EXTERNAL SECURITY ASSESSMENT

See your business exactly the way
an attacker sees it.

40+ security checks. OSINT surface mapping. Typosquatting detection. Industry benchmarking. Remediation verification. Plain English report delivered in 48 hours.

40+

CHECKS RUN

Every external attack surface.
Nothing skipped.

Most services run a handful of generic checks. Blueshield runs 40+ named, documented tests across 6 categories and reports on every single one.

🖥

Attack Surface

8 CHECKS

Full port scan (all 65,535 ports)

Exposed service identification

RDP exposure (port 3389)

VNC / remote access exposure

Admin panel public accessibility

SMB (file share) exposure

SSH brute-force surface

Cloud storage public access (S3/Azure)

📧

Email Security

6 CHECKS

SPF record presence & enforcement

DKIM configuration & key strength

DMARC policy & enforcement level

Live spoofability test

BIMI record check

MX record security validation

🔒

SSL / TLS / Certificates

6 CHECKS

SSL certificate expiration

TLS 1.0 / 1.1 enabled (deprecated)

Weak cipher suite detection

Certificate transparency log check

Mixed content warning detection

HSTS (HTTP Strict Transport Security)

🔍

DNS & Domain

6 CHECKS

DNS zone transfer test

Subdomain enumeration

Dangling DNS / subdomain takeover

Domain expiration check

WHOIS privacy exposure

CAA record validation

💥

Breach & Dark Web

5 CHECKS

Employee email breach check (847+ databases)

Company credential dark web scan

Password hash exposure check

Paste site monitoring

Leaked API key detection

📋

Web App & Headers

7 CHECKS

Content-Security-Policy header

X-Frame-Options (clickjacking)

X-Content-Type-Options

Referrer-Policy header

CMS detection & version exposure

Third-party script risk scan

IP reputation (60+ threat intel feeds)

⭐

Exclusive Checks — No Competitor Offers These

8 EXCLUSIVE

Typosquatting domain detection

OSINT attack surface mapping

Social engineering surface analysis

Tech stack exposure via job postings

Industry peer risk benchmarking

Remediation verification (re-check after fix)

GitHub / public repo credential leak scan

Executive & employee OSINT profile

WHY BLUESHIELD IS DIFFERENT

8 things no competitor does
at any price.

SecurityScorecard charges $500/month and still doesn't do most of these. Blueshield does all of them starting at $299.

EXCLUSIVE TO BLUESHIELD

🎯

Typosquatting Domain Detection

We check whether attackers have registered domains that look like yours to phish your clients and employees. Thousands of variations checked: character swaps, homoglyphs, added hyphens, different TLDs.

acme-corp.com registered 14 days ago — active phishing site mimicking your login page → CRITICAL

EXCLUSIVE TO BLUESHIELD

🕶️

OSINT Attack Surface Mapping

We map everything an attacker learns about your business before touching your network: Google results exposing internal documents, job postings revealing your tech stack, public breach data, and Shodan device exposure.

Your job posting reveals: AWS, QuickBooks, Salesforce, WordPress 6.4 — full attacker pre-engagement profile built in 30 minutes

EXCLUSIVE TO BLUESHIELD

👥

Social Engineering Attack Surface

We identify your employees on LinkedIn, their roles, email patterns, and publicly available information a phisher would use to craft a convincing spear-phishing attack targeting your specific team.

CFO John Smith — LinkedIn: announced vacation last week — predictable email format j.smith@ — high BEC risk profile

EXCLUSIVE TO BLUESHIELD

📊

Industry Peer Benchmarking

Your risk score compared against anonymized data from similar businesses in your industry and size category. Know where you stand relative to your peers, not just against a generic benchmark.

Your score: C (52) — Healthcare SMB average: D+ (38) — Top quartile: B (71) — You are above average but below best-in-class

NO COMPETITOR OFFERS THIS

✅

Remediation Verification

After you fix a finding, tell us and we re-check that specific item within 24 hours and confirm the fix is in place. Your risk score updates in real time as you work through the list.

You fixed: DMARC policy added → we verified: p=reject confirmed live → score updated: C → B

TWO FORMATS, ONE REPORT

📄

Executive + Technical Reports

Every assessment includes two documents: a 1-page Executive Summary in plain business language for the owner or board, and a Technical Report with exact commands and configurations for your IT team or provider to execute.

Executive: "3 issues could result in a ransomware attack within 60 days. Estimated cost to fix: $400."
Technical: netsh advfirewall firewall add rule ...

EXCLUSIVE TO BLUESHIELD

💻

GitHub & Code Repository Leak Scan

We scan public GitHub, GitLab, and Bitbucket repositories for accidentally committed API keys, passwords, database credentials, and internal hostnames associated with your domain. Attackers do this every day.

