UpGuard Core

UpGuard Pricing

UpGuard Core
UpGuard CyberRisk
UpGuard BreachSight

I want to stop configuration drift and automate compliance.

saas

Contact Us

Contact us for pricing. We exclusively sell UpGuard Core through partners.
Feature Securely Hosted
Feature No software installation required
Feature Managed and monitored by experts
Only for 150+ licenses
contact sales

on premises

Contact Us

Contact us for pricing. We exclusively sell UpGuard Core through partners.
Feature Securely Hosted
Feature No software installation required
Feature Managed and monitored by experts
Feature Agent or agentless
Only for 150+ licenses
contact sales

I want to prevent data breaches, assess my vendors, and monitor my third party risk.

smb

$ 79 USD per vendor per month
$ 199 USD per month base subscription
Feature Unlimited users
Feature Alerting
Feature 1 instant report per vendor purchased see FAQ
buy now

enterprise

$ 349 USD per vendor per year
$ 3,588 USD per year base subscription
Feature Unlimited users
Feature Alerting
Feature 1 instant report per vendor purchased see FAQ
Feature Assessments
Minimum 50 vendors
contact sales

I want to continuously discover my publicly exposed data including PII, credentials, and source code.

White Glove

Contact Us

For pricing details, including a sample disclosure, contact us below.
Feature Dedicated analyst
Feature Real-time notifications
Feature 3rd and 4th party mediation
talk to an expert

Features

Unlimited users
1 instant report per vendor purchased (see FAQ)
Ratings for every organization worldwide
24 hr refresh rate
CSV & PDF export
Unlimited users
1 instant report per vendor purchased (see FAQ)
Ratings for every organization worldwide
24 hr refresh rate
CSV & PDF export
Alerts
Assessment questionnaires
SSO
Add-ons (BreachSight)

Security Checks

Encryption
Domain hijacking
Vulnerabilities
Email fraud
Malware reputation
Cross-site scripting
Open ports
DNS authentication
Encryption
Domain hijacking
Vulnerabilities
Email fraud
Malware reputation
Cross-site scripting
Open ports
DNS authentication
Security and privacy program
Physical office security
Physical data center security
Infrastructure policies
Software development practices

FAQ

Can I trial CyberRisk?

CyberRisk may be trialed free of charge for seven days, after which billing begins.

Can I upgrade from SMB to Enterprise?

Yes, please contact us to discuss upgrading your account to gain the benefits of the Enterprise package.

What is an instant report?

CyberRisk offers the capability both to continuously monitor the risk posture of your vendors and to generate reports on their risk posture at a single point in time. Instant reports are these point in time assessments.

How does instant reporting work?

An instant report is the complete CyberRisk report for a vendor. Once you select access to an instant report for a particular vendor, you can come back any time during the next thirty days to see that report. For each vendor you purchase, you get access to one instant report per thirty day period. At the end of thirty days, the vendors you selected as instant reports are reset, giving you the opportunity to select new ones. These instant reports do not impact your score, and we do not continuously monitor them as we do if you add a vendor. This feature is great for competitive research as well as assessing vendors for procurement.

What's the difference between SMB and Enterprise?

CyberRisk for SMB can be purchased with a credit card online and is billed monthly. It is designed for organizations who need to monitor their own external footprint or for those who just want to monitor vendors without advanced features.
CyberRisk for Enterprise is billed annually and provides all of the features of SMB as well as additional features for enterprise deployments like Assessment Questionnaires, Single Sign-on, Technical Account Managers, and more.

How do you ensure the security of my payment information?

For all credit card transactions we use Stripe as our payment processor. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.Click here to learn more about Stripe

You have a great deal of information about corporate technology weaknesses. What are you doing to keep this information away from bad actors?

We actively screen all companies and individuals that sign up for CyberRisk. We have automated processes to identify risk factors and trigger examination by our security team. For ongoing risk detection, CyberRisk's internal event auditing detects and alerts us to behavior indicative of malicious behavior. We also subject our products and our operating infrastructure to routine penetration tests and security audits. We aim to continuously improve our security practices; if you have suggestions, please send them to hello@upguard.com

Can I subscribe to your product if I am in a sanctioned country?

No, we are headquartered in the United States and abide by all laws regarding doing business with sanctioned countries. To check whether you are in a U.S. sanctioned country, please consult this list.

Do you run a bug bounty program?

We routinely run a bug bounty via Bugcrowd. We also directly accept and act on all reported security issues. If you believe you’ve discovered a bug in UpGuard’s security, please get in touch at security@upguard.com (optionally using our general PGP key). We will respond as quickly as possible to your report. We only request that you follow our example in disclosure and not publicly disclose the issue until it has been addressed by our Security Team. We may offer a reward at our discretion; however, we will only award the first person to responsibly disclose a bug to us. You must also ensure that your testing does not violate any laws, have a destructive effect on our services, or place any personal data at risk.

Does UpGuard have a partner program?

Yes, UpGuard has a partner program called "UpGuard CyberEdge." Discounts are only offered to official partners for UpGuard Core.. For more information signup here.

I’m from a huge, prestigious company. How about a discount?

No. Our software has been built from the ground up allowing us to offer it at a fair, competitive price to all companies, regardless of their name or size. One of our core beliefs is that the generally poor state of data security worldwide is due in part to the fact that most cybersecurity and risk solutions are priced out of reach for many small-to-midsize companies, while larger companies receive perks or price cuts for their patronage.
This practice ultimately hurts everyone. Our mission is to enable any business to improve its cyber risk posture and our products are already priced accordingly. Contact us to discuss whether you qualify for volume discounts. Please be courteous and professional with our sales and customer success teams and we will reciprocate with exceptional service and assistance through any technical issue.

