Skip to content

Exposure intelligence

RAIDSEC

Finds a company's external surface, shows what belongs to it and why, and separates real risk from noise.

Request early accessSee the screens
RAIDSEC Command Center

Exposure Debt

18.4

-12% MoM

Signals

247

18 strong

Group scope

36

confirmed

Open cases

7

2 at risk

Top material risk

Exposed admin consolecritical
Missing security headersmedium
Certificate driftlow

Signal sources

GitHub82%
urlscan64%
SecurityTrails48%

4 filas

Operational Signal Feed

MRS

Material risk with proof

Grupo

Group and holding expansion

Casos

A signal becomes a case

The product

Discovery, scope and signals in one workspace.

RAIDSEC brings CTEM, ASM/EASM and CTI into one workspace per client. What ties it together is the chain signal → scope → proof → score → action, on the same screen.

Scope

Manual, inferred and confirmed scope for groups, holdings, brands, domains and targets. Ownership comes with the evidence behind it.

Signal Inbox

Observed signals, hunt pivots and analyst-declared threats, split into four work queues.

Material risk

MRS, Exposure Debt, proof level, ownership and priority on one screen.

Mobilization

A signal becomes a target, watchlist, threat or case, and that flows straight into the rest of the operation.

Who it's for

Three roles, the same engine.

Each role uses RAIDSEC differently, but it all comes from the same place: ownership, proof, priority and action.

CISO / security leadership

  • Scorecard with data freshness and a 90-day trend
  • Risk prioritized by evidence, not by volume
  • A report you can send to the board without translating it

SOC / threat intel

  • Signal Feed in four work queues
  • Hunt pivots ready to become a query
  • Promote a signal to target, case or threat in one click

Risk / compliance

  • Ownership with evidence you can trace
  • Group and holding scope with the reason for each inclusion
  • Audit trail and post-fix validation

How it works

From the company to the action.

The adoption flow is designed to produce results in the first week, without a long rollout project.

01

Onboarding by name

You enter the company name. The engine suggests primary domain, brands, holding and related targets. You confirm or adjust them in Scope Manager.

02

Continuous discovery

DNS, Certificate Transparency, WHOIS/RDAP and web fingerprint run on a schedule. A change in the surface comes in as a signal.

03

Signal Feed

The analyst reads the signals, hunt pivots and declared threats, and promotes each one to target, watchlist, threat or case.

04

Scorecard and report

Leadership follows the scorecard with freshness and trend. Report Studio generates the executive report and exports it as HTML.

Screens

The product screens.

Below, the real screens: workspace, Signal Feed, Scope Manager, scorecard and Report Studio.

Operational workspace

Avg MRS

31.8

Freshness

OK

Cases

3

Risk by severity

crit
high
med
low

Top risks

Public admin consoleMRS
Leaked repo referenceMRS
Group asset driftMRS

Signal Feed in four queues

Observed

strong

GitHub code hit with tenant domain

Hunt pivot

pivot

Query prepared for monitoring

Manual

input

Threat declared by the analyst

Tracking

monitoring

Active watchlist from the signal

Group and holding, with reason

Manual

12

Inferred

24

Confirmed

8

Same corporate root

high confidence

Generates new signals, watchlists and queries from the relation.

Parallel domain with a CT signal

medium confidence

Generates new signals, watchlists and queries from the relation.

Accepted related brand

medium confidence

Generates new signals, watchlists and queries from the relation.

Executive report

Executive summary

Bigger surface, material risk under control.

The report covers scope, ownership, evidence, score and recommendations without becoming a technical dump.

Template

Board

Export

HTML

How we think about it

Knowing what belongs, why it belongs and what to do.

Five questions an exposure program has to answer. RAIDSEC answers all five in one workspace, with the proof next to it.

  1. 1

    What belongs to the client

    Domains, subdomains, brands, holding and parallel assets, discovered automatically.

  2. 2

    Why it belongs

    Each asset carries its evidence: same corporate root, CT signal, confirmed related brand.

  3. 3

    What actually matters

    MRS and Exposure Debt separate material risk from noise, based on proof.

  4. 4

    What changed on the surface

    Near real-time signals: a new subdomain, an issued certificate, exposed code.

  5. 5

    What to do now

    Promote the signal to target, watchlist, threat or case, with an SLA and an owner.

For operations

The signal already comes with the next step: target, watchlist, threat or case. Less loose searching.

For leadership

Scorecard, trend, material risk and the executive report in one place.

For the market

Explainable ownership and group expansion are harder to copy than a dashboard.

Security and privacy

A security platform takes care of its own data.

In pre-launch, with continuous security review. The points below have been there since the project started.

Multi-tenant isolation

Every query scoped by tenant_id. One client's data never crosses into another's session.

Encryption

TLS in transit; encryption at rest for the database and backups.

RBAC

Role-based permissions, with operate, read and administer kept separate.

Audit trail

Sensitive actions logged with actor, scope, time and context.

Privacy / LGPD

Defined Data Protection Officer, defined legal basis, retention and deletion on demand.

Non-intrusive discovery

Discovery from public sources (OSINT). We don't scan assets without authorization.

Privacy Policy

Questions

What people usually ask.

Is RAIDSEC already in commercial production?

No. It's in pre-launch, with early access for the first partners. The product already runs and is useful day to day, but the roadmap is still open.

How do you discover assets without client credentials?

External discovery via DNS, Certificate Transparency, WHOIS/RDAP, web fingerprint and OSINT. No internal client access to get started.

Is scope only what the client enters by hand?

No. The engine suggests parallel domains, brands and related assets, always showing why. The analyst accepts or rejects each one.

How does the LGPD part work?

Multi-tenant isolated by tenant_id, defined Data Protection Officer, configurable retention and deletion on demand. The detail is in the Privacy Policy.

Can I test before signing?

Yes. There's a guided demo for the first early-access partners. Ask at contato@raidsec.com.br.

Does it integrate with SIEM, SOAR or ticketing?

Today there's an external ticket link per case. Native integration with Jira, Linear, Slack and SIEM is on the near roadmap.

Which languages does it support?

Brazilian Portuguese and English, with dark mode in both.

Where is the data stored?

During pre-launch, controlled infrastructure in a Brazilian environment. Dedicated and on-premises deployment are on the roadmap for those who need it.

Next step

See the platform or ask for early access.

Pre-launch, with limited early-access spots.

Ask for a demoRequest early access