The complete platform

Every security problem an MSP faces — in one platform

External, internal, cloud, and Microsoft 365 scanning. Compliance, remediation, monitoring, and white-label reporting. 5,588 checks, one multi-tenant console.

Get started Run a free scan
5,588checks
4scan surfaces
10frameworks
acme-corp.com · full posture 82 / 100
EXTExternal surface · 674 checks88
INTAgent · BitLocker, patching71
CLDAWS · public S3 bucketFAIL
M36512 users without MFAHIGH
SOC218 / 21 controls passing86%
Coverage

Four surfaces, 5,588 checks, one scan

External scanning is where most tools stop. SBCMSP keeps going — inside the network, into the cloud, and across identity.

External attack surface

674 checks

TLS, DNS, email auth, exposed services, subdomains, and KEV-listed CVEs — everything an attacker can see, no agent required.

Internal agent

284 checks

A lightweight Windows agent runs 14 modules: BitLocker, patching, local admin, AD attack paths, Defender posture, and more.

Cloud posture (AWS & Azure)

274 checks

CSPM across IAM, S3, EC2, CloudTrail, KMS, Storage, Network and Defender — public exposure and misconfigurations flagged continuously.

Microsoft 365 / Entra

123 checks

MFA coverage, conditional access, legacy auth, risky sign-ins, sharing and tenant hardening read straight from the tenant.

External coverage

Inside the 674 external checks

Twenty categories of internet-facing checks, run continuously and prioritized by real-world exploitability.

TLS / SSL

Certificate chain, expiry, protocol versions, weak ciphers, and HSTS.

Email authentication

SPF, DKIM, DMARC, MTA-STS and BIMI alignment across every domain.

DNS & subdomains

Dangling records, zone transfers, and forgotten subdomains.

Exposed services

Open ports, admin panels, databases, and dev endpoints facing the internet.

Cloud exposure

Public buckets, misconfigured CDNs, and leaked storage.

Known exploited CVEs

Findings prioritized with CISA KEV and EPSS probability.

The platform

More than a scanner

Scanning is the start. SBCMSP takes you from finding to fixed to proven — and reports it under your brand.

10-framework compliance

SOC 2, HIPAA, PCI DSS v4, NIST CSF 1.1, NIST CSF 2.0, CMMC, ISO 27001, CIS v8, FTC Safeguards and Cyber Essentials — mapped from a single scan.

AI remediation guidance

Every finding pairs with plain-English, step-by-step fix guidance and a projected score after remediation.

Continuous monitoring

Uptime, keyword and port monitors, plus SSL-expiry and DNS-change alerting across every domain.

White-label reports & portal

Audit-ready PDFs and a live client portal — your logo, your domain, your brand on everything.

Remediation workflow & SLAs

Assign findings, set SLA due dates, and track overdue / escalated work — or sync it straight to your PSA.

Multi-tenant by design

Manage 20, 50, or 100+ client environments from one console with per-tenant scoping and role-based access.

Threat intelligence

CISA KEV and EPSS exploit-probability feeds rank every finding by real-world risk, not just CVSS.

Integrations & API

HaloPSA, Autotask, Syncro, Atera & NinjaOne PSA integrations, Slack & Teams alerts, webhooks, and a REST API for everything else.

How it works

Find what matters, fix it, prove it, report it

01

Connect

Add a domain (no agent) or deploy the Windows agent and connect AWS, Azure, and M365 in minutes.

02

Scan

5,588 checks run on a schedule across external, internal, cloud, and identity surfaces.

03

Prioritize

Findings are ranked by KEV/EPSS and paired with AI remediation guidance.

04

Prove & report

Map to 10 frameworks and export an audit-ready, white-label PDF in one click.

Prioritization

Not just findings — a ranked plan

Every issue across all four surfaces is enriched with CISA KEV status and EPSS exploit probability, then paired with AI-written, plain-English remediation steps your techs can action.

  • KEV / EPSS-ranked severity
  • Step-by-step fix guidance
  • Projected score after remediation
  • Auto-mapped to 10 frameworks
82
+27 pts
projected after fixing 4 criticals
View plan

See your first client's full posture free

Run a free external scan in minutes — then unlock all 5,588 checks across every surface.

Get started View pricing