CyberTwin
THREE MODES · ONE ENGINE

Three ways in. One engine.

The same engine runs underneath all three — the door you pick just changes what you hand it. Design a stack from a blank page, score the one you already run, or upload a real config export and let it read the bytes.

(01)DESIGN
Included in every tier

Three priced stacks — before you spend a dollar.

What it does

For new programs, M&A integrations, or "let's start over" moments. The engine designs a security stack from your industry, size, regulatory load, and budget — three priced architectures (Lean / Balanced / Advanced) with real products, real prices, and the reference architectures teams like you actually deploy.

What you feed it

A short profile: industry, headcount, regions, frameworks in scope, current stack, budget, and concerns. Or upload diagrams and invoices and the engine extracts the stack for you.

What you get out
  • Three priced architectures with real product recommendations from a catalog of 99 products
  • An architecture diagram (exportable as SVG / PNG) with the attack paths each design opens
  • Compliance coverage scored across 24 frameworks, a Do-Nothing dollar scenario, and a sequenced roadmap
  • A board-ready PDF behind every number
REFERENCE ARCHITECTURE
LeanBalancedAdvanced
Microsoft Entra
FortiGate
Microsoft Defender for Endpoint
Veeam immutable backups
YOUR BUDGET · 200-PERSON FINTECH
$130k / yr
SOC 2ISO 2700118-MO ROADMAP
BALANCED TIER · REAL PRICES FROM A CATALOG OF 99 PRODUCTS

EXAMPLE · 200-person fintech, $130k budget → reference architecture: Microsoft Entra + FortiGate + Microsoft Defender for Endpoint + Veeam immutable backups. SOC 2 + ISO 27001 aligned. 18-month roadmap with quarterly milestones.

(02)REVIEW
Included in every tier

Score what you run. Keep what works.

What it does

For teams who already deployed but want a second opinion. The engine scores your current posture, surfaces the gaps, recommends optimizations to the tools you already own before you buy anything new, and produces a roadmap of what to swap, augment, or consolidate.

What you feed it

What you run today — products, vendors, and configuration described in intake or pulled from uploaded documents and network diagrams. Modeled reachability is labeled modeled; nothing is invented.

What you get out
  • Posture scored against 24 frameworks, with explicit / derived provenance per control
  • An attack-path map across the 15 supported vendor families — the path from a foothold to your crown jewels
  • Redundant-tool and coverage-gap findings, with consolidation savings
  • A prioritized risk register with named threat-actor patterns, and the board-ready report
POSTURE LIFT · SOC 2
MODELED PROJECTION
SOC 2 SCORE · AFTER 3 CONFIG CHANGES
7189
4
REDUNDANT TOOLS
2
CRITICAL GAPS
$89k
SAVED / YR
SAVINGS = MODELED CONSOLIDATION · 450-PERSON SAAS
FootholdOktaSplunkCrown jewels
ATTACK PATH · REACHABILITY LABELED MODELED

EXAMPLE · 450-person SaaS, San Francisco. Existing CrowdStrike Falcon + Splunk + Okta → 4 redundant tools, 2 critical data-loss-prevention gaps, $89k of annual consolidation savings, SOC 2 score 71→89 with three configuration changes.

(03)CONFIGURATION
Assess: 1/yr · Operate: 3/yr · Program: unlimited

Upload the real config. Every finding, proven or modeled.

What it does

Upload a real configuration export and the engine parses the actual bytes against vendor-specific best practices — 1,917 checks across 37 supported vendors. Findings on the real file are labeled proven; everything modeled is labeled modeled. Recorded, ledgered control proofs re-parse FortiGate, PAN-OS, and OPNsense configs today — proven for those, modeled for the rest. The same review a consultancy would bill tens of thousands of dollars for — re-run it yourself any time a config changes.

What you feed it

A configuration export from any of the 37 supported vendors — firewall, WAF, EDR, cloud, identity, SIEM, email, backup, DLP. Secrets are redacted across 8 secret classes before storage; nothing is stored in the clear. No live scan, no agent, no connected integration.

