PHYPHYIniciar sesión

8 módulos. Una sola plataforma.

Cada módulo opera como tenant aislado. Per-(tenant, agent) semaphores, rate limits per AI provider, lifecycle cleanup completo al borrar tenant.

EASM (External Attack Surface)

Descubrimiento continuo: subdominios via CT logs + DNS brute + Censys + crt.sh. CVE correlation con NVD/EPSS/KEV. Cross-tenant resolver. Wildcard DNS detection.

  • Discovery Orchestrator multi-source
  • Per-phase activity watchdog (auto-advance)
  • 44 agents (12 con IA, 32 deterministic)
  • Threat news feeds (CISA + MITRE + 35 plugins)

Compliance 360 (GRC)

Multi-framework: adoptá ISO 27001, SOC 2, NIST CSF, PCI DSS, HIPAA, GDPR/LGPD/Ley 25.326. Reusá controles SCF (Secure Controls Framework) para cubrirlos todos.

  • Test-once-comply-many con SCF mapping
  • Evidence ESG (immutable audit trail)
  • Audit by PHY (continuous assessments)
  • Total Compliance multi-framework dashboard

AI Governance

ISO 42001 readiness. Confidence Agent que re-pondera severidad por industria + crown jewel + threat intel. FP Learning con vector embeddings cosine 0.80-0.92 per tenant.

  • Confidence Agent (Claude Haiku 4.5)
  • Proactive Research (CVE/threat-actor research)
  • Per-(tenant, agent) AI provider override
  • Real-time feedback loop (analyst → next scan)

TPRM + Vendor Risk

Gestión de proveedores con scan equivalente al primary domain. Action plans colaborativos (cliente ↔ vendor). Portal vendor con score, capabilities, comments, FP propose.

  • Vendor scorecard real (no homogéneo)
  • Action plans con state machine 6-estados
  • Promote vendor → sub-tenant (license tiers)
  • Inbound requirements (provider POV)

Threat Intelligence

35 plugins de fuentes públicas + privadas. IOCs (abuse.ch, OTX, AbuseIPDB, Spamhaus, IPsum). Surface intel (crt.sh, Certstream, urlscan). Sandbox (Hybrid Analysis, ANY.RUN).

  • 21 plugins TI + 5 surface intel + 2 sandbox
  • TTPs/Advisories (CISA, MITRE, Tenable, Qualys)
  • Industry threat news (clasificado per-vertical)
  • Asset intel (Censys + Shodan)

EYE — Eye Risk Manager (ERM)

Cyber risk quantification con FAIR. Loss distribution, ALE histogram, P90 thresholds. Risk register conectado al framework de compliance.

  • FAIR-based quantification
  • Loss distribution histogram
  • Risk register integrado
  • Connect to ISO 27001 controls

Pentesting + Code Analysis

Integración con módulos de pentest manual + análisis estático de código (SAST). Container Security + Cloud Security para infra moderna.

  • Pentest engagements + reportes
  • AutoFix con LLM (PR draft generator)
  • Container security scanning
  • Cloud Security posture (AWS/GCP/Azure)

Reportes ejecutivos (CEO/Board)

Templates configurables (CEO, Board, Auditor, Técnico). Branding & logo per-tenant. Narrativa AI con sonnet-4. Export PDF.

  • Templates per-tenant editables
  • AI narrative (Claude Sonnet 4)
  • Logo + branding override
  • Distribución scheduled

¿Te interesa una demo guiada por nuestro equipo?

Solicitar demo