement
I
Implement
Operate · deploy, integrate, run
04 / 06
Turn strategy into working security operations. We deploy, integrate, and run the controls, workflows, evidence pipelines, and compliance automation that keep the business moving safely, with the iTDC and Security Analysts on watch around the clock.
Work in this motion
Autonomous SOC and iTDC operations
Secure platform engineering
Compliance automation and evidence pipelines
Virtual CISO, vDPO, and privacy operations
Managed DevSecOps and remediation workflows
Hands forward toLearn
L
Learn
Adapt · telemetry, threat intel, tuning
05 / 06
Use telemetry, threat intelligence, AI assisted investigation, red teaming, and incident lessons to improve every cycle. We tune detections, reduce noise, and make Security Analysts faster, so the program gets sharper with each pass.
Work in this motion
AI assisted triage and case enrichment
Threat hunting and detection tuning
Red, Blue, and Purple Teaming
Incident response and digital forensics
Breach and attack simulation
Hands forward toEnhance
E
Enhance
Evolve · maturity, resilience, Board view
06 / 06
Every cycle should leave you in better shape than the last. We work on resilience and response readiness, build audit confidence, keep third party risk in check, and give leadership a clear view of where the program stands. The next cycle then starts from a higher floor.
Work in this motion
Cyber resilience and maturity roadmap
Board and regulator ready reporting
Third party risk mitigation
Tabletop exercises and awareness programs
Continuous improvement operating plan
Loops back toValidate
How it connects
VIGILE runs across the four solutions
VIGILE is the operating framework that every solution runs through. The same loop drives all four, which is why the work stays coordinated and the handoffs stay clean.
No. VIGILE is the operating framework behind every Saint Fox engagement. You engage one or more of the four solutions, and VIGILE is the discipline we run them through. It is how the work stays coordinated, measured, and improving over time.
Most engagements begin at Validate, with an assessment that baselines your current posture and surfaces the gaps. From there we move through the loop at the cadence your environment needs. If you are mid-incident, we start at Learn and Implement and bring the rest of the loop online once you are stable.
The loop runs continuously on layered cadences. Guard and Implement run live every day. Identify and Learn refresh on a weekly review. Validate and Enhance reset on a quarterly rhythm aligned to Board reporting. The cadence is tuned to your risk profile and the systems in scope.
The Enhance motion produces Board and regulator ready reporting on a quarterly cadence. It shows where posture moved, which gaps closed, what the residual risk is, and what the next cycle will prioritize. The framework gives leadership a consistent view they can follow over time.
No. Many clients start with a single motion, often Validate or Implement, then expand coverage as the value proves out. The framework is designed to absorb your existing tooling and processes, so adoption stays incremental and low risk.
Principal Engineers and Security Analysts, with named owners per motion. Your team can run motions alongside ours, and many clients take over more of the loop as maturity grows.
A quarterly evidence pack from the Enhance motion: where posture stands, what changed, what the evidence shows, and what the next cycle improves. Plain language, backed by the ledger.
No. VIGILE is the operating cadence that runs your controls; NIST CSF, CIS, and ATT&CK define what good looks like inside each motion. The mapping is documented in the datasheet.
Yes. The framework is tool-agnostic: it organizes the work and the evidence, not the vendor list. Existing investment slots into the motions it serves.
By the motions in scope and the cadence you run them on. Most clients start with Validate as a fixed-scope assessment and grow into the full loop.
VIGILE framework datasheetThe six motions, the cadence, and how they map to the four solutions.
Map your VIGILE cycle
Book a session with a Principal Engineer. We walk your current posture through the loop and show you where the next cycle should start.