Bottom line: The best low-cost on-ramp I know of for the defensive side of the house. Where most platforms teach you to attack, LetsDefend drops you into a simulated SOC and makes you work real alerts end-to-end. For aspiring and junior analysts on a tight budget, it's hard to beat.
What LetsDefend Actually Is
LetsDefend is a hands-on, browser-based training platform built specifically for the blue team — the people defending the network, not breaking into it. Instead of capture-the-flag puzzles, it gives you a working virtual SOC: real-looking alerts land in a queue, and you investigate them like an analyst would — pulling logs, checking hashes and indicators, triaging phishing and malware, and walking an incident through to a verdict.
That defensive focus is what sets it apart. TryHackMe is a broad on-ramp and Hack The Box leans offensive; LetsDefend is purpose-built to train the day-to-day work of a SOC analyst. (Worth knowing: LetsDefend was acquired by Hack The Box in September 2025 and its content is being folded into HTB's wider catalog — so expect the two ecosystems to keep converging.)
Who It's Right For
- Aspiring and junior SOC analysts who want real alert-investigation reps, not theory.
- Small teams and MSPs needing an affordable way to build defensive skill without standing up a lab.
- Career changers moving into blue-team work who want job-shaped practice.
Pricing (at the time of writing)
LetsDefend is self-serve and genuinely budget-friendly, with a real free tier you can use to test it before paying. Prices below are approximate and worth confirming on their site, but the structure has been stable: a free Basic plan, a mid VIP plan, and a VIP+ plan that adds live endpoint access inside the SOC environment. Verified students typically get a discount.
| Free / individual plan | Yes — free Basic tier (free courses plus a set number of SOC alerts each month). |
| Pricing model | Self-serve monthly/annual (VIP ~$25/mo, VIP+ ~$40/mo); team plans quote-based. |
| Orientation | Defensive / blue team — SOC analyst skills. |
| Best for | Aspiring & junior analysts and small teams on a budget. |
What I Like
- Truly defensive: trains the actual work of a SOC analyst.
- Realistic virtual SOC — investigate real alerts start to finish.
- Generous free tier to try before you spend a dime.
- Affordable month-to-month for individuals and small teams.
Where It Falls Short
- Individual-first — lighter on coordinated, team-wide IR exercises.
- Some paths can feel guided rather than open-ended.
- Now merging into Hack The Box, so expect platform changes.
- Depth tapers off for seasoned, senior practitioners.
Want to try LetsDefend?
The free tier is a no-risk way to see if it fits your analysts.
Explore LetsDefend →Todd's Verdict
If someone wants to train the defensive side — actually sitting in the analyst's chair triaging alerts, chasing down a phishing email, or confirming a malware hit — this is the first name I give them. Use it to get junior analysts comfortable reading SIEM alerts and working an investigation to a clean verdict, then pressure-test the team with real drills (the small-team IR practice guide shows how). Pair it with hands-on offense from Hack The Box and you've covered both sides of the fight. For a low-cost blue-team on-ramp, it's an easy four-and-a-half stars.
Not sure if this is the right tool for your team?
Tell me what you're trying to train for and I'll give you a straight answer — no pitch, no package.
Ask Todd →