Products
Subscriptions for the security work that doesn't fit a project.
A pen test answers a question once. Three Pentiq subscriptions answer it continuously - across exposure, exploitability, and adversary readiness. Pick one, stack two, or run all three.
Vulnerability Scanning
“What's vulnerable?”
Managed CVE-mapped scanning across external and internal IPs. Recurring exposure list, prioritised, with practical remediation guidance.
- • External or internal IP scope
- • Monthly cadence, transparent per-IP pricing
- • Findings dashboard + auditor friendly exports
From £80/month at 50 IPs
See Vulnerability Scanning →CSAS
“What's actually exploitable?”
Continuous Security Assurance. Three tiers from autonomous external validation to programme-level governance with manual pen tests, executive review, and compliance mapping.
- • Visibility, Resilience, Assurance tiers
- • Autonomous testing + Pentiq consultant time
- • Customer-, auditor-, and board-ready evidence
POA - three tiers, scoped to your estate
See CSAS →Red Team Subscription
“Would we notice if someone really came at us?”
An adversary on retainer. Scenarios run on a quarterly cadence - phishing-led, assumed breach, ransomware objective - with detection-and-response debriefs.
- • 4 scenarios per year (Standard) or 6 (Plus)
- • Defender-focused debriefs, not just findings
- • Scenario library: phishing, AD abuse, insider, ransomware
POA - based on scenario depth and scope
See Red Team Subscription →Compare
Three products. Three different questions.
The right product depends on what your customers, auditors, and insurers are asking right now - and how mature your defensive programme is.
| Feature | Vulnerability Scanning | CSAS | Red Team Subscription |
|---|---|---|---|
| Question answered | What's vulnerable? | What's actually exploitable? | Would we notice an attack? |
| Primary cadence | Monthly scans | Monthly testing + manual pen tests | Quarterly scenarios |
| Depth of testing | CVE-mapped scanning | Autonomous attack validation + manual testing at higher tiers | Objective-driven adversary simulation |
| Who it's for | IT teams needing recurring CVE visibility | Security and IT teams answering customer / auditor / board questions | Mature programmes ready to test detection and response under pressure |
| Starting price | From £80/month (50 IPs) | POA | POA |
| Minimum commitment | 12 months | 12 months | 12 months |
How they stack
Most teams build the programme up over time.
You don't need all three on day one. Start where the pressure is loudest, and add the next product when the next question shows up.
Start with exposure visibility
Most teams start with Vulnerability Scanning - recurring CVE coverage across external IPs, low operational overhead, predictable price.
Add exploitability evidence
When customers, auditors, or insurers start asking what's actually exploitable, CSAS Visibility extends scanning into validated attack chains. Higher CSAS tiers add Pentiq consultant time and manual pen tests.
Test detection and response
Once defensive controls are in place, the Red Team Subscription tests whether they actually work - by running the kinds of scenarios real attackers run, on a continuous cadence.
Products vs Services
Programmes are subscriptions. Engagements are projects.
Pentiq Products are continuous, retained, and priced as subscriptions. Pentiq Services are one-off, scoped engagements - pen tests, red team operations, social engineering campaigns. Most clients run a mix; we'll help you pick the right shape.
Get started
Not sure which product fits? Tell us what your customers are asking.
Most enquiries get a same working day response from a Pentiq consultant. We'll talk through your pressures and tell you honestly which product - or combination - makes sense.