Security landscape · SMBs 2025-2026
Sources:IBM · ENISA · Verizon DBIR
Time
287 days
before a security breach is typically detected at an SMB.
IBM Cost of a Data Breach 2024
Cost
€120k avg.
average cost per breach for European SMBs.
IBM / ENISA 2024
Ratio
9 / 10
SMBs have at least one critical vulnerability right now.
Verizon DBIR 2024
02 //How it works

From question to answer in 60 seconds

Three steps. No card, no install. You see status now — we keep watch in the background.

We scan 30+ parameters

DNS, SSL, headers, leaked passwords, dark-web hits, supply chain, and CT logs. On Pen-Test reports we also orchestrate pentest-ai, an agent framework that validates findings with safe proof-of-concepts and surfaces chained vulnerabilities.

~30 seconds · agent-validated on Pen-Test

You’re alerted before it becomes a problem

With PLUSS we monitor your domain and email around the clock. Change detected? Email within the same second, plus a monthly summary on the first of every month.

Continuous
03 //Three pillars · always on

We keep watch — on three fronts at once

While you work, sleep, or take a holiday, Sentinel runs continuous checks against the known attack vectors.

Domains
01 / 03

Domain monitoring

A changed DNS record, an expiring certificate, or a forgotten subdomain is often all an attacker needs. You find out first — not your customers.

  • Certificate expires or renews unexpectedly
  • DNS records change without your knowledge (a classic sign of account takeover)
  • New certificates issued for your domain detected within an hour (Certificate Transparency logs)
  • Forgotten subdomains from old vendors — a favourite target for takeovers
  • External JavaScript libraries watched for change (Magecart-style supply-chain attacks)
  • WHOIS changes to ownership or contact details
  • Uptime measured from 6 countries, every minute
Email
02 / 03

Email monitoring

287 days is the average time before a leaked password is discovered — usually after the damage is done. You get an alert the same hour your email shows up in a new breach.

  • Checked against HIBP (14B hashes) + LeakCheck (12B+ records)
  • Live breach-feed: re-check within the hour a new leak goes public, not on the next daily sweep
  • Which service leaked, when, and what was exposed
  • Password strength evaluated against 100M+ cracked passwords
  • Concrete action list per finding — not just an alert
  • Up to 10 addresses monitored, more on request
Dark web
03 / 03

Dark-web monitoring

Leaked passwords, customer data, and corporate documents trade daily on closed forums and breach marketplaces. You’re alerted the same day your traces show up — before criminals can act on them.

  • Email + password combinations in new leak dumps
  • Names, phone numbers, and addresses in compromised registries
  • Company names and employee data mentioned in criminal forums
  • Card and bank details for sale on fraud marketplaces
  • Look-alike domains impersonating your brand (links into Phishing Radar)
  • Direct action plan on finding — change password, notify bank, freeze card
04 //Toolkit

18 security tools in one place

12 free for everyone. 6 more exclusive to PLUSS members.

Free for everyone

12 tools
🔗
URL forensics
Phishing, redirects, suspicious patterns
🔑
Password check
Check leaked passwords — k-anonymous, local
Email breach check
Is your email in known data leaks?
📄
File scan
Malware via VirusTotal (60+ engines)
🌐
IP recon
Geo, ASN, blocklists, and known threats
🔒
SSL certificate
Validity, issuer, signature algorithm
📋
HTTP headers
CSP, HSTS, X-Frame-Options & more
🔍
QR code
Decode and security-check QR codes
🕵
Data exposure
Is personal data publicly visible?
🛰
Threat intel
ThreatFox, URLhaus, PhishTank, MalwareBazaar
👁
Tracking analysis
Cookies, trackers, and sec-headers on a site
📡
Port exposure
Passive Shodan lookup — which ports are visible?

Exclusive to PLUSS PLUSS

6 more

The toolkit a professional pen-tester unpacks on day one: the network, the web application, the crypto configuration, hidden content, public intelligence, and 13,000+ known CVE patterns. An external pen-test with equivalent coverage typically starts at €3,000. On PLUSS you run them on autopilot against your own infrastructure — as often as you like.

🛡
Security scan (Nmap)
Active port-scan · service & OS detection
🌍
Web scan (Nikto)
6,700+ known web vulnerabilities
🔐
SSL report
A+/F grade via testssl.sh
🔭
Content scan
Hidden files/folders · admin · .git · .env
📥
OSINT recon (theHarvester)
Passive recon · emails, subdomains, IPs from 7 sources
🎯
Vulnerability scan (nuclei)
Template-based · 13,000+ CVEs, takeovers, exposures
05 //Sample alerts

What a Sentinel alert looks like

Straight to your inbox — no noise, no false alarms.

