Skip to content
Cyber ArmyCyber Army
ServicesSurace Monitor

Surface Monitor — agentless external monitoring

Know your public attack surface and fix what matters—before attackers do. Read-only checks across TLS/SSL, DNS, email auth, security headers, exposed services, CT logs, and change detection. Built for SMBs and small healthcare.

Join early accessRun a free scanView sample report
  • • Agentless • Read-only • No credentials
  • • Security-first scoring with copy-paste fixes
  • • Alerts: Email, Slack, Teams, Webhooks

At a glance

  • 2 min to first score
  • 25+ controls per asset
  • 0 agents (read-only)
Safe by design: we perform passive/standard protocol checks only—no intrusive traffic.

What we monitor

  • TLS/Certificates: expiry, chain, weak ciphers/protocols, HSTS/preload, OCSP stapling
  • DNS & domain hygiene: domain expiry, NS/MX drift, CAA, dangling DNS
  • Email security: SPF/DKIM/DMARC alignment & policy, MTA-STS/TLS-RPT
  • Security headers: CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, HSTS
  • Exposure: mixed content, open dirs, default/admin panels, cookie flags
  • Tech & versions: fingerprint CMS/frameworks; flag risky versions
  • CT log watch: alert on rogue/unexpected certificates
  • Change detection: DNS changes & homepage drift

Note: No agents and no credentials required.

Inventory
Add a domain; we auto-discover subdomains and live services.
Assess
Parallel checks for TLS, DNS, email auth, headers, exposure, CT logs.
Prioritize
Security-first scoring with evidence and copy-paste fixes.
Watch
Continuous checks with expiry & drift alerts to Email/Slack/Teams.

Plans & pricing

Starter
$49/mo
  • Up to 25 assets
  • Daily scans
  • Expiry alerts
  • Email alerts, CSV export
Get this plan →
Growth
$149/mo
  • Up to 100 assets
  • 6-hour critical checks
  • CT log watch
  • Slack/Teams, webhooks
  • Weekly PDF report
Get this plan →
Pro
$399/mo
  • Up to 500 assets
  • Hourly critical checks
  • JIRA/GitHub sync
  • SSO, RBAC
  • API access, 1-yr history
Get this plan →
MSP / Enterprise
Let’s talk
  • Multi-tenant portal
  • White-label
  • Bulk onboarding
  • Custom SLAs & residency
Get this plan →

Safe by design

  • • Read-only checks; no agents, no credentials
  • • Non-intrusive network behavior (no destructive traffic)
  • • Early expiry & drift alerts (certs, DNS, headers, policies)
  • • Audit-ready reports for execs and customers
Request early accessRead privacyRead terms