Skip to content
Independent Security Assessment

Know exactly where your security stands.

AstraLink Verify is a phased assessment programme for small and mid-sized organisations. We measure your real security posture across identity, cloud, network, endpoints, and your people, then hand you documented evidence, a ranked fix list, and a clear path to audit-ready.

What is AstraLink Verify

Vendor-neutral. Evidence-based.
Human-scale.

An assessment built to give you the real picture, not a sales pitch.

Vendor-neutral

We test against open standards (MITRE ATT&CK and CIS Controls) and hand you the findings. No obligation to buy anything else, including from us.

Evidence-based

Every finding is documented, screenshotted, and mapped to a control. Proof, not opinions.

Human-scale

Built for organisations your size, not a giant enterprise framework dropped on a 20-person firm.
The problem we solve

Most SMBs have security gaps they can't see.

You can't fix what nobody has measured. Or prove it.

You pay for security tools, but have no independent proof they're configured correctly, or even working.

Endpoint protection guards individual computers. Your network layer goes unexamined and exposed.

Your people are the biggest variable. Phishing, weak passwords, and shadow IT go untested until a breach.

Insurers and enterprise clients now want documented security posture. Verbal assurances no longer pass.
$200K

Average ransomware demand on a small business

FBI IC3
43%

Of all cyberattacks target small businesses

VERIZON DBIR
60%

Of small businesses close within 6 months of an attack

NATIONAL CYBER SECURITY ALLIANCE
Programme Overview

Four phases. One clear path.

Each phase delivers standalone value while preparing you for the next.

P0
PHASE 0 5 working days

Security Baseline

A measurable starting point across identity, cloud, external exposure, and endpoints. We review your current posture, document what's working, and identify the gaps.

What you get
Identity hygiene report Cloud config assessment External exposure scan Endpoint baseline
P1
PHASE 1 10 working days

Vulnerability & Workforce

Scan the estate, then test how your people hold up against real attacks. We find the weak spots in your infrastructure and your team's awareness.

What you get
Internal/external VA Web app baseline Phishing simulation results Live awareness training
P2
PHASE 2 15 working days

Penetration Testing

Adversarial testing: what's genuinely exploitable, and how far it goes. Our team attempts real-world attacks to measure your actual resilience.

What you get
Internal pentest External pentest Web app assessment Wireless testing Retesting included
P3
PHASE 3 4 weeks + retainer

Compliance & Assurance

Move from project-based security to a sustainable, audit-ready posture. We build the documentation and processes that keep you ready.

What you get
Framework gap assessment Policy suite Risk register Continuous monitoring setup
Optional alongside any phase

Fractional CISO Services

Senior security leadership on demand: strategy, board reporting, and programme oversight. Available alongside any phase or as a standalone engagement.

Inquire for pricing Book a scoping call →

Bundled programme pricing available. Final scope and pricing are confirmed after a short scoping call.

What you walk away with

Clarity. Documentation. Confidence.

A written security baseline

Documented evidence of your current posture, what's working and what isn't. No more guessing.

Prioritised risk roadmap

A ranked list of what to fix first, with quick wins marked. Bounded cost, bounded timeline.

A more resilient workforce

Staff who've been tested and trained, not just handed a PDF policy to sign.

Insurer- & client-ready docs

The documented evidence carriers and enterprise prospects increasingly require.

Ongoing visibility

Monthly monitoring catches new exposures before they become incidents.

Independent validation

Confirmation that your existing security tools are actually configured correctly and working.
What we need from you

Read-only access. No surprises.

All access is read-only. We never change your environment without explicit written approval. We work under a mutual NDA, every scanning window is agreed in writing in advance, and all findings are transmitted over encrypted channels only.

Active Directory: read-only Microsoft 365 / Entra ID: Global Reader Google Workspace: security & audit read 5 sample endpoints: local admin equivalent External attack surface: passive; you confirm scope
Investment

Right-sized security. Scoped to you.

Pricing depends on your size, footprint, and which phases you take. Engage a single phase, or commit to the full path with milestone-based invoicing.

PHASE 0

Security Baseline

Baseline hygiene across identity, cloud, external exposure, and endpoints.

Inquire for pricing Book a scoping call →
Recommended PHASE 1

Vulnerability & Workforce

Internal/external VA, web app baseline, phishing simulation, live awareness training.

Inquire for pricing Book a scoping call →
PHASE 2

Penetration Testing

Full-scope manual pentest: internal, external, web app, wireless. Retesting included.

Inquire for pricing Book a scoping call →
PHASE 3

Compliance & Assurance

Framework gap assessment, policy suite, risk register, continuous monitoring.

Inquire for pricing Book a scoping call →

Bundled programme pricing available. Final scope and pricing are confirmed after a short scoping call.

Next steps

Three steps to get started.

01

Confirm scope & starting phase

Start at Phase 0 alone, or commit to the full path. Both are available.

02

Sign NDA & engagement letter

Standard mutual NDA, scope confirmed. We issue the kickoff pack within 5 business days.

03

Provide read-only access

Using the access checklist above. Your IT and tenant admins coordinate directly with our team.
Vendor-neutral Evidence-based Mapped to MITRE ATT&CK & CIS Mutual NDA Houston-based

Find your starting point.

A short scoping call tells us where you stand and which phase fits. No deck.

Book a scoping call →