Domain
03:14 · last night
From: Mustvedt Sentinel

New SSL certificate issued for yourcompany.com

A new SSL certificate was issued from Let’s Encrypt for yourcompany.com at 03:11. Was this planned? If not, it can be a sign of domain takeover.

Recommended: Verify with your IT contact.

→ your inbox View report ↗
Email
07:42 · today
From: Mustvedt Sentinel

jane@company.com found in new breach

Your email was found in a new breach at LinkedIn (June 2026), covering 92 million addresses. Your password on that service may be compromised.

Recommended: Change the password now, enable 2FA.

→ your inbox View report ↗
Dark web
14:08 · yesterday
From: Mustvedt Sentinel

Your full name appeared in a leaked database

Your name was found in a database from a hotel-booking system breach, alongside your phone number and partial card number. The leak is dated Q3 2026.

Recommended: Freeze the card on suspicious activity, and watch out for scam SMS and impostor bank calls.

→ your inbox View report ↗
Port-scan
02:37 · last night
From: Mustvedt Sentinel

New open port detected: 3389 (RDP) on server.company.com

An automated Nmap scan found that port 3389 (Remote Desktop) is now exposed to the internet. This port is frequently used in ransomware attacks.

Recommended: Close the port or put it behind a VPN immediately.

→ your inbox View report ↗
06 //Why this matters

Why you should care

Numbers from HIBP, ENISA, and industry reports. The digital threat landscape isn’t in the future — it’s already in your inbox.

12+ bn
leaked records in public databases
73 %
of users reuse passwords across multiple services
24/7
monitoring from Sentinel — including holidays
08 //Plans

Three ways to protect yourself

Pick a monthly subscription with continuous monitoring, a one-off pen-test & recon report, or a tailored Enterprise agreement.

Monthly subscription

Sentinel PLUSS

$10/year

Continuous monitoring of domains, email, and dark web. 18 tools, 250 scans per day, AI analysis, and monthly report.

Start 7-day free trial →
No card required
One-off · launch price

Pen-Test & Recon

$449$199

Signed report in 3 business days. Active recon with 10 tools, agent-validation, and a prioritized remediation plan.

Order report →
Excl. VAT · card payment
By agreement

Enterprise

Quote

Tailored coverage for larger teams. Unlimited scale, SSO, REST API, dedicated contact, and quarterly reviews.

Request a quote →
Reply within 3 business days

All plans: hosted in Norway · EU-GDPR · A+ SSL Labs. See the full comparison →

🇳🇴
Built in Norway
Org. 937 618 719 · EU jurisdiction
🔒
A+ SSL Labs
Best-in-class SSL/TLS config
🛡
A+ Mozilla Observatory
Top security headers rating
EU-GDPR by default
No tracking, no third parties, no US-cloud
09 //FAQ

The most common questions

When a service you use gets hacked, your password leaks. Most people reuse passwords across multiple services, so a leak at LinkedIn means someone can log into your Gmail, your bank, or your work systems with the same password. Sentinel alerts you the same day a new leak hits your email — so you can change the password before anyone has time to use it.
You get an email alert when something concrete happens — not daily noise. Examples: new email breach, SSL certificate expires in 14 days, DNS change on your domain, your name appears in a new leak. Once a month you also get a summary report.
Both. The same tools, the same monitoring. Many use it personally for their own email plus a spouse’s/family’s, or as a small business for their company domain and employee addresses. VAT handling depends on country and customer type.
PLUSS is continuous monitoring, around the clock, with alerts when something changes. Pen-Test & Recon is a one-off security analysis, signed as a PDF, suitable for auditor, customer, or insurance contexts. They complement each other: many order a Pen-Test report first to document the current state, then continue on PLUSS for ongoing protection.
Three business days from order to delivered PDF in your inbox. The report is signed by Christer Mustvedt and includes 30 check points, active recon with Nmap, Nikto, testssl, gobuster, and nuclei, agent-validation of findings, and a prioritized action plan. Launch price right now is $199 (normally $449). 14 days of email follow-up included.
On a dedicated server, operated by a Norwegian company under EU/EEA jurisdiction — not in AWS, Google Cloud, or Azure. No third party has access. We have A+ on SSL Labs and A+ on Mozilla Observatory. EU-GDPR compliant by default, with a privacy policy you can actually read.
Cancel any time, directly from your dashboard — no phone queue. The subscription stops at the end of the current period. The trial is free and requires no card, so there’s zero risk in testing.
Card (Visa, Mastercard), Apple Pay, Google Pay, Klarna, and PayPal. Norwegian customers can also pay with Vipps (with automatic renewal via the Vipps app). All subscriptions can be changed or stopped from the Customer Portal.
Get started today

Ready to sleep a little easier?

Three ways in: try PLUSS free for 7 days, order a one-off Pen-Test report, or request an Enterprise quote. We’re ready when you are.

Start 7-day free trial Order Pen-Test Request a quote