Platform

One platform. Complete picture.

From assessment to quantification to compliance to board report — every step of cyber risk management in a single workflow.

Risk Quantification

Kritis Risk Engine

Quantify cyber risk across five threat scenarios using probabilistic loss modeling. The Kritis Risk Engine runs 10,000 Monte Carlo iterations to produce probabilistic loss estimates — not guesswork, not averages, but statistically defensible distributions.

  • Ransomware, data breach, BEC, insider threat, cloud misconfiguration
  • BetaPERT distributions for threat frequency, lognormal for loss magnitude
  • P10/P50/P90 confidence intervals with loss exceedance curves
  • Industry and organization size calibration
  • INR and USD support with automatic conversion

Assessment

CIS Controls v8 Assessment

69 expert-crafted questions across 8 security domains, each mapped to both CIS Controls v8.1.2 safeguards and risk factors. A single assessment feeds both your risk quantification and compliance mapping.

  • Asset management, data protection, identity & access, vulnerability management
  • Security operations, resilience & recovery, people & governance
  • 5-level maturity scale with descriptive anchors per question
  • Auto-save on every answer — no progress lost
  • Recommended responder tags and contextual help per question

Compliance

Multi-Framework Compliance Mapping

The same assessment data maps simultaneously to SEBI CSCRF and NIST CSF 2.0. See your compliance posture across frameworks without duplicate effort — with gap analysis sorted by remediation priority.

  • SEBI CSCRF 2024 — 5 domains (Governance, Identify, Protect, Detect, Respond & Recover)
  • NIST CSF 2.0 — 6 functions (Govern, Identify, Protect, Detect, Respond, Recover)
  • Per-domain compliance percentage with weighted scoring
  • Gap items with critical/high/medium priority labels
  • CIS control reference for every gap — actionable remediation

Scanner

Enterprise Attack Surface Scanner

Passive external scanning across 7 security categories using open-source intelligence tools. Discover subdomains, fingerprint technologies, detect vulnerabilities, and assess your external posture — without touching your infrastructure.

  • Subdomain discovery via passive reconnaissance (60+ data sources)
  • SSL/TLS analysis, DNS security (SPF/DMARC/DKIM), security headers
  • Vulnerability and misconfiguration detection
  • Open port scanning and technology fingerprinting
  • A-F letter grade with weighted category scoring
  • Multi-domain support — scan all your organization's domains

Reports

Board-Ready PDF Reports

One-click PDF export that combines risk quantification, compliance posture, and attack surface analysis into a single boardroom-ready document. Branded, paginated, and designed for non-technical stakeholders.

  • Executive summary with total annualized loss exposure
  • Per-scenario breakdown with P10/P50/P90 ranges
  • SEBI CSCRF + NIST CSF compliance status with gap lists
  • External security grade with category breakdown
  • Confidentiality markings and page numbering

See it in action

Start your first assessment and get quantified risk results in under an hour.

Start FreeBook Demo