Products
Subscriptions for the security work that doesn't fit a project.
A pentest answers a question once. Three Pentuk subscriptions answer it continuously - across exposure, exploitability, and adversary readiness. Pick one, stack two, or run all three.
Vulnerability Scanning
“What's vulnerable?”
Managed CVE-mapped scanning across external and internal IPs. Recurring exposure list, prioritised, with practical remediation guidance.
- • External or internal IP scope
- • Monthly cadence, transparent per-IP pricing
- • Findings dashboard + auditor friendly exports
From £80/month at 50 IPs
See Vulnerability Scanning →CSAS
“What's actually exploitable?”
Continuous Security Assurance. Three tiers from autonomous external validation to programme-level governance with manual pentests, executive review, and compliance mapping.
- • Visibility, Resilience, Assurance tiers
- • Autonomous testing + Pentuk consultant time
- • Customer-, auditor-, and board-ready evidence
POA - three tiers, scoped to your estate
See CSAS →Red Team Subscription
“Would we notice if someone really came at us?”
An adversary on retainer. Scenarios run on a quarterly cadence - phishing-led, assumed breach, ransomware objective - with detection-and-response debriefs.
- • 4 scenarios per year (Standard) or 6 (Plus)
- • Defender-focused debriefs, not just findings
- • Scenario library: phishing, AD abuse, insider, ransomware
POA - based on scenario depth and scope
See Red Team Subscription →Compare
Three products. Three different questions.
The right product depends on what your customers, auditors, and insurers are asking right now - and how mature your defensive programme is.
| Feature | Vulnerability Scanning | CSAS | Red Team Subscription |
|---|---|---|---|
| Question answered | What's vulnerable? | What's actually exploitable? | Would we notice an attack? |
| Primary cadence | Monthly scans | Monthly testing + manual pentests | Quarterly scenarios |
| Depth of testing | CVE-mapped scanning | Autonomous attack validation + manual testing at higher tiers | Objective-driven adversary simulation |
| Who it's for | IT teams needing recurring CVE visibility | Security and IT teams answering customer / auditor / board questions | Mature programmes ready to test detection and response under pressure |
| Starting price | From £80/month (50 IPs) | POA | POA |
| Minimum commitment | 12 months | 12 months | 12 months |
How they stack
Most teams build the programme up over time.
You don't need all three on day one. Start where the pressure is loudest, and add the next product when the next question shows up.
Start with exposure visibility
Most teams start with Vulnerability Scanning - recurring CVE coverage across external IPs, low operational overhead, predictable price.
Add exploitability evidence
When customers, auditors, or insurers start asking what's actually exploitable, CSAS Visibility extends scanning into validated attack chains. Higher CSAS tiers add Pentuk consultant time and manual pentests.
Test detection and response
Once defensive controls are in place, the Red Team Subscription tests whether they actually work - by running the kinds of scenarios real attackers run, on a continuous cadence.
Products vs Services
Programmes are subscriptions. Engagements are projects.
Pentuk Products are continuous, retained, and priced as subscriptions. Pentuk Services are one-off, scoped engagements - pentests, red team operations, social engineering campaigns. Most clients run a mix; we'll help you pick the right shape.
Get started
Not sure which product fits? Tell us what your customers are asking.
Most enquiries get a same working day response from a Pentuk consultant. We'll talk through your pressures and tell you honestly which product - or combination - makes sense.