Give Sentinel one domain and it maps every subdomain, address, certificate, and live service exposed under it, scans each one for known vulnerabilities, and alerts you when something on that surface changes.
Sentinel starts from one domain and maps the full external surface behind it: the subdomains, addresses, certificates, and public services that carry your company name, including the ones nobody on the team remembers setting up. Every host it finds runs through the vulnerability scanner, the dashboard tracks each finding from new to fixed and flags the ones that come back, and the report is written in language an IT generalist can act on the same afternoon.
Sentinel is built for the company that does not staff its own security team. It runs on its own at CHF 299 per month, under Swiss jurisdiction and with data held in the EU, and the reports are available in German. There is no annual minimum and no quarterly analyst review designed around a company 10 times your size.
Certificate authorities record every TLS certificate they issue in public logs. When a certificate for one of your domains appears there, Sentinel flags it on your change feed, so a host someone set up overnight does not stay invisible until the next discovery run.
It pulls subdomains from public records, resolves each one to a live address, checks which of them serve web applications, and follows the network blocks you own to their neighbours. Addresses on shared hosting are never scanned automatically; they wait in a pending list until you confirm they are yours.
Every change to your surface lands on one feed. You decide which kinds of change reach you and how severe they have to be before they trigger an email or a webhook. Mark what you have handled, mute what does not concern you, and the feed keeps a record of who did what and when.
A single PDF maps your live inventory and scan results to ISO 27001:2022, NIS2 Article 21(2), FINMA Circular 2023/1, CIS Controls v8.1, and NIST CSF 2.0. It is the same document an auditor, an insurance broker, or a larger customer running a supplier review will ask you to produce.
Business targets are scanned daily, weekly, or monthly on the day you choose, and every host that discovery surfaces runs through the same scanner on the day it is found.
The dashboard separates what appeared this week from what you already resolved. When a fix does not hold, the finding returns marked as a regression instead of sinking into the list as a seemingly new entry.
Every finding explains what was found, why it matters for the business, and how to fix it, in language an IT generalist can act on the same afternoon. The findings stay tracked in the dashboard after the email is read.
The surface inventory, the change feed, and the vulnerability findings live in the same product behind one login. There is no second tool to buy and no integration project before the first useful result.
Sentinel finds RDP open on a Windows Server somebody set up for a vendor in 2019. It catches Telnet still listening on a printer that nobody thought to retire. It surfaces SMB shares facing the public internet, and SSH on the default port with password authentication still enabled.
Sentinel detects Apache 2.2 from 2018 with a chain of unpatched CVEs. It identifies Exchange Server installations that are unpatched against ProxyShell, and WordPress sites running plugins with known vulnerabilities. Each finding lists the CVE, the fix, and whether public exploit code exists.
Sentinel finds admin/admin on router consoles facing the internet, default passwords on NAS units that should have been hardened, and SSH services that accept dictionary passwords. The credential test stops at the first match and nothing is exploited.
Sentinel reports expired TLS on admin panels, self-signed certificates on payment portals, and wildcard certificates covering subdomains the company forgot it owned. Each finding includes the correct replacement path with the corresponding ACME or vendor command.
CHF 2,870 yearly. Save 20 percent and cancel at the next monthly cycle.
The free tier auto-detects your residential IP. The Business tier accepts custom IPs and domains after ownership verification through DNS records or admin access.
A node in Frankfurt performs port discovery, service detection, CVE matching, and weak credential checks. End to end runtime is 30 to 60 minutes for a single target.
It also lands in the dashboard. Each finding carries severity, evidence, business impact, and step by step remediation that an IT generalist can follow.
Attack Surface Management is the continuous discovery and monitoring of everything a company exposes to the internet: domains, subdomains, addresses, certificates, and live services. Sentinel maps that surface from a single domain, scans every host it finds for known vulnerabilities, and reports each change.
The firewall blocks what you tell it to block. The scan tells you what is open. Most firewalls have a forgotten rule, an old port forward, or a service that should have been retired. Sentinel finds those before an attacker does.
Automated bots scan every IP on the internet several times per hour. Ransomware operators select targets by exposure, not by company size. A 20 person company with an unpatched VPN gateway exposes itself the same way a 5000 person company does.
Sentinel performs passive service detection and matches the results against the CVE database. Credential testing uses common default lists and stops at the first match. It does not exploit findings or modify anything on the target.
Shodan publishes raw scan data for anyone to query. Sentinel scans your specific systems on demand and writes a plain language report a person without security training can act on the same afternoon. The two tools do different jobs.
Both products cover External Attack Surface Management. Sophos wraps a managed service team around the scanning, while Sentinel is built for the Swiss SMB that runs it on its own, with German reports and a monthly price. The full comparison covers scope, pricing, and the buyer each product fits.
You scan your own systems. The free tier only scans the IP your request originates from. The Business plan requires DNS or admin verification of ownership before custom targets are accepted. Fully legal under Swiss and EU law.
Free tier scan data is deleted 24 hours after the report is sent. Business plan data is retained for the duration of the subscription and encrypted at rest. The platform runs in Frankfurt and Swiss jurisdiction applies to the customer relationship.
The partner program is open to Swiss IT service providers, MSPs, security consultants, and system integrators with recurring service contracts. Partner rates are agreed in the application call. See the partner program.