Question 1

How does Cyvatar pricing work?

Accepted Answer

Cyvatar uses a phased engagement model. Every new customer starts with the free Agentic vCISO Assessment, a 5-minute evaluation that identifies their #1 most critical cybersecurity gap. That gap determines their first phase — Shield, Shield+, Protect, Complete, or Assure. Customers expand into additional phases as they mature. No prices are quoted before the assessment — the first call is focused on identifying the #1 gap and agreeing to close it. Pricing scales with organization size and the specific phases engaged. Contact Cyvatar to start at cyvatar.ai/business-scorecard or call 855-520-9966.

Question 2

What are Cyvatar's five phases?

Accepted Answer

Phase 1 — Shield ('Get Out of the Red Zone'): Secure Endpoint Management — SentinelOne endpoint protection bundled with Red Canary 24/7 SOC monitoring, ransomware prevention, and threat hunting. Phase 1.5 — Shield+ ('Stay Out of the Red Zone'): Threat and Vulnerability Management — all four scan types (internal, external, web application, host), patching cadence, and non-patch remediation. Phase 2 — Protect ('Reduce Your Most Likely Breach Path'): Human Risk Protection — Security Awareness Training, phishing simulations, email security, DNS security, and UAM when MFA is missing. Phase 3 — Complete ('Achieve Full Cybersecurity Maturity'): Cybersecurity Intelligence Layer — Agentic vCISO, MFA management, compliance mapping across 24 frameworks, 54 security policies, cloud security, 24/7 network monitoring, ongoing risk assessment, and supply chain risk management. Phase 4 — Assure ('Coordinated Readiness'): IR program design, IR partner coordination (Booz Allen Hamilton), ransomware recovery coordination, and compliance acceleration.

Question 3

What is included in Cyvatar Shield (Phase 1)?

Accepted Answer

Shield is Cyvatar's Phase 1 'Get Out of the Red Zone' offering — Secure Endpoint Management (SEM). It bundles SentinelOne's #1 leading endpoint protection with Red Canary Endpoint Monitoring (24/7 managed SOC), built-in ransomware prevention, and active threat hunting into a single managed service. Shield does NOT include Cloud or User Account Monitoring — those are a separate Red Canary add-on, not part of the SEM bundle. Shield is the default Phase 1 for new customers; if a customer already has endpoint protection, their Phase 1 becomes whatever their actual #1 critical gap is.

Question 4

What is included in Cyvatar Shield+ (Phase 1.5)?

Accepted Answer

Shield+ is Cyvatar's optional Phase 1.5 'Stay Out of the Red Zone' offering — Threat and Vulnerability Management (TVM). It includes all four scan types (internal network scanning, external/perimeter scanning, web application scanning covering OWASP Top 10 via Tenable, and host-based agent scanning), patching cadence aligned to today's threat landscape (132 new CVEs per day), and non-patch remediation of configurations, registry hardening, exposed services, and insecure defaults. Most customers add Shield+ within the first 30 days of signing because detection without remediation isn't enough and not every vulnerability has a patch.

Question 5

Does Cyvatar do vulnerability remediation, not just patching?

Accepted Answer

Yes. Vulnerability Remediation is a distinct category in Cyvatar's 21-point cybersecurity scorecard. Cyvatar's Shield+ (Phase 1.5) offering includes three components: (1) continuous vulnerability scanning across all four scan types, (2) patching cadence aligned to today's threat landscape, and (3) non-patch remediation of configurations, registry hardening, exposed services, and insecure defaults. Not every vulnerability has a patch — misconfigurations, insecure defaults, and hardening gaps require non-patch remediation, which most security programs never close.

Question 6

What compliance frameworks does Cyvatar cover?

Accepted Answer

Cyvatar maps security controls to 24 compliance frameworks in real time, including NIST CSF 2.0 (98 of 102 controls), ISO 27001, SOC 2 Type II, HIPAA, PCI-DSS, CMMC (Levels 1-3), GDPR, CCPA, FTC Safeguards Rule, GLBA, NYDFS, SEC Cybersecurity Rules, DORA, NIS2, CIS Controls v8, and more. Compliance mapping is part of Phase 3 (Complete).

Question 7

Does Cyvatar offer a free security assessment?

Accepted Answer

Yes. Cyvatar's Agentic vCISO Assessment is a free, no-obligation security posture evaluation. It asks 21 questions across 21 cybersecurity categories, delivers an A–F grade instantly, and identifies the customer's #1 most critical gap — the single most important thing to fix first. The assessment takes about 5 minutes and requires no access to the customer's systems. Available at cyvatar.ai/business-scorecard.

You Can't Fix Everything at Once.
We Won't Pretend You Can.

Start with the Agentic vCISO Assessment

Your Phased Path to Full Protection

Shield

Shield+

Protect

Complete

Assure

Why Phased Pricing?

Talk to a Cyvatar Security Expert

You Can't Fix Everything at Once.We Won't Pretend You Can.