Platform
Contacts
Company
A unique engine designed to manage cyber exposure and produce NIS2 evidence
Galileo constantly monitors your digital perimeter and the security posture of your suppliers, maintaining an always up-to-date risk view, without the need for agents or internal installations.
Collected evidence is normalized and linked in a single data model: assets, services, technologies, findings, suppliers and applicable controls become readable in the same context.
Galileo combines technical severity, exploitation probability, asset criticality and operational context to distinguish urgent risks from background noise.
Every finding is connected to remediation, temporal trends, reports and control evidence, making security activities traceable, verifiable and usable for NIS2 purposes.
Our mission is to help you prevent attacks by reducing exposure and exploitable vulnerabilities. We believe in prevention as the best form of defense
Galileo collects technical signals from DNS, CT logs, ports, services, web technologies, TLS, email security and suspicious domains, keeping the exposed asset inventory current over time, including shadow IT and forgotten assets.
CT logs, DNS, reverse DNS, port scans and service fingerprinting to reconstruct the observable external perimeter.
Web, TLS, email security, typosquatting, suspicious domains and phishing indicators.
Every piece of information is normalized and linked to assets, IPs, services, technologies, suppliers and applicable controls, creating a shared context between security and compliance
Exposed assets are inventoried and historized to monitor the evolution of the digital perimeter over time.
Relationships between subdomains, IPs, ports, services and detected technologies mapped in a single context.
Technical findings, questionnaires and supplier posture linked to the same data model.
Galileo combines technical severity, estimated exploitation likelihood, available exploits, asset criticality and operational context to prioritize beyond CVSS alone.
CVSS, EPSS, CISA KEV, public exploits and available exploit intelligence.
Every finding is evaluated in the context of the asset: business criticality, network exposure, role in the perimeter and relevance to the organization's attack surface.
A unified system combines multiple sources and context to identify toxic combinations of vulnerabilities that, individually, would appear less urgent.
Criticalities are validated through progressive reliability criteria based on data coherence, observed technical context, verifiable evidence and separation of low-confidence cases
The process separates criticalities with consistent technical evidence from less reliable ones, reducing operational noise and facilitating the prioritization of interventions.
For every finding the engine preserves the evidence supporting its classification: detected version, banner, open port, certificate hash and other observable data.
Every finding is connected to clear and immediately actionable remediation plans, operational metrics, trends and observable NIS2/ACN controls, producing reusable evidence for audits and reporting.
The engine generates contextualized explanations and remediation plans with operational steps specific to the detected environment.
Detailed reports with mean time to remediation, temporal trends and exposure metrics to support risk management decisions.
Findings are linked to applicable technical controls, turning security activity into reusable evidence for audits and regulatory reporting.
The same technology supports the organization's cyber posture, supplier assessment and evidence production for governance and compliance
Attack surface
Discovers exposed assets, identifies services and technologies in use, and detects vulnerabilities, weak configurations, TLS certificates, security headers, EOL components and exposed panels. All evidence is correlated and prioritized based on actual risk.
Suppliers
Applies the same observation model to the supply chain, enriching it with NIS2 classification, questionnaires, security posture analysis and correlation between declared information and observed evidence.
Governance
Connects findings and remediation to relevant controls, generates reports and exposes API feeds for SOC, SIEM, SOAR and control processes.
Galileo does not separate exposure, supply chain and compliance.
It connects them through one evidence, risk and remediation model.
Platform
Contacts
Company