Know what you run.
Prove how you manage it.
CyberGuard is being built for MSP and security-minded ops teams that need one traceable path from messy infrastructure facts to client-ready technical evidence.
No signup yet. Applications will be reviewed for fit when invitations open.
Concept interface with synthetic data. Each assertion carries its provenance — CyberGuard never implies a fact is independently verified.
Built for MSP and ops teams managing self-hosted client estates.
You already work across Zabbix, shell scripts, structured observations, and an existing issue tracker. CyberGuard is designed to connect those facts — not replace the tools that produce them.
Not a scanner, ticket replacement, or certification platformThe version, patch, todo, and evidence layer for messy infrastructure.
The hypothesis is less manual assembly and more consistent follow-through. It hasn't been proven publicly yet — that's what the pilot is for.
Facts scattered across shell output, tickets, and chat.
Current Inventory per client, with history and freshness.
Unclear whether an advisory even applies to this host.
A traceable Finding linked to the evidence behind it.
Tickets closed without proof the work happened.
An evidence-confirmed state you can point a client to.
A monthly report rebuilt by hand, every time.
A reproducible client snapshot with scope and exclusions.
One chain, from observation to client-ready evidence.
Six primitives carry the whole story. Web, REST, and a planned MCP interface are just different doors onto the same chain — never a second data model.
The things a client operates.
How observations arrive — ingest, command output, manual, API, later Zabbix.
Observed software, access, and config facts, plus history.
Rules or authorized observations that evaluate facts.
Evidence-linked problems in one lifecycle.
Accountable human work, optionally synced to a tracker later.
One Debian observation, followed all the way to a snapshot.
Submitted via structured Source for web01 in Acme Ltd → Production.
openssl 3.0.11 recorded as user-submitted command output, then confirmed in Needs Review.
An applicable advisory surfaces as a canonical Finding — not yet functional in the first MVP.
Patch openssl on web01, owned by Marta, with a due date.
Scope, exclusions, verification levels, and a snapshot hash — clearly synthetic.
Trustworthy inventory first. Everything else is derived from it.
Current facts and history with freshness, source provenance, and conflict review — designed so you always know how fresh a fact is and where it came from.
Uncertain parses and mappings wait in a single Needs Review queue for an explicit human decision. Nothing ambiguous is silently trusted.
A finalized HTML/CSV snapshot with explicit scope, exclusions, verification levels, and a snapshot hash you can reference later.
One client Organization per trust boundary. Staff need explicit membership in every Organization — a billing bundle grants no data access.
A planned remote MCP interface will let a customer’s own AI tool create permitted Assets/Sources, submit deterministic observations, and monitor status inside one authorized Organization — never switching clients or receiving credentials.
A roadmap, stated as plans — not shipped features.
Every item below is planned and subject to validation. Order and timing may change as we learn from design partners.
- —Advisory & vendor-support feeds
- —Applicability, EOL state, canonical Findings
- —Todos, notifications, transparent posture
- —Zabbix inventory/event integration
- —AI-assisted parser & triage candidates
- —Human confirmation always required
- —Full Todo workflow, GitLab sync first
- —Branded report preview / finalize
- —Invite-only beta after security gates
- —Versioned hardening Checks, access reviews
- —Documented, declarative Check Studio
- —Five transparent bounded score pillars
Future Later possibilities — subject to validation
Framework evidence assistance, non-intrusive probes, plugins, scanner imports, enterprise connectors, client-consented portfolio summaries, SSO/SCIM, custom retention, and broad self-hosted availability are candidate directions only. Framework support may help organize evidence but cannot claim compliance or certification. Probes will never be described as a vulnerability scanner or penetration test.
Provenance stays visible. We don't dress up unverified facts.
A future finalized snapshot will disclose who or what supplied each assertion, at which verification level, with what scope and exclusions.
A snapshot hash can reveal later alteration within the CyberGuard evidence set. It does not prove the original external fact was true — and we never say "tamper-proof," "chain of custody," or "independently verified" for tenant-supplied data.
We do not claim GDPR compliance, a certification, an external audit, 24×7 operations, or any security property that hasn't been tested. EU/EEA hosting is the planned default and will be confirmed once providers and regions are selected.
Complements your monitoring and issue tracking.
A planned order, labelled by stage — not a logo wall. Nominative product names only; no integration is available today and none implies endorsement.
Deterministic ingest and a Debian/Ubuntu package parser.
First MVPVulnerability/advisory and vendor-support data.
Planned nextInventory/event integration for supported deployment paths.
Planned nextTodo synchronization first; Jira only after validation.
PlannedMCP is a planned product interface, not an AI-vendor partnership. It lets a customer's own AI tool use explicitly granted operations inside one authorized client Organization. It is not "autonomous remediation," and no AI-tool logo appears until that exact client passes documented compatibility and authorization tests.