Found in public GitHub repo: AWS_ACCESS_KEY_ID=AKIA... committed 47 days ago — key is still active → CRITICAL

INCLUDED EVERY PLAN

👤

Human Specialist Reviews Every Report

Kevin Mitchell personally reads every finding, removes false positives, validates severity, writes the plain-English explanations, and is available to walk you through the report. No algorithm. No automated PDF dump.

SecurityScorecard: automated score, no human review
Blueshield: Kevin reads your report before it ships

INDUSTRY BENCHMARKING

Know where you stand
against your peers.

Your grade means more when you know how it compares to businesses like yours. No competitor provides this context for SMBs.

Healthcare SMB — Risk Score Benchmark

ANONYMIZED DATA · 240 BUSINESSES SAME SIZE & INDUSTRY

C+

⬥ Your Business58 / 100

Industry Average42 / 100

Top 25% of Peers74 / 100

You are above industry average. Fixing your 3 critical findings would move you into the top 25% of your peer group.

TWO REPORTS IN ONE

Every assessment includes
an executive report and a technical report.

One for the business owner. One for the IT person fixing the issues. No other service does both.

DOCUMENT 1 OF 2

Executive Summary

1 page · Plain business language · For the owner, CFO, or board

📌

Business risk summary — What you are exposed to and what it could cost you in plain English.

🚨

3 things to fix this week — Prioritized by business impact, not technical severity score.

💰

Estimated remediation cost — Time and money required to reach a B grade.

📊

Peer comparison — How you rank against similar businesses in your industry.

📈

Risk trend — Month-over-month score change (Monitor plan).

DOCUMENT 2 OF 2

Technical Report

Full detail · Exact commands · For your IT team or provider

⚠️

Every finding documented — Severity, affected system, CVE references where applicable.

🔧

Exact remediation steps — Copy-paste commands, DNS records, configuration changes. Not "fix your firewall" — the actual rule.

💬

Vendor-specific instructions — Steps tailored to your detected stack (cPanel, AWS, GoDaddy, Google Workspace, M365).

🧪

Verification steps — How to confirm each fix worked before requesting re-check.

📋

All 40+ check results — Pass/fail/warn for every check, even the ones with no issues.

COMPETITIVE COMPARISON

Enterprise intelligence.
Not enterprise pricing.

Capability	SecurityScorecard	UpGuard	Experian BEC	Qualys	Blueshield
Attack surface scan	✓	✓	—	✓	✓
Email security (SPF/DKIM/DMARC)	✓	✓	~	~	✓
40+ named checks	—	—	—	✓	✓
Dark web / breach monitoring	~	~	✓	—	✓
Typosquatting detection	—	—	—	—	✓
OSINT surface mapping	—	—	—	—	✓
Social engineering surface	—	—	—	—	✓
GitHub credential leak scan	—	—	—	—	✓
Industry peer benchmarking	✓	—	—	—	✓
Remediation verification	—	—	—	—	✓
Executive + Technical reports	—	—	—	~	✓
Human specialist review	—	—	—	—	✓
SMB accessible	—	—	—	—	✓
Price	$500+/mo	$400+/mo	$300+/mo	$299+/mo	$299 flat

HOW IT WORKS

Order today.
Full report in 48 hours.

No software. No access. No installation. We work entirely from the outside.

📝

STEP 01

5-Minute Intake

Tell us your domain, employee emails, industry, and any specific concerns. No system access needed.

🔎

STEP 02

40+ Checks Run

We run every check externally: ports, email, DNS, SSL, OSINT, breach databases, GitHub, typosquatting, and more.

🧠

STEP 03

Kevin Reviews

Every finding is personally reviewed, false positives removed, severity calibrated, plain English written.

📨

STEP 04

Reports Delivered

Executive Summary and Technical Report delivered as PDFs within 48 hours. Dashboard updated live.

✅

STEP 05

Verified Fixes

You fix findings, we re-check and confirm. Your score updates in real time as you close issues. Monitor plan re-scans monthly.

PRICING

Flat rate. No contracts.
Cancel anytime.

No hidden fees. No per-finding charges. No enterprise sales calls. Just the most thorough SMB security assessment available.

TIER 01

Snapshot

^$299 one-time

Full assessment, delivered once

Complete 40+ check assessment with both Executive and Technical reports. Best for businesses who want to know where they stand right now.

All 40+ checks across 6 categories
OSINT surface mapping
Typosquatting detection
GitHub credential leak scan
Breach & dark web check (up to 20 emails)
Executive Summary (1 page, plain English)
Technical Report (exact fix commands)
Letter grade A–F with category breakdown
Delivered within 48 hours
3 remediation verifications included
Monthly re-scans
Industry benchmarking
Social engineering surface report

TIER 02

Monitor

^$99/mo

or $899/yr — save $289

Everything in Snapshot, plus monthly re-scans, industry benchmarking, and unlimited remediation verification. Your security posture tracked over time.

