Continuous monitoring · Mesh-locked appliance

Pentest the inside of your network
on a schedule.

Trustivum Sentry is a drop-in appliance that joins our private mesh network and runs continuous nmap, nuclei, and SMB scans inside your LAN. Findings stream into your portal with severity, CVSS, and remediation. No inbound firewall holes. No agent on every endpoint.

Compare SKUs ↓ Talk to an analyst →
2 locks
private mesh + bearer token, AND'd
0 inbound
firewall holes on customer side
~30s
poll cadence; jobs picked up live
Trustivum Sentry — slim aluminum-cased Raspberry Pi appliance with the Trustivum mascot etched on top.
How it works

Three steps from box to first scan.

Sentry ships ready to go. The customer plugs it in, the analyst configures the scan windows, the platform does the rest.

STEP 01

Plug it in.

Ethernet + USB-C power. The Sentry boots, joins the Trustivum private mesh network via an outbound encrypted tunnel, and registers with the orchestrator. ~3 minutes.

STEP 02

Submit the scoping form.

Customer fills out subnets, scan windows, restricted hosts, incident contact, and a typed authorization signature in the portal. Analyst reviews and approves.

STEP 03

Findings stream in.

Sentry polls the orchestrator. New / changed / resolved findings show up in the portal as the scan completes — de-duplicated by stable key, with severity, CVSS, and remediation.

Choose your tier

Four ways to use Trustivum.

Start with the one-shot external pentest if you just need an audit deliverable. Move up the tiers as you want continuous coverage and internal-network visibility.

SKU 1

One-Time External

The original Trustivum pentest. External-only, audit-credible, $2,495 flat.

  • External pentest
  • Internal network
  • Recurring scans
  • Sentry hardware
  • Branded PDF report
  • SOC 2 / HIPAA mapping
  • Free retest within 30 days
Learn more →
SKU 2

Continuous External

Continuous perimeter monitoring run by Trustivum's analyst-operated scanner platform. No on-site appliance required.

  • External pentest baseline
  • Internal network
  • Recurring scans
  • On-site Sentry appliance
  • Findings dashboard
  • Manual retest on request
  • SOC 2 control evidence
Talk to us →
SKU 3 · Most popular

Continuous Total

External + internal continuous monitoring. On-site Sentry appliance for the life of the subscription, returns when you cancel.

  • External pentest baseline
  • Internal network
  • Recurring scans
  • On-site Sentry appliance
  • Findings dashboard
  • Manual retest on request
  • SOC 2 + HIPAA evidence
Talk to us →
SKU 4

Deep One-Time

One-shot internal + external pentest. On-site Sentry appliance ships, runs, and returns. For audits that demand internal coverage.

  • External pentest baseline
  • Internal network
  • Recurring scans
  • On-site Sentry (returns after scan)
  • Branded PDF report
  • Free retest within 30 days
  • SOC 2 + HIPAA evidence
Talk to us →
Security model

Two AND'd locks. No exceptions.

A security tool that ships customers gear has to hold itself to a higher bar than the threat models it's helping you escape. We have two independent locks on every Sentry → Trustivum communication. Both must hold.

1

Network: private mesh membership.

The Trustivum orchestrator's scanner API endpoints only resolve and accept connections from inside the dedicated Trustivum Sentry private mesh network — a separate, isolated overlay from any other Trustivum infrastructure.

  • WireGuard encrypts the transport, defense in depth on top of TLS.
  • The Sentry mesh can't reach Trustivum customer-data planes — blast-radius isolated.
  • A stolen Sentry on any other network has nowhere to send.
2

Application: per-Sentry bearer token.

Every Sentry has a unique bearer token. The orchestrator stores a SHA-256 hash; the plaintext lives only on the Pi at /etc/sentry-agent/env (root-owned, mode 0600).

  • Token rotation is a single admin API call — recovery from a lost Pi is seconds, not hours.
  • Per-scanner sliding-window rate limit on poll/report endpoints.
  • Every /scanner/* request audit-logged with scanner ID + source IP + outcome.
— logical AND —

Mesh membership without a token: 401. Token without mesh access: nowhere to connect. Both factors must be present and valid simultaneously. This is the design philosophy, not an opt-in feature.

FAQ

Frequently asked questions.

What's actually inside a Sentry?
A Raspberry Pi 5 (8 GB) running Raspberry Pi OS Lite, locked into a slim aluminum case. Tools onboard: nmap, masscan, nuclei (with up-to-date CVE templates), smbclient, jq. The Sentry agent itself is a single statically-linked Go binary. No customer data is stored on the Pi — it's a stateless polling client; everything goes back to the orchestrator.
Will Sentry's scans break things?
Sentry uses standard nmap timing profiles (-T4 max), respects customer-supplied scan windows, and skips any IP / CIDR the customer adds to the restricted-hosts list during scoping. We deliberately exclude DoS, brute-force, and exploitation modules from the recurring scan profiles; nuclei is run with CVE / exposure / default-login templates only. If a host genuinely can't tolerate any scanning at all (some industrial / IoT gear can't), it goes on the restricted-hosts list during scoping.
What's the difference between Continuous External and a free vulnerability scanner?
A free scanner returns a CSV. Continuous External returns SOC 2 evidence: every recurring scan has a signed scan-authorization on file, runs on the same platform an analyst uses for full pentests, produces findings tagged with MITRE ATT&CK technique IDs and CWE IDs, and includes a manual retest path when the customer believes a finding is fixed. The findings stream is auditor-acceptable on its own, and any single point in time can be exported as a branded PDF.
How does pricing work?
SKU 1 is $2,495 flat. SKUs 2 / 3 / 4 are sold by quote — pricing depends on subnet count, scan cadence, and (for SKU 3) subscription length. We can usually quote within a business day after the scoping conversation. The Sentry appliance is always Trustivum-managed; the customer never sees a hardware line item.
What happens if a customer cancels a SKU 3 subscription?
The Sentry stops running scans immediately on cancel; the customer ships the Pi back in the original box with the prepaid return label. Findings history stays in the customer portal as long as the customer's account is active, so they retain audit evidence even after canceling the subscription.
Can I expand a Sentry deployment to multiple sites?
Yes. Each site gets its own Sentry; each Sentry is a separate device in the orchestrator with its own bearer token and capability set. Findings are tagged with the originating Sentry, so multi-site customers can filter "findings from the HQ Sentry" vs "findings from the DR Sentry" in the portal.

Want to see it in action?

Request a scoping call. We'll walk through your network, the right SKU for your audit posture, and ship a Sentry inside a week if Continuous Total is the fit.

Request a scoping call →