Managed Security
Security is not a one-time event. It is a continuous practice.
Sherlock Forensics offers ongoing security services including monthly penetration testing retainers, continuous vulnerability monitoring, recurring phishing simulation at $3 per user per month via BaitAndPhish.com, annual security reviews and incident response retainers with priority SLA. These services provide continuous security coverage between annual assessments.
A single penetration test gives you a snapshot of your security posture on one day. Threats evolve daily. New vulnerabilities are disclosed weekly. Your codebase changes with every sprint. Ongoing security services close the gap between annual assessments and give you continuous visibility into your risk profile.
Services
Monthly or quarterly penetration testing on a retainer basis. Each cycle targets a defined scope: new features, recently deployed infrastructure or rotating segments of your environment. Retainer clients receive priority scheduling and discounted per-engagement rates compared to one-time orders.
Automated scanning runs on a defined schedule against your external and internal infrastructure. New vulnerabilities are identified as they appear in CVE databases. You receive alerts when critical findings are detected rather than waiting for the next annual assessment. Monthly reports track your remediation progress over time.
Monthly phishing campaigns through BaitAndPhish.com at $3 per user per month. Realistic templates that mirror current threat actor tactics. Click tracking, credential harvest monitoring and automated reporting. Track employee security awareness trends over quarters and years.
A comprehensive annual engagement that combines penetration testing, policy review, configuration audit and risk assessment. Produces a year-over-year comparison of your security posture. Meets compliance requirements for PCI DSS, SOC 2, ISO 27001 and other frameworks that mandate annual assessment.
Pre-negotiated incident response with a priority SLA. When a breach occurs, retainer clients receive immediate access to our forensic investigation team. Pre-approved rates, pre-established communication channels and a defined response timeline eliminate the delays that occur when you are scrambling to find a responder during an active incident.
Monthly blocks of advisory hours for architecture review, threat modelling, security policy development and ad-hoc questions. Your team gets direct access to a CISSP-ISSAP certified security advisor without the overhead of a full-time hire.
Pricing Overview
| Service | Pricing Model | Cadence |
|---|---|---|
| Pentest Retainer | Discounted per-engagement rate | Monthly or quarterly |
| Vulnerability Monitoring | Monthly subscription | Continuous |
| Phishing Simulation | $3/user/month | Monthly campaigns |
| Annual Security Review | Fixed annual fee | Annually |
| Incident Response Retainer | Annual retainer with priority SLA | On-demand with guaranteed response |
Frequently Asked Questions
Related
Network, application, cloud and red team penetration testing aligned to PTES and OWASP standards.
Emergency forensic investigation and incident response for active security breaches.
Security risk assessment, policy development and compliance advisory services.
Get Started
Start with a one-time penetration test or discuss a managed security retainer.
Order OnlineTell us about your environment, compliance requirements and security objectives. We will propose a retainer that provides continuous coverage without overcommitting your budget.
Call 604.229.1994