- Scores all 24 frameworks
- Three priced stacks
- Breach Replay included
- 1 config review a year
One session in, one artifact out: a board-ready PDF with your posture score, priced risk, and a sequenced roadmap.
Upload the firewall, cloud, and identity configs you already have. CyberTwin builds a live twin of your environment and answers the questions that actually matter — every attack path to your crown jewels, what each risk costs in dollars, where you stand across 24 frameworks, and the board packs, audit evidence, and insurance answers you owe — each one a signed proof anyone can re-check. No agents. No scanning. Nothing fabricated.
Attack paths are one of the questions your twin answers — the same twin also prices your risk, scores your frameworks, and proves it all over time. Here it is on real engine output for a sample estate, mapped across the 15 vendor families we stitch into the attack graph: click any path to trace it hop by hop — foothold to crown jewel — every dollar labeled modeled, every hop declaring its evidence.
Every figure below is a count you can re-derive yourself — the checks re-run against your own uploaded file, the framework set is enumerable, the test suite is what our CI runs on every change. None of it is a usage stat, and none of it is borrowed.
Global standards, US, Europe, and the GCC set most tools skip — SAMA, the NCA suite, PDPL, and DESC. Every framework mapped from a single configuration data set, then scored control by control. No separate questionnaire, no second upload.
Coverage, not certification— we map your configuration to each framework's controls and score it. CyberTwin is not an accreditation body, and naming a framework here does not imply its issuer endorses us.
No agent, no connectors, no live scan — you hand over the exports you already have, and the engine turns them into structure, paths, prices, and proof. Four beats, told by the product itself.
A firewall config, an Okta export, a CSPM snapshot — files from your side of the wall. No agent to install, no credentials to hand over, no change window to book. One upload, and the engine has everything it needs.
The engine parses the real file and runs its vendor's deterministic checks — 1,917 across the catalog — and labels every result: proven when it's read straight from your config, modeled when it's inferred. You always know which is which.
A finding alone is a to-do; chained, it is a breach. The engine stitches gaps across vendors into the paths an attacker would actually walk — foothold to crown jewel — and prices each one as modeled ALE at risk, with every hop declaring whether it is config-backed or assumed. The fix order defends itself.
Board pack, framework scores, signed certificates — every number dated to the upload it came from and re-checkable offline. When your configs change, the next upload re-checks the claim — and where the artifact re-parses (FortiGate, PAN-OS, or OPNsense configs; IaC, CSPM, and identity exports), it re-proves it or shows exactly what broke.

A firewall config, an Okta export, a CSPM snapshot — files from your side of the wall. No agent to install, no credentials to hand over, no change window to book. One upload, and the engine has everything it needs.

The engine parses the real file and runs its vendor's deterministic checks — 1,917 across the catalog — and labels every result: proven when it's read straight from your config, modeled when it's inferred. You always know which is which.

A finding alone is a to-do; chained, it is a breach. The engine stitches gaps across vendors into the paths an attacker would actually walk — foothold to crown jewel — and prices each one as modeled ALE at risk, with every hop declaring whether it is config-backed or assumed. The fix order defends itself.

Board pack, framework scores, signed certificates — every number dated to the upload it came from and re-checkable offline. When your configs change, the next upload re-checks the claim — and where the artifact re-parses (FortiGate, PAN-OS, or OPNsense configs; IaC, CSPM, and identity exports), it re-proves it or shows exactly what broke.

One engine runs the whole program — in the order a buyer actually works it. Choose the right stack, make the exact fixes, then hand over proof that re-checks. No agents, no live scan, nothing fabricated.
Give the engine your industry, size, frameworks, and budget. It returns three priced stacks with real products at list prices — and the attack paths each design would leave open. You defend the budget with numbers, not vendor decks.
Upload one config export and Configuration Review parses the real file and runs its vendor's slice of 1,917 deterministic checks; every finding arrives with a copy-paste fix and the attack path it opens. When a CVE trends, type the ID and Breach Replay says whether it reaches you. The exact change, not advice.
Every proven finding lands in a signed, hash-chained ledger, and a fix counts as closed only when your next upload proves it. Hand the auditor a bundle that re-verifies offline — evidence that stays dated, never frozen.
Every modeled risk, config-review finding and severed attack path lands in one register — each with an owner and a dollar weight. Assign it, invite the people who fix it, and hand auditors a view-only proof they re-check themselves. The program runs in CyberTwin, not a spreadsheet.
Modeled risks, config-review findings and attack-path break-points land in a single register, each with an owner and a modeled dollar weight so the fix order defends itself.
Add colleagues by role, assign a finding to an owner, and track it to closed — the next upload re-checks whether the fix actually closed the path.
Hand an auditor or the board a view-only, re-verifiable snapshot — with view counts and one-click revoke. They re-check the signature themselves; nothing to trust.
illustrative preview · seeded demo estate · modeled dollars, not a real tenant
Five of the 12 boardroom-grade reports your environment data set renders — real rendered pages from the seeded sample environment, not comps.
Every chained path, its hops, its cheapest cut, and its modeled dollar exposure — the fix order that defends itself.

Your score across 24 frameworks with per-control provenance — proven from config, or modeled and labeled.

The board-ready narrative: what changed, what it costs, what you decided — every tier, every quarter.

Twelve months of uploads condensed into the defensibility story — dated proofs, closed paths, scores over time.

Broker questionnaires answered from the engine with provenance chips — not from memory the night before renewal.

Assembled once, the model answers the hard questions too — your AI agents, your machine identities, your vendors’ real access, and the plant floor. Point it anywhere and get proof, not opinions.
The proof is a dated, signed bundle — not a dashboard state. Here's exactly what a re-verify runs: the hash chain re-computes, the signature verifies, the witness matches. Run it on a real bundle in your own browser — no signup, no trust required.
Every check a re-verify runs — all pass on the sample bundle.
the checks a proof re-verify runs · seeded demo estate · illustrative
No customer logos yet — so instead of asking for trust, we show the grade on the work. A finding is proven, modeled, or honestly unknown, and you can tell which from across the room. The label decides what a number can survive.
Can an attacker reach the crown-jewel database — through identity, then the endpoint?
The same claim, drawn three ways.
re-parsed from the bytes of your uploaded config
inferred from typical topology — labeled, never hidden
a control we can't see from your upload — so we say so
A proven finding holds up under an auditor's challenge — it was re-parsed from your actual bytes. A modeled figure is decision support for sizing budgets. An honest-unknown is the gap we refuse to paper over. You always know which one you're holding.
The engine grades the stack it recommends — and shows how much of the score is proven versus modeled headroom you'd buy for more.
Any proof bundle re-checks in your browser — nothing uploads. Verify a proof →
Published up front, because there's no ambush waiting on a sales call. Four plans, every number visible — pick the job you're buying for.
One session in, one artifact out: a board-ready PDF with your posture score, priced risk, and a sequenced roadmap.
Upload a real config export and hand the auditor rule-by-rule findings — evidence excerpts and copy-paste fixes included.
One environment data set renders 12 boardroom-grade reports — plus signed proofs anyone can re-check at /verify.
Program, on your infrastructure, with a human on the other end of the call.
White-label PDFs under your firm’s logo, custom internal control sets, and a single-tenant instance.
Export a config, upload it, and get your first proven attack path in minutes. No agent. No live scan. No call required.
Assess and Operate bill monthly — cancel anytime. Your reports are PDFs; they work after you cancel.