Everything in Snapshot
Monthly re-scan on all 40+ checks
Industry peer benchmarking
Delta report — what changed this month
Unlimited remediation verification
SSL expiry alert (30 days out)
New breach alert within 48 hours
New typosquatting domain alerts
Risk score trend chart over time
Priority support (same-day)
Social engineering surface
Executive personal coverage

TIER 03

Executive

^$249/mo

or $2,299/yr — save $689

For businesses with executives, public-facing leadership, or elevated personal risk. Every Monitor feature plus personal OSINT coverage and quarterly deep-dives.

Everything in Monitor
Social engineering surface report
Executive personal OSINT profile (up to 3)
LinkedIn & public profile monitoring
Personal breach monitoring
Quarterly deep-dive assessment
30-min debrief call with Kevin
Annual penetration surface report
Incident response hotline
Same-day specialist response

🛡

If you don't learn anything new, you don't pay.

If your Snapshot report contains zero findings you weren't already aware of, we refund you completely. We have never issued this refund.

WHY TRUST US

Security is what we do
every single day.

🛡

Professional-Grade Tools

We use Shodan, Censys, AbuseIPDB, VirusTotal, dedicated breach databases, and custom OSINT workflows — the same tooling enterprise security teams use.

👤

Human Review, Every Time

Kevin Mitchell reads every report before it ships. No auto-generated PDF dumps. No false positives that waste your time. A real person accountable for what's in the report.

🏢

Security Is the Business

Blueshield is operated by Mitch's Cyber Solutions LLC, a managed security company running 24/7 SIEM, EDR, and security operations for real clients every day.

COMMON QUESTIONS

Straight answers.

Do you need access to my network or systems?+

No. Everything we do is entirely external — exactly as an attacker would approach your business. We do not need VPN access, credentials, or any internal access. All we need is your domain name and the email addresses you want included in breach monitoring.

What makes Blueshield better than SecurityScorecard or UpGuard?+

SecurityScorecard and UpGuard provide automated scores starting at $400/month. They do not offer OSINT surface mapping, typosquatting detection, GitHub credential scanning, social engineering surface analysis, executive and technical reports, industry benchmarking at SMB scale, or remediation verification. And they do not have a human read your report before it ships. Blueshield does all of this for $299 flat.

What is typosquatting and why does it matter?+

Typosquatting is when an attacker registers a domain that looks like yours — acmecorp.net instead of acmecorp.com, acme-corp.com, acmeccrp.com, or acm3corp.com. They use these domains to send phishing emails that appear to come from you, to build fake login pages that steal your clients' credentials, or to intercept email threads. We check hundreds of variations for every domain we assess.

How is this different from a penetration test?+

A penetration test actively exploits vulnerabilities. Blueshield is a passive external assessment — we identify and document vulnerabilities without exploiting them. No risk to your systems, no downtime, no engagement agreement required. Think of it as the reconnaissance phase: we show you exactly what an attacker would find and prioritize before we sell you something more involved.

What is the OSINT surface mapping?+

OSINT (Open Source Intelligence) is information an attacker collects about your business before they ever touch your network. We map: job postings that reveal your tech stack (attackers use this to target known vulnerabilities), Google search results exposing internal files or directories, LinkedIn employee data used for phishing, Shodan-indexed devices associated with your IP ranges, and certificate transparency logs showing every domain and subdomain you've ever used. You get to see exactly what an attacker's pre-engagement profile looks like for your business.

How does remediation verification work?+

When you fix a finding, you log it in your dashboard as "Fixed — Ready to Verify." We re-run that specific check within 24 hours, confirm the fix is live, and update your risk score. Snapshot customers get 3 verifications included. Monitor and Executive customers get unlimited verifications.

See your business exactly the wayan attacker sees it.

Every external attack surface.Nothing skipped.

8 things no competitor doesat any price.

Know where you standagainst your peers.

Every assessment includesan executive report and a technical report.

Enterprise intelligence.Not enterprise pricing.

Order today.Full report in 48 hours.

Flat rate. No contracts.Cancel anytime.

If you don't learn anything new, you don't pay.

Security is what we doevery single day.

Straight answers.

Moderate Risk — Action Required

See your business exactly the way
an attacker sees it.

Every external attack surface.
Nothing skipped.

8 things no competitor does
at any price.

Know where you stand
against your peers.

Every assessment includes
an executive report and a technical report.

Enterprise intelligence.
Not enterprise pricing.

Order today.
Full report in 48 hours.

Flat rate. No contracts.
Cancel anytime.

Security is what we do
every single day.