Security Products

Safe, non-invasive external checks for a domain you have verified—plain-English findings with scoring tuned to reduce noise.

Verified domain only · Non-invasive external checks · Tenant-scoped results

What it checks

• DNS health: Reviews public DNS signals for your verified domain so misconfigurations and obvious routing issues are easier to spot.
• Email security posture: Looks at common email authentication and policy signals (such as SPF, DKIM, and DMARC where present) that affect spoofing and deliverability risk.
• SSL/TLS certificates: Checks certificate validity and trust-chain basics for HTTPS endpoints we can reach, surfacing common expiry or configuration problems.
• Security headers: Surfaces important HTTP security headers (for example HSTS and CSP-related signals) that help browsers enforce safer behaviour.
• Scoring confidence and noise reduction: Findings stay tied to verified scope and validation rules so scores and issues are easier to explain to stakeholders.
• Plain-English findings: Issues are described in straightforward language so you can prioritise fixes without needing to decode raw protocol output.

Best for: SMEs and lean IT or security teams who want a credible baseline on assets they control, without deep tooling overhead.

An extended external posture scan on verified assets—broader discovery where supported, with prioritised signals instead of an unstructured noise dump.

Verified assets only · Non-invasive external checks · Tenant-scoped results

What it checks

• Subdomain and asset discovery: Expands visibility into related hosts and assets where discovery is supported from public, policy-appropriate sources—coverage depends on what is discoverable from outside.
• Exposed service checks: Highlights internet-reachable services that deserve review, such as admin interfaces or legacy entry points you may have forgotten about.
• Technology and service fingerprinting: Collects cautious external fingerprints about what appears to be running, where it is safe and proportionate to infer from the network.
• Attack surface inventory: Builds a structured inventory of what is exposed so you can align owners, scope, and remediation with stakeholders.
• Exposure pattern detection: Surfaces repeated risky patterns (for example sensitive services on unusual ports) so you can fix clusters of issues, not one-off alerts.
• Prioritised risk signals: Emphasises what to look at first so small teams spend time on material exposure rather than chasing every theoretical issue.

Best for: Teams that need a wider external inventory and clearer exposure signals, still grounded in authorised external checks rather than intrusive testing.

Deeper, owner-authorised external checks for customers who explicitly enable them—broader port and service review with richer context, designed to stay controlled and scoped.

Explicit customer enablement · Owner-authorised deeper checks (external, non-destructive) · Tenant-scoped results

What it checks

• Broader port and service review: Runs a wider, still external review of ports and services within agreed scope—explicit customer enablement is required and the approach stays non-destructive.
• Richer exposure context: Combines what was found with clearer context about why it may matter to your organisation, so decisions are easier to defend.
• Vulnerability and CVE correlation: Where supported, relates observed components to public vulnerability references (CVEs); depth depends on what can be inferred responsibly from external observation.
• Prioritised remediation guidance: Surfaces practical next steps aimed at reducing real exposure, not exhaustive exploit scenarios or intrusive testing claims.
• Careful, tenant-scoped posture testing: Results stay tenant-scoped and tied to verified assets; this is not aggressive penetration testing or uncontrolled exploitation.

Best for: Organisations that have agreed expanded external coverage and want more evidence and prioritisation, without treating this as penetration testing or exploitation.