One offer opens first. The rest are hypotheses.
The paid design-partner pilot will be the first actionable offer. Every other plan is proposed for validation. Prices are monthly, exclude VAT, and are not final.
Each client is always a separate Organization and trust boundary — a consultancy billing bundle never grants cross-client data access.
- ✓Up to 5 isolated client Organizations
- ✓Up to 500 active Assets total
- ✓Assisted onboarding + weekly session
- ✓Implemented pilot features during the term
- ✓Best-effort support · no uptime SLA
- ✓No auto-renewal or silent conversion
- ✓Up to 3 isolated client Organizations
- ✓Up to 300 active Assets total
- ✓Core capabilities that have shipped
- ✓Manual snapshots / Reports when available
- ✓Standard business-hours support
- ✓Up to 15 isolated client Organizations
- ✓Up to 2,000 active Assets total
- ✓Everything shipped in Starter
- ✓Higher validated automation limits
- ✓Per-client Report branding when available
- ✓Priority business-hours support
- ✓Up to 50 isolated client Organizations
- ✓Up to 10,000 active Assets total
- ✓Everything shipped in MSP
- ✓Highest standard validated limits
- ✓Structured onboarding + service review
- ✓No implied SSO/SCIM, probes, or self-hosting
Features that haven't shipped show "when available" or a release stage, never a checkmark. Baseline security, tenant isolation, export/deletion, audit logging, and evidence-quality labeling are identical on every plan and never weaken on a lower tier. Overage pricing (€15/Organization, €0.10/Asset, with a 10% grace measured per meter) is an opt-in test assumption — never a surprise charge. Existing evidence stays readable and exportable at a limit; only the operation exceeding it is blocked.
Straight answers for a prelaunch product.
Is CyberGuard available today?
No. CyberGuard is in development. The only current motion is applications for a paid, assisted design-partner pilot. There is no self-service signup, checkout, or generally available product.
Who is the design-partner pilot for?
Small MSPs and security-minded ops consultancies managing heterogeneous, mostly self-hosted client infrastructure — teams that today rely on Zabbix, scripts, and manual evidence and want a repeatable way to understand state and prepare client evidence.
Is CyberGuard a vulnerability scanner?
No. It records and evaluates observations that arrive from your sources; it does not actively scan or probe your infrastructure. It is not a penetration test and is not a replacement for one.
Does it replace Zabbix or our issue tracker?
No. It complements them. Zabbix integration and tracker synchronization are planned later stages; the product connects the facts those tools produce rather than replacing them.
How are different clients separated?
Each managed client is a separate Organization and trust boundary. Projects partition environments inside one client. A consultancy billing bundle never grants cross-client data access — staff still need explicit membership in every Organization.
Can it connect to a private-only Zabbix?
An assisted private-network deployment may be considered for a selected design partner whose Zabbix cannot be safely published to fixed SaaS egress IPs. It is a scoped pilot conversation, not a generally supported self-hosted edition. We never claim general access from SaaS into a customer’s private network.
Does it make us compliant or certify us?
No. CyberGuard can help organize evidence for review, but it does not make you compliant with GDPR, Cyber Essentials, NIS2, ISO, CIS, SOC 2, PCI DSS, or any framework, and it is not a certification.
How is AI intended to be used?
AI is an optional, later, candidate-assistance mechanism — for example parser and triage suggestions — always validated deterministically and confirmed by a human. It cannot make security decisions automatically.
Can our own AI tools use CyberGuard through MCP?
That’s the plan. A permission-scoped remote MCP interface will let your chosen AI tool use explicitly granted operations inside one authorized client Organization. It cannot switch clients, receive credentials, bypass review, or approve its own work.
Is self-hosting available?
No. Broad self-hosted availability is a future possibility subject to validation. Only the scoped private-network pilot conversation above exists today.
What happens to pilot data?
Tenant isolation, minimized telemetry, export and deletion workflows, and evidence access logging are intended principles. The trust, privacy, and DPA documents will be available before any production pilot data is handled.
Are these final prices?
No. All prices are proposed hypotheses for validation, monthly and excluding VAT. Only the design-partner pilot is actionable today; other plans use a waitlist.
Design-partner waitlist.
The pilot is for small MSPs and security-minded ops consultancies managing heterogeneous, mostly self-hosted client infrastructure. We review each application for fit, then follow up with a discovery conversation. Selection isn’t guaranteed.
- We review your application for fit — this isn’t a signup.
- A discovery conversation follows before any commitment.
- Selection isn’t guaranteed; the pilot cohort is intentionally small.
Invitations aren’t open yet
We’re finishing the privacy and email-delivery setup. No applications are being collected today.
Read the prelaunch privacy status