External Attack Surface Management

See what changed on your accounts before your competitors do.

CipherCue tracks every account in your CRM daily: exposed services, new subdomains, software changes, certificate movements. Your reps get a reason to call, delivered into HubSpot or Attio.

See a 30-minute walkthrough 30 minutes. We bring three of your accounts to the call. Design partners only.

CISA-listed software observed

Authority-cited matches, every day

We match observed tech stacks against the CISA KEV catalogue daily. Every match shows the CVE, the authority entry date, and the subdomain where the software was detected.

Tech stack changed

New tools on the perimeter

A new CDN, a new auth provider, a new analytics SDK. Observable signals of platform shifts that often precede or follow security and procurement decisions.

New services appeared

Attack surface expanded overnight

New subdomains in certificate transparency logs, freshly exposed ports, new TLS certificates. Detected within a day of appearing.

What we observe, daily

Every tracked entity receives a daily observation pass. We do not predict, score, or grade. We record what any internet user could observe, store it over time, and surface observed changes against the previous day's snapshot.

Subdomain inventory sourced from public certificate transparency logs.
CISA KEV matches against detected technologies, with the published authority entry date.
DNS and email policy changes (SPF, DKIM, DMARC, MX shifts).
Tech stack composition: CMS, frameworks, CDN, analytics, auth providers.
Exposed credentials and tokens in publicly served JavaScript bundles.
TLS certificate issuance events from public CA logs.

Example observation as it appears on an entity record: a CISA KEV match shows the affected subdomain, the matched software and version, the KEV catalogue entry date, and the link to the upstream authority source.

Authority: CISA KEV catalogue, entry dated 2025-04-12 · Subdomain: assets.example.com

How CipherCue compares to BitSight, Shodan, and other alternatives

CipherCue is in early access — we are recruiting design partners now. No pricing page yet. Talk to us about what you actually need.

	CipherCue	Incumbent EASM BitSight, SecurityScorecard, CyCognito	Free scanners Shodan, Censys
Continuous monitoring of your account list			ad-hoc lookups
Asset discovery subdomains, exposed services, ports			no diff over time
KEV / CVE matches as buying signals	daily, with source link	rolled into a score	raw data only
Change tracking over time diff vs yesterday, per account		portfolio score, not per-account	no history
Delivered into your CRM HubSpot, Attio	native events	portal-first	API only

Methodology

How we observe, what we record, and how to read each observation.

Read methodology →

Scanning posture

How our scanners identify themselves, our timing, headers, and standards adherence.

Read scanning policy →

Opt-out

Any entity can opt out via DNS TXT record or email. Honoured within seven days.

Opt-out instructions →

Who CipherCue is built for

Cybersecurity vendor sales teams who need observed changes on every account in their CRM.
vCISOs and fractional CISOs tracking the public posture of a portfolio of clients.
MSPs and MSSPs producing daily client briefings backed by cited authority.
In-house security teams monitoring subsidiaries, suppliers, and acquired entities.

See it on your own accounts

30 minutes. We pick three accounts from your CRM and show you what we have observed about them over the last 30 days.

Full name

Company

Work email

Your role

Team size

What are you trying to do? (pick all that apply)

Find breach leads before competitors Monitor existing pipeline for security signals Build infrastructure reports for client conversations Understand a prospect's tech stack before a call Other

Anything else? (optional)