Question 1

What is the Cyber Exposure Snapshot?

Accepted Answer

The Cyber Exposure Snapshot (CES) is a one-time external reconnaissance report for Australian businesses. Using only publicly available information, it identifies email, web, and network exposures visible to attackers, then delivers a branded PDF report by email.

Question 2

How does CES compare to a penetration test?

Accepted Answer

A manual penetration test typically costs A$10,000 to A$15,000 and takes days or weeks. The Cyber Exposure Snapshot costs A$399 and covers external reconnaissance only (email impersonation risk, web and application exposure, network perimeter review). No systems are accessed or tested. It is passive reconnaissance using publicly visible information only.

Question 3

How long does delivery take?

Accepted Answer

Average delivery time is around 45 minutes from payment. The worst-case service level is 3 hours.

Question 4

What does the report include?

Accepted Answer

An email impersonation risk assessment (SPF, DKIM, DMARC), a web and application exposure scan, a network perimeter review for unexpected open ports or services, and a full PDF with prioritised remediation steps written in plain English.

Question 5

Are any of my internal systems accessed during the scan?

Accepted Answer

No. The Cyber Exposure Snapshot uses passive reconnaissance techniques only. No credentials are used and no internal systems are accessed or tested. Only publicly available information that any attacker could see on the internet.

Question 6

Can I scan a government domain?

Accepted Answer

No. Government domains such as .gov and .gov.au are not supported. The service is intended for Australian private-sector businesses.

Question 7

Is the Cyber Exposure Snapshot suitable for compliance audits such as ISO 27001, SOC 2, or the Essential Eight?

Accepted Answer

The Cyber Exposure Snapshot is not a formal audit deliverable for frameworks like ISO 27001, SOC 2, or the ACSC Essential Eight, which typically require an accredited assessor. However, the findings and remediation guidance help organisations prepare for these audits by surfacing issues such as missing DMARC, weak TLS configuration, or exposed services that auditors commonly flag. Many customers use CES as a low-cost baseline before commissioning formal compliance work.

Question 8

What scanning tools and data sources does Cyber Node use?

Accepted Answer

Scans combine industry-standard OSINT tools and data sources: Shodan for internet-exposed services, Hunter.io for email-domain intelligence, Have I Been Pwned for breach and credential exposure, Certificate Transparency logs for subdomain discovery, nmap for external port review, sslscan for TLS configuration, and httpx for web-application fingerprinting. All sources are publicly available and no credentials are used.

Question 9

Can I request a scan for a domain I do not own?

Accepted Answer

No. The Cyber Node terms of service require you to own the domain you request a scan for, or to have explicit authorisation from the domain owner. Although the scan only uses passive reconnaissance and publicly available information, requesting an assessment implies authorisation. Government domains and certain bare consumer top-level domains are blocked regardless.

Question 10

Is the report AI-generated?

Accepted Answer

The report narrative, prioritisation, and remediation language are generated using Claude, Anthropic's large language model, working from a structured set of findings produced by deterministic scanning tools. The raw findings (ports, DNS records, certificates, exposures) come from the scanners, not the model. Reports are reviewed by Cyber Node before delivery to ensure accuracy and relevance.

Question 11

How is my data handled and how long is it stored?

Accepted Answer

Only publicly visible information about the domain is collected: no credentials, no internal-system data. Scan results and the PDF report are retained so the report can be re-sent if requested, but can be deleted on request. Customer email addresses used for delivery are held in line with Cyber Node's privacy policy. Contact security@cybernode.au to request deletion.

Question 12

Is the Cyber Exposure Snapshot a subscription?

Accepted Answer

No. CES is a one-time purchase of A$399 per scan. There is no recurring charge, no subscription, and no auto-renewal. Customers can purchase another snapshot at any time as a fresh assessment, for example to verify that remediation has been effective.

Question 13

Can Managed Service Providers (MSPs) use CES to assess their clients?

Accepted Answer

Yes. MSPs and IT consultancies commonly use the Cyber Exposure Snapshot to baseline client environments, audit their own remediation work, or produce a rapid external-exposure assessment during client onboarding. Each purchase covers one domain. For multi-domain or ongoing MSP arrangements, contact security@cybernode.au.

Question 14

What happens if the scan fails?

Accepted Answer

Scans may fail if the domain does not resolve publicly, resolves to a private or internal IP, or is a blocked top-level domain (such as .gov or .gov.au). If a scan fails due to a technical issue on Cyber Node's side after payment, contact security@cybernode.au. The scan will be rerun or a full refund issued.

It used to take a hacker.
Now it takes a prompt.

// Trusted by Australian organisations

The cost of doing nothing

Move from passive to proactive.

// What A$399 gets you

// What our clients say

// What happens after your report?

Knowing about a risk and not acting on it is worse than not knowing at all.

Enter your verification code

It used to take a hacker. Now it takes a prompt.