How we work
No house methodology. No partial credit.
Windows
Linux
macOS
SEKKO, our scanning agent, gathers configuration evidence without touching production. It doesn't require downtime, and doesn't need us on-site.
- Non-intrusive configuration checks — no exploitation, no service disruption
- One pass covers your whole environment, not a sample of it
- No agent left behind — nothing persists once the scan window closes
Every strategy is scored strictly against the ACSC's own Essential Eight maturity levels — zero to three. A single missing control drops the whole strategy to Level 0. That's not us being harsh. A real attacker doesn't give partial credit either, and neither should an assessment that's actually trying to tell you the truth.
There's no upsell built into the process. We don't soften a score to make a sales conversation easier, because we're not having one — we don't sell the remediation work.