# deriskfy

> deriskfy, built by Under Protection, is a SaaS cybersecurity risk management platform that turns exposure into product-grade clarity. It combines self-assessment scoring, attack surface monitoring, evidence-backed governance, and remediation roadmaps into a single operating view — enabling security leaders, GRC teams, IT operations, and executive stakeholders to act on risk in the same workspace where decisions happen.

## What deriskfy does

deriskfy solves a structural problem in cybersecurity programs: risk data is scattered across spreadsheets, audit reports, and disconnected tools. The platform integrates four pillars:

1. **Assessment and benchmarking** — Organizations run structured questionnaires, generate a measurable posture score, and compare performance against market, sector, and portfolio benchmarks. Results are board-ready in under 5 minutes.
2. **Evidence-backed governance** — Every control score is traceable. Users attach documents, screenshots, and internal references directly to controls, keeping governance reviews and audit conversations grounded in proof rather than memory.
3. **Attack surface monitoring** — The platform continuously monitors domains, IPs, email posture (SPF/DKIM/DMARC), TLS certificates, and visual change detection (deface watch), providing external exposure signals alongside internal posture data.
4. **Actionable remediation roadmap** — Findings translate into a prioritized roadmap with impact, speed, effort, and side-effect tradeoffs visible for each recommended action.

## Target audience

- **Security leaders** — CISOs and security managers who need an operating view that connects risk score to action and can be shared with boards.
- **GRC teams** — Governance, Risk, and Compliance professionals running assessment cycles, managing evidence, and coordinating audit readiness.
- **IT operations** — Technical teams responsible for infrastructure hygiene, firewall policy, and remediation execution.
- **Executive stakeholders** — CTOs, CEOs, and board members who need clear, defensible risk communication without raw technical output.

## Core differentiators

- A single workspace connects scores, evidence, scans, and actions — no context switching between tools.
- "Reads like a product, not a consulting handoff" — workflow-centric design rather than report-centric output.
- Privacy controls scale with the plan: self-serve experimentation to enterprise adoption with SSO, RBAC, and maximum privacy.
- Human-in-the-loop validation available on Advanced and Enterprise plans — experts validate documents, recommendations, and technical tests.
- Third-party signed certificates recognized for audits, executive briefings, and compliance workflows.

## Platform capabilities

- Executive scorecards with benchmark views
- Attack surface and external exposure monitoring
- Domain, IP, email security, and certificate hygiene scanning
- Firewall configuration upload and analysis
- Checklist and activity management linked to assessment controls
- Questionnaire workflows (including NIST framework support)
- Risk, threat, and vulnerability management
- Recommendation and remediation roadmap generation
- PDF report generation and certificate sharing
- Customer project dashboards for portfolio management
- RBAC, SSO, and advanced audit log exports (Enterprise)

## Pricing (as of 2025)

| Plan         | Price (monthly)          | Key capabilities |
|--------------|--------------------------|------------------|
| Free         | US$ 0                    | Self-assessment, limited scans |
| Basic        | US$ 119.90 (US$ 49/yr)   | Continuous use, core monitoring |
| Intermediate | US$ 149.90 (US$ 59.90/yr)| Higher asset volume |
| Advanced     | US$ 719.90 (US$ 299.90/yr)| Human-in-the-loop, 3rd-party certificate |
| Enterprise   | Custom                   | RBAC, SSO, maximum privacy, custom SLAs |

Data usage: Free/Basic/Intermediate plans may share data with partners and use it for training/statistics. Advanced: no partner sharing. Enterprise: statistics-only, maximum privacy.

## Frequently asked questions

**What is the difference between Free, Basic, Intermediate, Advanced, and Enterprise?**
Mainly scale, human validation, and enterprise controls. Free and Basic start self-assessment with limits. Intermediate unlocks higher volume and continuous use. Advanced adds human-in-the-loop and third-party signed certificates. Enterprise includes SSO, RBAC, advanced logs, and maximum privacy.

**What does "human-in-the-loop" mean?**
Experts validate documents, recommendations, or technical tests. Available on Advanced and Enterprise, it increases confidence in scores and evidence.

**Is the certificate recognized by third parties?**
Yes. On Advanced and Enterprise, the certificate is third-party signed — beyond self-declared assurance — for audits, executive briefings, and compliance workflows.

**What data is used and how does privacy work?**
On Free, Basic, and Intermediate, data may be shared with partners and used for model training and statistics. On Advanced, there is no partner sharing. On Enterprise, privacy is maximum, with statistics-only sharing where applicable.

**Does the platform replace a SOC or consultants?**
No. deriskfy is a platform for risk visibility, maturity, and evidence-backed governance. For continuous operations, incident response, or specialized consulting, Under Protection can complement as needed.

**Can I use deriskfy with more than one framework?**
Yes. The platform is flexible and can be adapted to different assessment models. Advanced adjustments and customizations are part of Advanced and Enterprise plans.

**Can I share results with leadership or auditors?**
Yes. You can generate executive PDF reports, share certificates, and track progress across assessment cycles.

**Does Enterprise include corporate integrations?**
Yes. Enterprise includes SSO, RBAC, advanced logs (CSV/Syslog), and integrations depending on contracted scope.

## Company

**Under Protection** is the company behind deriskfy. It provides product strategy, security expertise, and operational rigor combined into one platform.

- Website: https://deriskfy.com
- Sales: comercial@underprotection.com.br
- Support: suporte@underprotection.com.br
- Affiliate program: https://deriskfy.com/affiliate

## Key pages

- [Platform overview and pricing](https://deriskfy.com/home)
- [Start for free](https://deriskfy.com/register)
- [Affiliate program](https://deriskfy.com/affiliate)
- [Terms of use](https://deriskfy.com/terms-of-use)