Cyber Monitoring and Scanning

Find out what hackers know about your infrastructure - before they exploit it

Automatic vulnerability scan of your IT infrastructure – websites, web applications, cloud, network. No installation, no agents, no consultants. Report in 48 hours, in two versions: one for the management (PLN threats), the other for the IT team (technical analysis).

Add to cart – PLN 249

Select subscription 899 zł/msc

Do you own more domains?

249 PLN net

– one-time scan

or 899 PLN net/msc

– continuous monitoring (scan every week)

Add to cart – PLN 249

Select subscription 899 zł/msc

Do you own more domains?

PROCESS

The problem - why it matters

Most companies don’t know what their infrastructure looks like as seen through an attacker’s eyes. Open ports, outdated software versions, unsecured administrative dashboards, SSL/TLS configuration errors – these are all publicly visible and automatically scanned by bots 24 hours a day. Attackers don’t need to break in. All they have to do is wait until they find something the company hasn’t noticed.

The average cost of a data leak at a Polish company is PLN 4.45 million. 60% of small companies that fall victim to a major incident will not survive the next 6 months. The first step to avoiding this scenario is to know – what exactly is exposed, where and how serious the consequences are.

PROCESS

What exactly are we scanning

Cyber Monitoring and Scanning is an automated, external analysis of your infrastructure – conducted from the perspective of a potential attacker, that is, “from the Internet”, without access to your internal systems. The scan covers the public resources you designate, which an attacker can target based on the domain you specify.

Websites and web applications

OWASP Top 10 class vulnerabilities, configuration errors, exposure of administrative panels

Servers and ports

Open ports, outdated versions of network services, poor SSL/TLS configurations

Certificates and cryptography

Expiring SSL certificates, weak algorithms, errors in the chain of trust

Mail configurations

Basic verification of SPF, DKIM, DMARC records for domain vulnerability to impersonation (spoofing)

Domain reputation

Presence on basic reputation lists and footprints in Threat Intelligence databases

solution

What you get

Executive Summary report (5-8 pages, for management)

A brief summary of the results in business language, without technical jargon. Each critical or high-profile vulnerability detected is converted into a specific risk – risk of regulatory penalty (with a link to a specific NIS2/RODO article), estimated incident cost in PLN, days of potential operational downtime. It also includes a priority ranking and recommended order of corrective actions.

Technical report (15-40 pages, for IT team)

Full list of all vulnerabilities found with CVSS 3.1 classification, description of the attack vector, technical evidence (including server response fragments), technical recommendations and links to the CVE Ragnar Shield database (with descriptions in Polish) and official sources. A format ready to be handed over to an external IT integrator without further explanation.

Delivery format

PDF files available in the client dashboard immediately upon completion of analysis, plus an online preview with the ability to filter by criticality and vulnerability category. Email notification with a direct link to the report.

Each identified vulnerability is presented in the format: “This vulnerability = risk of a 320K penalty + 3 days of downtime + loss of 12% of customers”.

How does it work?

Process in 3 steps

Onboarding (5 minutes)

After purchase, you specify the company domain in the customer panel. No installation, no agents, no DNS configuration. You confirm the statement that you have the authority to order a scan of the indicated infrastructure.

Scan and analysis (up to 48 hours)

In the background, we run a set of engines that scan your public infrastructure and map the findings to a database of known vulnerabilities. Each critical and high-profile vulnerability is then run through our Business Impact Engine – a module that converts it into a specific business risk expressed in PLN, based on current data on regulatory fines and incident costs for Polish companies. All this work happens on our side – your infrastructure is not burdened.

Report ready

You receive an e-mail with a link to two reports. Only the logged-in user can view them. The report remains available in your customer panel for the duration of your active subscription, or up to 12 months after purchase in the case of a one-time scan – you can download it at any time during this period. For security reasons, you can also delete the report from your account immediately after downloading.

solution

Price variants

One-time scan

249 zł

Full scan of one domain + 2 reports (Executive + IT)

Each successive domain (one-time)

+ PLN 200

Scan of an additional domain in the same order

Monthly subscription

899 zł/msc

Scan of one domain every week + alerts + access to history

Each successive domain (sub.)

+ PLN 699/msc

Scan of one domain every week + alerts + access to history

All prices net. VAT 23% added in the shopping cart. Subscription renews automatically. Cancellation at any time from the customer panel – the service remains active until the end of the paid period.

Who this service is for

Cyber Monitoring and Scanning is our entry-level product, recommended for any company with its own domain and any online presence. It’s especially worth reaching for if you’ve just entered the NIS2 or DORA regulatory area, are planning a security review, want to obtain a cyber insurance policy, or are just finishing implementing a new system and want to verify that nothing important has been missed.

A one-time scan will work well as a quick diagnosis of the state of the “here and now” – before verification, after deployment, before an investment round. A monthly subscription makes sense for companies that understand that security is a process, not a single action – new vulnerabilities emerge every day in the software in use, and only continuous monitoring can catch them early.

Frequently Asked Questions (FAQ)

Can a scan damage my systems?

No. We conduct the entire scan in passive (non-intrusive) mode – we analyze the systems’ responses to standard queries, and do not attempt to exploit the detected vulnerabilities. The scan generates traffic comparable to the activity of a regular bot, a vulnerability scanner or a potential attacker looking around your infrastructure – something your company receives daily from the Internet anyway. If you have load-sensitive systems, we can agree on a time window for the scan.

What if the scan detects a critical vulnerability?

As a standard service, yes, only publicly accessible resources. This is an analysis from the perspective of an attacker who has no access to the internal network. We additionally try to verify each detected vulnerability to see if it has been exploited in the past (traces in Threat Intelligence databases). An internal scan requires a separate manual pentest service with access to the internal network.

Do you only scan external infrastructure?

Is the report sufficient for ISO 27001 / SOC 2 verification?

The report can be part of the verification documentation – it includes date, scope, list of identified vulnerabilities and CVSS classification. It is not a substitute for a full certification verification, which also includes processes, organizational documentation and training, but it shows that the company is consciously managing risk (due diligence) – which is one of the main criteria assessed by verifiers. If the verifier requires additional elements – we are happy to detail them in the technical report.

Limitations of the service (disclaimer)

Automated scanning has limitations. It does not detect logical application errors, vulnerabilities requiring authorization, or insider threats. False positive (false positive) and false negative (false negative) results are possible. In case of inconclusive results, we recommend supplementing the scan with manual penetration tests. The full range of restrictions is described in the Terms of Service.

offer

Packages and related services

Cyber Monitoring and Scanning is most often ordered together with:

OSINT & Personnel Security

99,00 zł

Checks what data on key employees is publicly available

Verification of Regulatory Compliance

499,00 zł

Checks the company’s obligations as a result of detected leaks

Recon Package

749,00 zł

all three of the above services in one package at a discount of ~12%

Ready to see what the hackers see?

Full exposure report in 48 hours.

No installation. No risk.

Order a scan – PLN 249

Enable monitoring 899 PLN/msc