DNS & email hygiene
SPF, DKIM, DMARC alignment, MX exposure, CAA records, sub-domain takeover risk — graded against industry baselines.
SOC Mission Control · Continuous External Monitoring
Know how attackers see you. Before they do.
Continuous external scans across DNS, TLS, web headers, exposed services, web vulnerabilities and leaked credentials. Every domain you own and every vendor you depend on — scored A → F, alerts the moment posture drops.
● No agents, no installs
● First scan in 60 s
● Free for one domain
Why Everwatch
Six scanning factors. One composite score. Zero installs.
External-only signals from Certificate Transparency, passive DNS, port scans, nuclei templates, and breach corpora. We never touch your infrastructure.
TLS / SSL posture
Expired certificates, weak ciphers, deprecated protocols, mixed-content endpoints, wildcard leakage — every host you expose, every week.
HTTP headers & web vulns
HSTS, CSP misconfig, frame options, open redirects, SQLi, XSS, outdated libraries — driven by a continuously-updated nuclei template set.
Exposed services
Open ports, banner-grabbed services, internal admin panels reachable from the public internet — surfaced before someone else finds them.
Vendor risk monitoring
Watch every supplier you depend on. Get alerted the moment Auth0, Stripe, your CDN, or your data processor drops a grade.
Real-time alerts
Score drops, new critical findings, score recoveries — delivered in-app or by email, webhooks coming soon. No daily-digest noise.
How it works
Three steps. First score under a minute.
01 · ADD
Drop in your domain
Add your-domain.com or any vendor's domain. No agents to install, no DNS records to add.
02 · SCAN
Six factors, one score
Continuous external probes across DNS, TLS, headers, ports, vulns, and leaked creds. Recomputed weekly, on-demand any time.
03 · ACT
Triage critical findings
Waive accepted risk, mark remediated, download a PDF report for the auditor. Trend recorded for 90 days.
Pricing
Start free. Scale when you have a portfolio.
All tiers include the full scanning stack. Higher tiers unlock more scorecards, faster scan cadence, and team seats.
Free
Starter
$0 / month
- 1 self-managed domain
- 3 vendor scorecards
- Weekly automatic scans
- 90-day trend history
- Email alerts
Most popular
Team
$49 / month
- 10 self-managed domains
- 50 vendor scorecards
- Daily scans + on-demand
- 1-year trend history
- PDF reports
- 5 team seats
Enterprise
Enterprise
Custom
- Unlimited scorecards
- Hourly scan cadence
- Webhooks & SIEM integrations
- SLA & dedicated support
- SSO + audit log
- Unlimited seats
FAQ
Frequently asked
How does Everwatch generate a security score?
Continuous external scans across six dimensions — DNS & email, TLS hygiene, HTTP headers, exposed services, web vulnerabilities, and leaked credentials — composited into a single 0–100 score graded A through F.
Do I need to install anything?
No. Everwatch is an external observer — every signal is gathered from public sources (Certificate Transparency, passive DNS, port scans, nuclei probes, public breach corpora). Nothing runs on your infrastructure.
Is the free tier really free?
Yes. One self-managed domain plus three vendor scorecards, scanned weekly, no credit card required. Upgrade only when your portfolio outgrows it.
How is this different from Bitsight, SecurityScorecard, UpGuard?
Comparable signals, but built for engineers — Everwatch ships an OpenAPI-typed REST API, on-demand re-scans, and PDF reports straight to your auditor without a sales call.
Can I export the scan results?
Yes. PDF reports per scorecard, JSON via the API, and webhooks for score-change events (Team and Enterprise tiers).