Services
We offer two ways to reduce external attack surface risk: Surface Monitor for continuous, agentless monitoring — and Manual Testing when you want more hand-holding and depth.
Surface Monitor (Product)
Agentless external monitoring for TLS/SSL, DNS, email authentication (SPF/DKIM/DMARC), security headers, exposed services, CT logs, and configuration drift — built for SMBs & small healthcare. AI-assisted prioritization and copy-paste fixes help teams ship faster.
What’s included
- • Continuous checks (safe, read-only; no agents/creds)
- • Posture score with evidence & remediation steps
- • Alerts: Email / Slack / Teams
- • Audit-ready PDF exports
Great for
- • SMBs and small healthcare teams
- • Vendor due-diligence & lightweight compliance
- • Catching expiry/drift before incidents
Manual Penetration Testing
Senior testers, targeted scopes, and developer-ready reporting. We test like attackers and communicate like engineers — with reproducible steps, code/config diffs, and clear retest.
Types
- • Web / API / Mobile (OWASP ASVS/MASVS)
- • Cloud & Kubernetes reviews
- • External attack surface & adversarial sims
Deliverables
- • Prioritized findings (CVSS & evidence)
- • Fix-first guidance & Jira-ready snippets
- • Executive-ready summaries & retest
Why it helps
- • Finds complex, chained issues
- • Speaks to both engineers & execs
- • Pairs well with Surface Monitor
Trust & assurance
MFA EverywhereLeast PrivilegeOWASP/NIST AlignedSigned AuthorizationEncrypted In/At Rest
SMB-friendly pricing
Transparent monthly or annual subscriptions for Surface Monitor. Fixed-scope proposals for pentests with optional retest included.