6 Technology & Threats — Pillar 3

You cannot protect what you cannot see. Asset intelligence and threat visibility start here.

786 Cyber maps your digital footprint, prioritises vulnerabilities by real-world exploitability, and monitors external threats targeting your organisation — giving you the intelligence to act before attackers do.

Start free — no credit card needed Speak to an expert
Applies to: All businesses with a digital footprint  ·  Cloud-hosted organisations  ·  MSPs managing client infrastructure

Why visibility matters

Most organisations are attacked through assets they didn't know they had or vulnerabilities they didn't know were exposed.

Shadow IT, forgotten subdomains, misconfigured cloud storage, and unpatched legacy systems are the entry points that attackers find before you do. Technology & Threats gives you the visibility to find them first — and the context to prioritise what matters.

What organisations can't see hurts them
Unknown assets: Cloud instances spun up for a project and never decommissioned, subdomains created by a developer that point to unconfigured infrastructure, SaaS tools used by teams without IT's knowledge — each one is an unmonitored entry point.
Unpatched vulnerabilities: The average time to exploit a newly published CVE is now under five days. Without systematic vulnerability scanning and prioritisation, organisations are reactive — patching after exploitation, not before.
Dark web exposure: Credentials from past breaches — company email addresses and passwords — are actively sold and used in credential stuffing attacks. Most organisations have no visibility of what data about them is circulating.
Brand impersonation: Typosquatted domains, fake social media profiles, and phishing sites impersonating your brand are increasingly common. Without monitoring, these are discovered by customers or employees — after damage is done.
What complete visibility delivers
Reduced attack surface: A complete, current asset inventory enables you to decommission forgotten infrastructure, patch exposed services, and eliminate the unknown entry points that most breaches exploit.
Prioritised remediation: Not all vulnerabilities are equal. 786 Cyber prioritises findings by real-world exploitability and business impact — so your team focuses on what matters most, not what has the highest CVSS score.
Early warning intelligence: Threat intelligence feeds, credential breach monitoring, and dark web alerts give you advance warning of threats before they become incidents — transforming your posture from reactive to proactive.
Framework compliance: Asset management and vulnerability scanning are explicit requirements in Cyber Essentials, ISO 27001, PCI-DSS, NIS2, and NIST CSF. 786 Cyber maps every control to the relevant framework automatically.

"The organisations that recover fastest from security incidents are never the ones that were most surprised. They're the ones that had the most visibility — of their assets, their vulnerabilities, and the threats targeting them."

What you get

Three modules. Complete technology and threat visibility.

Modules 3, 5, and 6 together give you a unified view of your asset landscape, vulnerability queue, and external threat environment.

3
Module 3

Asset Intelligence & Management

Live ✅
  • 🖥️

    Internal asset registry

    Devices, servers, mobile endpoints, IoT, and cloud instances — all catalogued with owner, location, and business criticality rating.

  • 🌐

    External attack surface mapping

    Domains, subdomains, and externally exposed services — continuously monitored for new exposure.

  • ☁️

    Cloud misconfiguration detection

    S3 buckets, Azure blob storage, and cloud services scanned for public exposure and misconfiguration.

  • 📊

    PCI scope identification

    Cardholder data environment tagged and scoped — essential for PCI-DSS compliance and audit preparation.

5
Module 5

Vulnerability Management

Phase 3 — Q3 2026
  • 🔍

    Internal CVE scanning

    Operating systems, applications, and configurations scanned against the NVD and CVE databases — findings explained in plain English.

  • 📋

    CIS Benchmark alignment

    Security configuration gaps identified against CIS Benchmarks — showing exactly what needs hardening and how.

  • Risk prioritisation matrix

    Vulnerabilities ranked by exploitability, business impact, and live exposure — not just CVSS score. Focus on what actually matters.

  • 🔧

    Remediation playbooks

    Step-by-step guidance for every finding — links to patches, configuration guidance, and verification steps.

6
Module 6

Threat Intelligence & External Monitoring

Phase 3 — Q4 2026
  • 🌑

    Dark web monitoring

    Company name, domain, executive names, and brand mentions monitored across dark web forums and marketplaces.

  • 🔑

    Credential breach detection

    HaveIBeenPwned integration — continuous monitoring for company email addresses appearing in breach databases.

  • 🌐

    Domain monitoring

    Typosquatting, phishing infrastructure, and brand impersonation domains detected and alerted in real time.

  • 🔬

    VirusTotal & Shodan integration

    Malware analysis, URL reputation, and external infrastructure exposure monitored continuously.

🏷️

Tech & Threat controls are tagged to compliance frameworks

Vulnerability scanning, patch management, and asset management are explicit requirements in Cyber Essentials, ISO 27001, PCI-DSS, and NIS2. 786 Cyber maps every control — so implementing a vulnerability scan progresses multiple frameworks simultaneously.

domain:asset control:vulnerability-scan framework:cyber-essentials framework:iso27001 framework:pci-dss framework:nist-csf

Platform features

Technology and threat visibility available today — advanced scanning and dark web monitoring coming in Phase 3 (Q3–Q4 2026).

🔑

Credential breach monitoring

HaveIBeenPwned integration — free tier available now. Check company domains for exposed credentials in known breach databases.

🔬

VirusTotal URL & domain checks

Real-time malware and URL reputation analysis — available now via the free VirusTotal API tier.

🏷️

Control tagging to frameworks

Patching, asset management, and vulnerability controls tagged to CE, ISO 27001, PCI-DSS, and NIST CSF — progress multiple frameworks with every action.

📊

Risk score

An overall risk score that reflects your technology posture — updated as controls are implemented and threats are detected.

📬

Monthly threat summaries

Monthly reports covering vulnerability status, patch coverage, threat alerts, and outstanding technology controls — delivered automatically.

🏢

MSP multi-tenant dashboard

Surface technology risk and threat alerts across every client from one dashboard — coming Phase 3 (Q4 2026) with the full MSP portal.

Framework coverage

Frameworks with significant technology and asset requirements.

UK · Mandatory

Cyber Essentials

Patch management and malware protection are two of the 5 CE control categories. Both require asset visibility.
International

ISO 27001

Annex A.8 (Asset Management) and A.12 (Operations) require documented asset inventory and vulnerability management.
Payment

PCI-DSS

Requirements 6, 11, and 12 require vulnerability scanning, penetration testing, and complete asset inventory for the cardholder data environment.
US / International

NIST CSF

The Identify and Detect functions are heavily dependent on asset visibility and threat monitoring capabilities.

See your attack surface clearly.

Start with credential breach monitoring and your asset management controls — available now in the platform.

Start free — no credit card Speak to an expert Browse compliance frameworks →

For MSPs: enquire about the partner programme →