SENTRY Pulse

SENTRY Pulse is Armorstack’s continuous attack surface management service. Every 24 hours it maps your external-facing digital footprint — domains, subdomains, exposed ports, cloud storage, certificates, DNS configurations, third-party SaaS with your brand on it, leaked credentials, and executive impersonation — and flags net-new exposures within the same day. The difference between Pulse and a traditional quarterly penetration test is continuity: attack surface changes daily (a developer spins up a cloud bucket, a marketing vendor stands up a campaign site, an employee’s personal laptop exposes a shared drive), and point-in-time testing misses everything that appeared after the test window closed.

Pulse is operated by Armorstack’s SENTRY SOC, which means findings aren’t dumped into an email — they’re triaged by a human analyst, prioritized against your actual environment (a critical CVE on an asset you own matters; the same CVE on a third-party you don’t control is different), and escalated based on pre-defined playbooks. Clients receive weekly exposure summaries and immediate alerts for anything that crosses a severity threshold.

Pulse is designed for organizations that (a) have a growing or opaque external footprint — classic signs include multiple business units with independent web teams, recent M&A, heavy SaaS adoption, or a subsidiary structure; (b) are a target for business email compromise, executive impersonation, or brand abuse (any mid-market firm with meaningful revenue qualifies); (c) need demonstrable continuous-monitoring evidence for frameworks like SOC 2 CC7, PCI-DSS 11, or HIPAA security rule audit controls. Organizations that outsource IT and never see the full asset inventory often get the most value — Pulse surfaces what the MSP hasn’t told them about.

A Pulse subscription includes: (a) complete external attack surface discovery baseline in week one; (b) 24-hour recurring discovery cycles with same-day alerting on new exposures; (c) exposed-credential monitoring across known dark web and criminal forum sources (30-90 day early warning on credential leaks before account takeover); (d) domain and brand abuse monitoring (typosquatting, phishing kits, fake social profiles impersonating executives); (e) certificate expiration tracking and renewal alerts; (f) monthly executive exposure report; (g) weekly technical remediation digest for the IT team; (h) integration with your ticketing system (Jira, ServiceNow, Freshservice) so findings flow into existing workflows; (i) 24/7 SOC analyst coverage for alerts that require human triage.

Pulse is priced by asset count and scope. Essentials covers one primary domain + dark web credential monitoring, targeting organizations under 250 employees. Business includes multiple domains, SaaS inventory, and executive impersonation monitoring for mid-market organizations with significant brand exposure. Enterprise adds M&A-grade subsidiary coverage, API-based integrations, and a named SOC analyst. All tiers include baseline discovery, continuous monitoring, and weekly digests. Monthly pricing runs $1,500-$8,500 depending on tier and scope, with no setup fees and month-to-month terms.