Trustivum: Security
Penetration testing and continuous security monitoring for compliance-conscious organizations — orchestrated by Trustivum's 14-stage scan pipeline and a network-locked Sentry appliance.
- Product
- Trustivum: Security
- Industry
- Security services / pentesting
- Type
- Owned MMC product
About the project
Trustivum: Security is the security-services half of the Trustivum platform. Where Compliance runs the paperwork, Security runs the actual scans — external penetration tests on demand, and ongoing monitoring through a small appliance that lives on the customer's network.
The on-demand pentest is a fully-orchestrated 14-stage pipeline: passive recon, active discovery, vulnerability scanning, and AI-generated executive summaries. The customer comes in through a self-service flow on the website — scoping, terms, payment, e-signed SOW — and the platform takes care of the rest, with a Trustivum analyst reviewing the findings before the report ships.
For customers who want continuous monitoring, the Trustivum Sentry is a small pre-configured appliance that ships to the customer’s site. It joins a Trustivum-managed private overlay network and polls the orchestrator for scan jobs — so the customer never opens an inbound port and a stolen device is useless off-network.
Mad Monkey Creative designed and built the whole stack: the pentest orchestrator, the Sentry firmware, the customer-facing scoping and signing flows, the AI report generator, and the hosted platform it all runs on.
Project goals
- Make external pentests bookable like SaaS — scope, sign, pay, get a report
- Standardize the scan pipeline so quality is consistent across engagements
- Use AI to draft the executive summary so the analyst spends time on the technical review
- Offer continuous monitoring through hardware that customers can't accidentally misconfigure
- Tie security findings back to the compliance program in the same Trustivum workspace
- Stay legally tight: SOWs are e-signed, authorization is the first thing checked before any scan runs
Services used
Product & Design
- Pentest pipeline design (14 stages, scope-split logic)
- Sentry appliance hardware + provisioning flow
- Customer self-service scoping and SOW flow
- Report design and AI summary tone
- Services marketing site and lead capture
Build & Run
- Scan orchestrator with integrations across industry-standard discovery, network, and web-application assessment tooling
- Sentry agent firmware and self-update channel
- OpenSign integration for SOW signing
- Stripe integration for engagement payment
- Hosted infrastructure with audit-log archive
Screenshots
More of the product in action — click any thumbnail to open the full image.
Technologies & platforms
- Multi-stage scanning pipeline — network, web, and application-layer coverage
- Industry-standard vulnerability assessment tooling across each layer
- Compiled edge agent — on-prem Sentry appliance for internal scans
- Network-locked transport between Sentry appliances and the orchestrator
- Anthropic Claude — executive summary generation
- OpenSign — SOW e-signature flow
- Stripe — engagement payment processing
- Containerized deployment on managed infrastructure
Visit Trustivum: Security
See the live product and how it works.