Your security team — for small business.

Enterprise customer asked about your security

A prospect or existing customer sent over a security questionnaire, asked about SOC 2, or wants to see evidence of monitoring. Deal is gated on the answer.

Cyber insurance renewal is coming up

Your underwriter wants evidence of MFA, EDR, an IR plan, and basic monitoring. Premiums are climbing; coverage caps are dropping. You need answers and a paper trail.

A near-miss made it real

Phishing landed, an ex-employee account got hit, a vendor told you they were breached. You want grown-up security in place before next time isn't a near-miss.

Getting Started

Free

A 30-minute intro call

A quick conversation to understand where you are, what your security pressure looks like (customer questionnaire, insurance, recent scare), and whether there's an obvious next step. No pitch deck.

• Understand your security posture
• Spot quick wins
• Get a clear next step
• No commitment required

Book a call

Quick Audit

$1,500

One-time posture review

External attack-surface scan, MFA and email-hygiene check, and a one-page summary you can hand to a customer or underwriter. Two-week turnaround, no engineering team disruption.

• External attack-surface scan
• MFA and email hygiene check
• One-page executive summary
• 60-minute walkthrough call

Schedule audit

Security Pulse Check — Most popular

$4,500

Four-week deep dive

Everything in the Quick Audit, plus a full web application penetration test and thirty days of monitored remediation. Two deliverables: technical pack for engineering, executive one-pager for the board.

• Everything in Quick Audit
• Web application penetration test
• 30 days monitored remediation
• Technical pack + executive one-pager
• Named Katalor lead

Schedule Pulse Check

Monthly Retainer

$2,500+/mo

Ongoing managed security

For businesses that want their security team on retainer. 24×7 monitoring, quarterly retests, incident response on call, and rolling compliance evidence — managed by the same Katalor lead that ran your Pulse Check.

• 24×7 SOC monitoring
• Quarterly retests
• Incident response retainer
• Rolling compliance evidence
• Named Katalor lead

Start a conversation

01. External attack-surface review

We catalog everything an attacker can see from the internet — marketing site, customer portal, exposed admin panels, forgotten subdomains. Manual verification, not just an automated scan.

02. Web application penetration test

Authenticated and unauthenticated testing of your primary web app against the OWASP Top 10. Business-logic abuse where applicable. Findings ranked by exploitability, not just CVSS scores.

03. Email and identity hygiene check

MFA coverage across your team, SPF/DKIM/DMARC posture on your domain, password-manager and SSO state. The boring stuff that closes the most common breach paths.

04. Thirty days of monitored remediation

As your team (or contractor) fixes the findings, we monitor that the fixes hold and don't introduce new exposures. You get unblocking help, not a report-and-walk-away.

05. Two deliverables

A technical pack for your engineering team or contractor (full findings, severity, fix steps). A one-page executive summary you can hand to a customer, an auditor, or an underwriter.

Week 1 — Scope

30-minute call, asset inventory, kickoff. Fixed-scope SOW signed.

Weeks 2–3 — Test

External recon, web pen test, identity hygiene assessment. Daily progress notes.

Week 4 — Report

Technical pack + executive one-pager delivered. Remediation plan walked through.

+30 days — Verify

Monitored remediation window. We watch the fixes hold and answer questions as they come up.