zeblade

The Platform

Five products. One control catalog.

Each product owns a discrete part of the security program — but they all read from and write to the same model of your organization.

Platform core

GRC Portal

Policy, risk, and control management — under one catalog.

  • Lifecycle policy management with version history, approvals, and review cycles
  • Zeblade Control Framework (ZCF) — one catalog crosswalking NIST CSF 2.0, ISO 27001, SOC 2, HIPAA
  • Risk register with inherent and residual scoring, treatment plans, and evidence linking
  • Vendor risk: per-vendor inventory, posture scans, and contract artifact tracking
[ GRC Portal — dashboard ] screenshot coming · Phase 2

AI Copilot

Beacon AI

A compliance copilot that actually reads your program.

  • Full context over policies, controls, risks, and evidence — no copy-paste
  • Drafts policy language in your voice using policies you have already approved
  • Identifies framework coverage gaps and suggests crosswalk mappings
  • Audit-trail aware: every suggestion is sourced and reviewable
[ Beacon — copilot console ] screenshot coming · Phase 2

Policy scoring

Compass

Six dimensions. One score per policy. Computed, not opined.

  • Structural integrity, enforceability, consistency, framework alignment, currency, tone
  • Composite score with per-dimension drill-down and remediation hints
  • Benchmarks against your own historical policies — improvement over time
  • Trained on real policy corpora, not generic writing-quality models
[ Compass — score breakdown ] screenshot coming · Phase 2

Vulnerability mgmt

Pulse

Findings, mapped to assets, on a timeline you can defend.

  • Aggregates Greenbone scan data via the Zeblade Bridge agent
  • Asset-keyed remediation tracking with SLA and exception workflows
  • Delta detection — what is new, what closed, what re-opened
  • Audit-ready evidence export per asset, per finding, per quarter
[ Pulse — findings dashboard ] screenshot coming · Phase 2

External posture

Vendor Risk Management

Seven domains of external security signal, scanned nightly.

  • DNS hygiene, email security (SPF/DKIM/DMARC), TLS posture, network exposure, IP reputation
  • Per-vendor scorecards with delta history and trend lines
  • Automated nightly re-scan with change alerts
  • Plugs directly into the same control catalog as policy and risk
[ Vendor Risk — scorecard ] screenshot coming · Phase 2

Want a walkthrough?

Talk to us about a design-partner engagement — limited slots, hands-on onboarding.

Get in touch