Does UpGuard offer any discounts?

UpGuard offers volume discounts; contact us to discuss your licensing needs and the applicable discounts. Our goal is to make our software available to companies of all sizes. Our products start at just $199 per month to monitor a single company's external security surface (websites, certificates, apps, domains, etc). When we do offer prices we build discounts directly into the public pricing so there's no uncertainty around what you're buying and how much it costs.

Are there any discounts for government organizations?

No. Government organizations licensing UpGuard products are required to purchase standard commercial licenses.

Are there any discounts for academic institutions?

Academic pricing is available to qualified academic institutions for UpGuard's Core product. Contact us to discuss your eligibility.

Features

Automated Daily Crawling
50+ Custom Data Sources
Unlimited Keyword Support
Enhanced Crawling Statistics (coming soon)
Detection for Passwords, API Keys, Certificates, Email Addresses, PII
Dedicated CyberRisk Analyst
Dedicated Direct Support Number
3rd and 4th Party Attribution
Monthly Report Check-in

FAQ

What constitutes a keyword?

A keyword for your organization could be a product name, your company name, your holding company’s name, a project name or even a company image. You do not need to provide generic keywords like “password.” These are built into the BreachSight engine.

What types of things do you look for?

We look for a variety of different types of data: passwords, API keys, email addresses, certificates, general PII, and source code just to name a few.

Do you track the dark web?

No we don't; all of the discoveries we've made are available on the public internet, and are typically found through our processes without using hackers or aggressive penetration testing techniques. Our goal is to stop data exposures before they lead to breaches and information trading on the dark web.

Do you disclose to the media any of the breaches you've found through BreachSight?

No, we do not. It's our customers responsibility to disclose disclosures to relevant authorities.

Can I subscribe to the product If I am in a U.S. sanctioned country?

No.

Can I subscribe to BreachSight if I don't have a CyberRisk account ?

No, the data used in CyberRisk enhances BreachSight by providing a baseline of keywords that increase accuracy.

Can I contest a finding?

Of course. Attribution is often one of the main challenges that our cyber risk analysts face when working with discovered data sets. Working with companies who are BreachSight customers provides an effective and confidential method for analysts to work directly with the people who can confirm or guide data attribution.

Will anyone else see this data?

No, We do not share BreachSight data within our platform with other companies or customers. Our multiparty disclosure methods are built specifically to allow for multiple parties to be aware of their implication in a breach without compromising other affected entities.

Will breachsight findings affect our CSTAR score?

Yes, findings for which you were directly responsible could affect your score. If your data was leaked by a third party, however, it will instead reflect on their score.

Do you integrate with other GRC or Risk suites?

Yes, we have an open API that can enhance third party datasets. Please contact us to discuss how you would like to integrate.

All UpGuard Core contracts are billed annually.

Delivery Method

Hosted in Google Cloud Platform
AMI
OVA
HyperV

Features

CIS benchmarks
Change auditing
200+ integrations
Configuration search
Custom policies
File integrity monitoring
SSO
CIS benchmarks
Change auditing
200+ integrations
Configuration search
Custom policies
File integrity monitoring
SSO

Deployment

Agent deployment
Agentless deployment
Agent deployment
Agentless deployment

Cloud

Cloud instances
Cloud services
AWS, Azure, GCE
Cloud instances
Cloud services
AWS, Azure, GCE

FAQ

What operating systems does Core support?

Core supports Windows, Linux, and Unix variants. For a complete listing, including network devices and applications, see our support site or contact us.

What is the difference between hosted and on-premises?

Both deployment options offer the same capabilities. Hosted instances are securely hosted in Google Cloud Platform. UpGuard can be deployed on-premises as a virtual appliance as an AMI, OVA, or other format.

What integrations does Core have?

Core's extensive APIs and event system make it simple to integrate with any external system to push and pull any data. For example, UpGuard integrates with Nessus to gather vulnerability data and with JIRA to create tickets for remediation of security violations.

Can I subscribe to your product if I am in a sanctioned country?

No, we are headquartered in the United States and abide by all laws regarding doing business with sanctioned countries. To check whether you are in a U.S. sanctioned country, please consult this list.

Do you run a bug bounty program?

We routinely run a bug bounty via Bugcrowd. We also directly accept and act on all reported security issues. If you believe you’ve discovered a bug in UpGuard’s security, please get in touch at security@upguard.com (optionally using our general PGP key). We will respond as quickly as possible to your report. We only request that you follow our example in disclosure and not publicly disclose the issue until it has been addressed by our Security Team. We may offer a reward at our discretion; however, we will only award the first person to responsibly disclose a bug to us. You must also ensure that your testing does not violate any laws, have a destructive effect on our services, or place any personal data at risk.

Does UpGuard offer any discounts?

UpGuard offers volume discounts; contact us to discuss your licensing needs and the applicable discounts. Our goal is to make our software available to companies of all sizes. Our products start at just $199 per month to monitor a single company's external security surface (websites, certificates, apps, domains, etc). When we do offer prices we build discounts directly into the public pricing so there's no uncertainty around what you're buying and how much it costs.

Are there any discounts for government organizations?

No. Government organizations licensing UpGuard products are required to purchase standard commercial licenses.

Are there any discounts for academic institutions?

Academic pricing is available to qualified academic institutions for UpGuard's Core product. Contact us to discuss your eligibility.

Does UpGuard have a partner program?

Yes, UpGuard has a partner program called "UpGuard CyberEdge." Discounts are only offered to official partners for UpGuard Core.. For more information signup here.