Enterprise Agent
WadeSecurity Auditor
Continuous vulnerability scanning, access review, and configuration hardening. Xray finds the gaps in your security posture before someone else does.
The Problem
Annual security audits protect you once a year. Attackers work every day.
Most organizations assess their security posture once or twice a year — a penetration test, a compliance audit, a vulnerability scan. Between assessments, the environment changes constantly while nobody watches.
New services get deployed without security review. Former employees' access credentials linger for months. Firewall rules accumulate exceptions that nobody remembers authorizing. SSL certificates expire on staging servers that still have production database access. Dependencies with known vulnerabilities sit unpatched because the CVE alert went to a mailing list nobody reads. Each gap is small individually. Together, they create an attack surface that grows invisibly between audits.
Access management is particularly problematic at scale. In a 500-person organization, access changes happen weekly: new hires, role changes, departures, contractor onboarding, temporary elevated permissions that become permanent. The principle of least privilege is policy on paper and fantasy in practice because no human can track the full access matrix across every system, every user, every service account.
Wade exists because security posture is a continuous state, not a periodic assessment. The gap between annual audits is where breaches happen — not because the organization doesn't care about security, but because continuous vigilance at scale requires an observer that never sleeps, never forgets, and never gets bored of checking the same configurations for the hundredth time.
How It Works
Scan. Assess. Prioritize. Verify remediation.
Xray performs regular vulnerability assessments across your infrastructure: exposed services, outdated software versions, known CVEs in your dependency chain, misconfigured security headers, weak encryption settings, and open ports that shouldn't be open. Unlike periodic pen tests, these scans run continuously — weekly full scans with daily targeted checks on high-risk surfaces. New vulnerabilities from public advisory databases are matched against your asset inventory within hours of disclosure.
Xray audits access controls across your systems: user accounts, service accounts, API keys, SSH keys, and role assignments. It identifies accounts that haven't been used in 90 days, elevated permissions that were granted temporarily but never revoked, service accounts with broader access than their function requires, and shared credentials that should be individual. Each finding includes the specific access, when it was last used, and a recommended action. Access reviews that used to take a security team two weeks to compile are generated automatically.
Xray compares your system configurations against security benchmarks: CIS controls, cloud provider best practices, and your own internal standards. Firewall rules, logging configurations, encryption settings, backup policies, network segmentation — each is evaluated against the expected baseline. When configuration drift occurs (a firewall exception added, a logging level reduced, an encryption protocol downgraded), Xray detects it and flags both the change and the risk it introduces.
Not every finding is critical. Xray prioritizes findings by actual risk: a publicly-exposed service with a known exploit is critical. An internal server missing a non-security patch is informational. Prioritization considers exploitability, exposure, asset value, and blast radius — not just CVSS score. Each finding includes context: what it is, why it matters, what could happen if exploited, and the specific remediation step. Security teams get actionable reports, not vulnerability dumps.
When a finding is remediated, Xray verifies the fix. A patched vulnerability is re-scanned to confirm the patch was applied correctly. A revoked access credential is re-checked to confirm it's actually non-functional. A hardened configuration is re-assessed to confirm the change holds. This closed-loop verification means findings don't get marked "resolved" based on someone saying they fixed it — they get marked resolved when the scan confirms the risk is gone.
The OS Underneath
Security intelligence that never resets.
Xray runs on Montebelle's agent operating system. Three capabilities make it fundamentally different from a vulnerability scanner:
Memory continuity means Xray maintains the full security history of your environment. It knows which vulnerabilities were found, when they were patched, and whether the same issue has recurred. It knows which access anomalies were investigated and resolved versus which were accepted as risk. It knows that this configuration was hardened three months ago but has since drifted back. This historical context is what separates a security agent from a scanning tool — it turns point-in-time assessments into a continuous security narrative.
Verification gates are non-negotiable in security. Before reporting a vulnerability, Xray confirms the finding is genuine and not a false positive from a misconfigured scan. Before flagging an access anomaly, it verifies the account data is current. Before declaring a finding remediated, it re-tests. In security, false positives erode trust and false negatives create risk — verification gates maintain the balance that keeps the security team responding to real threats, not chasing ghosts.
Fleet learning means Xray's detection capabilities improve across all deployments. Attack patterns observed in one environment inform detection in others. Configuration hardening benchmarks that prove effective get shared across the fleet. Common vulnerability patterns in specific technology stacks are flagged proactively. The more environments Xray monitors, the sharper its understanding of real-world attack surfaces becomes.
The model underneath is Sonnet — capable of nuanced security analysis, fast enough for continuous scanning cycles, and precise enough for configuration-level assessment where details matter.
Ready to see what an agent looks like for your workflow?
We'll assess your current security posture and show you where continuous auditing fits. Your infrastructure, your compliance requirements, your risk tolerance.
Let's TalkFixed price. Two to four weeks. You own the code.