Operating framework

VIGILE. Security run as one continuous loop.

Posture moves every day. New models ship, identities multiply, attackers adapt. VIGILE is the operating framework that keeps Saint Fox work visible, controlled, and improving on a weekly cadence across AI, SOC, cloud, and identity.

Why a loop

A security program is never finished. The moment it stands still, the gap between your defenses and your exposure starts to grow. VIGILE turns that program into a motion you repeat, so the posture you assessed last quarter is the posture you are still defending today.

VIGILE is the operating framework behind every Saint Fox engagement. You engage one or more of the four solutions, and VIGILE is the discipline that connects assessment, discovery, hardening, operations, learning, and maturity into a single cycle your Board can follow and your engineers can run.

VIGILESAINT FOXVIGILEValidateIdentifyGuardImplementLearnEnhance
Select a motion to jump to its detail

Six motions, repeated on a cadence

Each motion hands its output to the next. Validation sets the baseline, discovery maps what matters, guardrails reduce blast radius, operations run the controls, learning sharpens detection, and maturity raises the floor. Then the loop runs again.

The cadence is deliberate. Some motions run continuously, some on a weekly review, some on a quarterly Board rhythm. The point is that nothing sits still long enough to drift.

  • ContinuousGuard and Implement run live, every hour the SOC is on watch.
  • WeeklyIdentify and Learn refresh discovery and tune detections.
  • QuarterlyValidate and Enhance reset the baseline and report to the Board.
The six motions

What each motion does, and what it hands forward

V

Validate

Assess · posture, exposure, evidence
01 / 06

Assess the real security posture across cloud, AI, identity, data, and business critical systems. We find control gaps, exposed assets, and compliance drift before they become Board problems, and we capture the evidence that proves where you stand today.

Work in this motion
  • AI, cloud, and identity posture assessment
  • Attack path and exposure validation
  • SOC 2, ISO, HIPAA, PCI DSS readiness
  • Cloud security posture assessment
  • Compromise and breach readiness review
Hands forward toIdentify
I

Identify

Detect · assets, identities, shadow AI
02 / 06

Map what matters. We discover risky identities, shadow AI, unmanaged assets, third party exposure, sensitive data, and threat signals across the environment, so every control decision that follows is grounded in what actually exists.

Work in this motion
  • AI inventory and shadow AI discovery
  • Identity and privilege risk mapping
  • Sensitive data discovery and classification
  • Third party cyber risk management
  • Threat signal and asset correlation
Hands forward toGuard
G

Guard

Protect · controls, guardrails, blast radius
03 / 06

Deploy controls that reduce blast radius. We harden cloud, identity, endpoint, email, network, and AI usage with Zero Trust, least privilege, policy as code, and continuous monitoring, so a single compromise stays contained.

Work in this motion
  • Zero Trust and least privilege guardrails
  • Cloud native application protection
  • Endpoint, email, and network defense
  • AI usage controls and prompt risk guardrails
  • Policy as code and continuous control checks
Hands forward toImplement
I

Implement

Operate · deploy, integrate, run
04 / 06

Turn strategy into working security operations. We deploy, integrate, and run the controls, workflows, evidence pipelines, and compliance automation that keep the business moving safely, with the iTDC and Security Analysts on watch around the clock.

Work in this motion
  • Autonomous SOC and iTDC operations
  • Secure platform engineering
  • Compliance automation and evidence pipelines
  • Virtual CISO, vDPO, and privacy operations
  • Managed DevSecOps and remediation workflows
Hands forward toLearn
L

Learn

Adapt · telemetry, threat intel, tuning
05 / 06

Use telemetry, threat intelligence, AI assisted investigation, red teaming, and incident lessons to improve every cycle. We tune detections, reduce noise, and make Security Analysts faster, so the program gets sharper with each pass.

Work in this motion
  • AI assisted triage and case enrichment
  • Threat hunting and detection tuning
  • Red, Blue, and Purple Teaming
  • Incident response and digital forensics
  • Breach and attack simulation
Hands forward toEnhance
E

Enhance

Evolve · maturity, resilience, Board view
06 / 06

Every cycle should leave you in better shape than the last. We work on resilience and response readiness, build audit confidence, keep third party risk in check, and give leadership a clear view of where the program stands. The next cycle then starts from a higher floor.

Work in this motion
  • Cyber resilience and maturity roadmap
  • Board and regulator ready reporting
  • Third party risk mitigation
  • Tabletop exercises and awareness programs
  • Continuous improvement operating plan
Loops back toValidate
FAQ

Top 10 questions, frequently asked

No. VIGILE is the operating framework behind every Saint Fox engagement. You engage one or more of the four solutions, and VIGILE is the discipline we run them through. It is how the work stays coordinated, measured, and improving over time.

Most engagements begin at Validate, with an assessment that baselines your current posture and surfaces the gaps. From there we move through the loop at the cadence your environment needs. If you are mid-incident, we start at Learn and Implement and bring the rest of the loop online once you are stable.

The loop runs continuously on layered cadences. Guard and Implement run live every day. Identify and Learn refresh on a weekly review. Validate and Enhance reset on a quarterly rhythm aligned to Board reporting. The cadence is tuned to your risk profile and the systems in scope.

The Enhance motion produces Board and regulator ready reporting on a quarterly cadence. It shows where posture moved, which gaps closed, what the residual risk is, and what the next cycle will prioritize. The framework gives leadership a consistent view they can follow over time.

No. Many clients start with a single motion, often Validate or Implement, then expand coverage as the value proves out. The framework is designed to absorb your existing tooling and processes, so adoption stays incremental and low risk.

Principal Engineers and Security Analysts, with named owners per motion. Your team can run motions alongside ours, and many clients take over more of the loop as maturity grows.

A quarterly evidence pack from the Enhance motion: where posture stands, what changed, what the evidence shows, and what the next cycle improves. Plain language, backed by the ledger.

No. VIGILE is the operating cadence that runs your controls; NIST CSF, CIS, and ATT&CK define what good looks like inside each motion. The mapping is documented in the datasheet.

Yes. The framework is tool-agnostic: it organizes the work and the evidence, not the vendor list. Existing investment slots into the motions it serves.

By the motions in scope and the cadence you run them on. Most clients start with Validate as a fixed-scope assessment and grow into the full loop.

VIGILE framework datasheetThe six motions, the cadence, and how they map to the four solutions.

Map your VIGILE cycle

Book a session with a Principal Engineer. We walk your current posture through the loop and show you where the next cycle should start.