What you get out
  • Every rule analyzed for hygiene, not just posture — shadowed and redundant rules, overly-permissive any-any grants, stale and unused objects, and risky rule combinations across your firewall, identity, and cloud policies (unused-rule detection is skipped, never guessed, when the export carries no hit counts)
  • On Program every vendor is covered and findings stitch cross-vendor to your crown jewels; Operate audits any one vendor per review
  • Rule-by-rule findings with real evidence excerpts from your file (proven, not asserted)
  • Copy-paste remediation snippets for each finding
  • The attack path each gap opens, and the compliance controls it maps to
  • A posture score and a tamper-evident proof you can re-verify offline
fortigate.conf
PROVEN ON YOUR FILE
FINDINGS
42
POSTURE
32/100
12 CRITICAL8 HIGH22 MED / LOW
TOP FINDING

Intrusion-prevention profile not assigned to the default policy.

REMEDIATION SNIPPET GENERATEDSOC 2 CC6.6ISO 27001 A.13.1.1
RE-VERIFY THIS PROOF OFFLINE →

EXAMPLE · FortiGate config upload → 42 findings (12 critical, 8 high), posture 32/100. Top finding: intrusion-prevention profile not assigned to the default policy. Replacement snippet generated. SOC 2 CC6.6 + ISO 27001 A.13.1.1 flagged.

PER-VENDOR CHECK DEPTH →

Depth varies by vendor, and we publish it — the live check count per vendor, next quarter's target, and the last baseline review, so you can size up before you buy. AWS Config / Security Hub is the reference plugin at 94 checks today.

VendorCategoryChecks todayTarget Q4 2026Last reviewStatus
AWS Config / Security Hubcloud94252026-04-01Reference depth
Azure Policy + Defender for Cloudcloud88252026-04-01Reference depth
GCP Security Command Centercloud84252026-04-01Reference depth
CrowdStrike Falconendpoint73252026-04-01Reference depth
Jamf Proendpoint71252026-04-01Reference depth
Auth0identity70252026-04-01Reference depth
Microsoft Intuneendpoint69252026-04-01Reference depth
Sophos XGSnetwork60252026-04-01Reference depth
Mimecastemail57252026-04-01Reference depth
Elastic Securitysiem55252026-04-01Reference depth
Palo Alto Networks PAN-OSnetwork54282026-04-15Reference depth
Oktaidentity53252026-04-01Reference depth
AWS IAMidentity53262026-04-22Reference depth
Google Workspaceidentity53252026-04-01Reference depth
Cisco Merakinetwork52252026-04-01Reference depth
Microsoft Defender for Office 365email52222026-04-18Reference depth
WatchGuard Fireboxnetwork51252026-04-01Reference depth
Abnormal Securityemail51252026-04-01Reference depth
Veeam Backup & Replicationbackup51252026-04-01Reference depth
Fortinet FortiGatenetwork50362026-04-12Reference depth
Check Point GAIA / R81+network48252026-04-01Reference depth
JumpCloudidentity48252026-04-01Reference depth
Microsoft Defender for Endpointendpoint47252026-04-01Reference depth
Proofpointemail46252026-04-01Reference depth
pfSensenetwork45252026-04-01Reference depth
SentinelOneendpoint45252026-04-01Reference depth
Juniper SRXnetwork44252026-04-01Reference depth
Microsoft Purview DLPdlp44252026-04-01Reference depth
Cisco ASA / Firepowernetwork43252026-04-01Reference depth
Microsoft Sentinelsiem42222026-04-18Reference depth
Cloudflare WAFwaf40252026-04-01Reference depth
Microsoft Entra ID Conditional Accessidentity35242026-04-08Reference depth
Splunk Enterprise Securitysiem35252026-04-01Reference depth
Rubrikbackup34252026-04-01Reference depth
AWS WAFwaf34252026-04-01Reference depth
OPNsensenetwork27252026-04-01Production
GitHub Advanced Securitycloud19252026-04-01Baseline

Don't see your vendor at the depth you need? Email feedback@cybertwin.io.

PICK YOUR DOOR

Same engine. Your call on the door.

Assess includes Design, Review, and 1 Configuration Review a year. Operate: 3 a year · Program: unlimited.