BleedWatch
00 // ENTERPRISE

Enterprise EASM for teams that need assurance before access.

Fortress and Sentinel combine BleedWatch's external attack-surface coverage with the architecture, compliance evidence, support model, and contractual flexibility that procurement-grade buyers expect. Fortress is the enterprise self-serve tier. Sentinel is a bespoke, managed-service engagement for organizations that want autonomous validation with direct BleedWatch involvement.

Talk to salesReview trust center

Buyer fit

Built for security leads, CISOs, and procurement teams comparing EASM coverage, EU data handling, SLAs, and service ownership before an annual contract.

01 // TIER OVERVIEW

Fortress

€799/mo monthly, €639/mo annual.

Available now

Fortress is for teams that have outgrown lightweight scanning and need compliance mapping, SaintScan active validation, ServiceNow routing, a dedicated account manager, and a 99.95% uptime SLA while keeping the buying path close to self-serve.

  • 500 assets included with sub-hourly scans.
  • SOC2, PCI-DSS, DORA, and NIS2 evidence mapping.
  • Business-hour support and Slack Connect channel.

Sentinel

€1499/mo monthly, €1199/mo annual.

Talk to sales

Available by engagement only — talk to sales.

Sentinel is not a self-serve checkout tier. It is a bespoke managed-service engagement around the autonomous Sentinel agent, tuned to your authorized scope, validated with our team, and operated with 24×7 incident-response expectations.

  • Unlimited base assets with autonomous validation planning.
  • 24×7 incident response and 99.99% uptime SLA.
  • On-prem deployment available by quote after architecture review.
02 // ARCHITECTURE

Architecture & data residency.

Enterprise review starts with where data lives, how evidence is stored, and how active validation is constrained.

  • EU data residency on Hetzner infrastructure (Germany) for customer data at rest.
  • AES-256-GCM envelope encryption, with a KMS proxy mediated through Cloudflare Worker boundaries.
  • No plaintext secrets at rest: findings store hashes, redacted previews, and bounded evidence.
  • SaintScan active validation runs through the MCP gateway with allowlisted tools, scope validation, circuit breakers, and immutable audit logs.
Read MCP gateway architecture →
03 // COMPLIANCE

Compliance evidence for regulated teams.

  • SOC2 controls mapping in progress, target Q3 2026.
  • ISO 27001 readiness target 2027.
  • PCI-DSS control mapping for payment-adjacent public surfaces.
  • NIS2 and DORA evidence chains for incident, supplier, and operational-resilience review.
  • RGPD/GDPR handling, RoPA available, and DPA/sub-processor documentation ready for procurement.
04 // SLA & SUPPORT

Service commitments.

Fortress carries a 99.95% SLA with business-hour support and escalation. Sentinel carries a 99.99% SLA, 24×7 incident response, and tighter operational review before launch.

05 // CUSTOM CONTRACTS

Contracts that match enterprise review.

  • Annual MSA and DPA review.
  • Current sub-processor list and change-notification terms.
  • Mutual NDA for references, architecture review, and sensitive scope discussions.
  • Custom retention and deletion windows.
  • On-prem deployment for Sentinel only, scoped and priced by quote.
06 // REFERENCES

Reference access.

Available under reciprocal NDA after a discovery call. We keep references gated because enterprise findings, architecture diagrams, and remediation outcomes can expose sensitive security posture even when anonymized.

Talk to sales