Skip to content
Pricing · scope-defined

Modular. Scope-defined.
One scoping call sets the number.

CTEM is not a per-seat product. Pricing scales with the surfaces in scope, the asset count across them, and how deep you need integrations to go. We tell you the number on the call — not after a procurement loop.

The five modules

Buy what you need. Scope what you defend.

CTEM Core is the foundation; every other module is additive. Most customers start with Core + EASM + Adversarial Validation. AI/LLM and Enterprise + MSSP are added by industry need.

CTEM Core

Required

The five-stage continuous loop

Scope · discover · prioritize · validate · mobilize. The foundation every other module sits on. Required.

  • Asset graph + delta
  • CRPS priority scoring
  • Validation pipeline
  • Workflow integrations

EASM

Seedless external attack surface

Apex-rooted asset discovery across web, API, cloud, identity, code, AI/LLM. Continuous CT-log + DNS + cloud listeners.

  • Seedless enumeration
  • Shadow asset surfacing
  • Drift detection
  • Asset taxonomy

Adversarial Validation

2026 surface

Proof, not score

Multi-engine corroboration plus adversarial probing produce the evidence chain on every Validated finding. The Gartner-named category.

  • Corroboration scoring
  • Production-safe probing
  • LLM-assisted triage
  • Evidence capture

AI / LLM Coverage

The 2026 surface

Shadow-AI discovery, prompt-injection probing, RAG context fuzzing, model exposure scanning. Discrete module — most platforms still treat AI as out-of-scope.

  • Shadow-AI inventory
  • Prompt-injection probe
  • RAG context audit
  • Model endpoint scan

Enterprise + MSSP

Multi-tenant, white-label, governed

Five-role RBAC, SSO/SAML/OIDC, white-label visuals, per-tenant queue isolation, audit-log SIEM streaming, customer-facing PDF reports.

  • Multi-tenant isolation
  • White-label branding
  • SCIM provisioning
  • Custom MSA / DPA

Tell us your scope. We'll quote it on the call.

A 30-minute scoping call covers surfaces in scope, asset count, integration depth, multi-tenant needs, and procurement timeline. You leave with a real number — not a sales follow-up loop.

Request a quote Schedule a demo
How we price

Four principles, no surprises.

No per-scan, per-finding, or per-event charges

You pay for the modules and the scope, never for the activity inside them. Scan as much as your scope allows.

No public tier pricing — the category does not ship one

CTEM is scope-defined. Number of assets, surfaces in scope, expected event cadence, multi-tenant requirement, and integration depth set the number. We tell you in one call.

Annual or multi-year preferred

Most enterprise procurement runs on annual contracts. Multi-year carries a real discount; we are transparent about it on the call.

Procurement-ready out of the box

Standard DPA, SIG / SIG-Lite, MSA template, sub-processor registry, and security questionnaires available on request — see /trust.

FAQ

Questions teams ask before the call.

  • Why no public tier prices?

    Because the category does not have them. Wiz, Tenable, Pentera, CyCognito, and Horizon3 all run contact-us only. CTEM pricing is scope-defined — asset count, surfaces, event cadence, integration depth — and a 30-minute call sets it more accurately than a static tier could.

  • What does the scoping call cover?

    Thirty minutes. We walk through which surfaces you need in scope, what your asset count looks like across those surfaces, integration depth (Jira / ServiceNow / SIEM / IdP), multi-tenant requirements if any, and your procurement timeline. You leave the call with a number, not "we will follow up."

  • Do you offer a free evaluation or pilot?

    For enterprise procurement, scoped 60- to 90-day pilots are common. We define the outcomes that would prove value before the pilot starts — then run against them. Talk to our team to set one up.

  • Can I buy a single module without CTEM Core?

    CTEM Core is required because the other modules feed into the same loop. The EASM module is not a standalone EASM tool, the validation module is not a standalone BAS — they are layers of one platform. Buy them with Core, not instead of it.

  • How does multi-tenant pricing work for MSSPs?

    Per-tenant scoping with volume tiers. The Enterprise + MSSP module unlocks white-label visuals, sub-domain hosting, and per-customer PDF reporting at no additional per-tenant fee on multi-year terms. The economics are designed so MSSP margins improve as customer count grows.

  • What is included in the standard MSA?

    Standard liability cap, DPA referencing our sub-processor list, security questionnaire alignment with SIG and SIG-Lite, and assurance language tied to our /trust attestations. Custom MSA language is available on enterprise terms — see /trust.

Scope. Quote. Decide.

Thirty minutes. We scope, we quote, you decide. No procurement loops.

Request a quote Schedule a demo