Do you offer a free cybersecurity audit in Ireland?

Yes. Intellix offers a free, non-intrusive 3–5 page external cybersecurity audit for SMEs and mid-market organisations in Ireland and the UK. Delivered in 7 working days. Covers DNS, DMARC/SPF/DKIM, TLS, security headers, application surface and Business Email Compromise readiness. Mapped to GDPR Art. 32, NIS2 and MITRE ATT&CK.

How much does a paid cybersecurity audit cost?

Paid tiers start at €1,500 for the Deep-dive Report (the report most clients hand to their insurer or board — internal scan, cloud configuration review, MFA audit and risk register), €5,000 for the Full Security Assessment (external penetration test, phishing simulation, vendor coordination, retest), and €8,000 for the NIS2 Readiness Programme (gap analysis against all ten Article 21 measures, policy drafting, board briefing, CISO/DPO scorecard). For ongoing coverage: €500/quarter Quarterly Monitoring and from €1,800/month Managed Cybersecurity Oversight. Every scope is fixed-price and confirmed before work starts.

Do you build custom software in Ireland?

Yes. Custom software development is one of our core service lines. We build B2B portals, internal operational tools, ERP-grade production systems (Keystone), integrations across Shopify / Akeneo / Sage, and customer-facing platforms. Same team delivers the code, the cloud infrastructure and the long-term support. UK + Ireland delivery, EU data jurisdiction.

Do you build AI and machine-learning software?

Yes. We build applied AI and ML systems for serious operators — retrieval-augmented (RAG) assistants on private data, computer-vision pipelines for production lines, document automation, demand forecasting, fraud and anomaly detection, and LLM integration into existing software. Delivery is product-engineering-grade with evaluation, observability, cost control and EU data residency.

Can you help us comply with NIS2 in Ireland?

Yes. We deliver NIS2 readiness assessments and remediation for in-scope Irish and UK SMEs. Findings are indexed against the eight NIS2 control families (governance, supply-chain, vulnerability management, incident handling, cryptography, access control, asset management, business continuity) with a CISO/DPO scorecard. Optional ongoing oversight available.

Are you a Netgate pfSense partner?

Yes. Intellix deploys and supports Netgate pfSense for hotels, hospitality groups, food producers and B2B portal operators across Ireland and the UK. We handle the firewall design, captive-portal guest WiFi, VLAN segmentation, VPN and ongoing change management.

Do you provide DMARC, SPF and DKIM setup?

Yes. Email authentication setup is one of the highest-impact cybersecurity controls for any organisation. We configure SPF mechanisms, DKIM selectors, DMARC policy enforcement (move from p=none to p=reject safely), MTA-STS and TLS-RPT — and validate the changes via reporting. Included in the Deep-dive Report and as a standalone engagement.

Do you support hospitality WiFi and hotel IT in Ireland?

Hospitality is a core wedge for us. Hotels handle guest data, PCI scope, captive-portal WiFi, PMS / POS integrations, and 24/7 uptime obligations. We deliver hospitality-grade WiFi (Ubiquiti, pfSense), Microsoft 365 security hardening, backup and ransomware readiness, vendor coordination and ongoing managed cybersecurity oversight — built around the operational rhythm of a hotel or restaurant.

What happens if you find something serious during the free scan?

You hear from the analyst the same day — by phone if it's urgent, by email if not. We never leave a confirmed-breach signal sitting in a queue until the report is formatted.

How is this different from a penetration test?

Our Full Security Assessment tier INCLUDES an external penetration test (manual + automated) plus a phishing simulation. For most clients this is the right depth. Bespoke red-team engagements scoped separately on request.

We're a regulated entity — does this map to NIS2 and GDPR Article 32?

Yes. The Deep-dive Report maps every finding against GDPR Art. 32 and MITRE ATT&CK. The NIS2 Readiness Programme is the full-depth engagement — gap analysis against all ten Article 21 measures, policy drafting, board briefing and a quarterly remediation roadmap. CISO / DPO scorecard included.

Can my platform vendor or M365 partner receive the findings directly?

Yes. Every finding from the Deep-dive onwards is pre-tagged with an owner column and includes a vendor-validation question you can forward verbatim. Full Security Assessment goes further — we contact your vendor directly and close findings on your behalf.

Do you cover Business Email Compromise (BEC) and display-name impersonation?

Yes — this is layer six of the scan. The Deep-dive Report includes copy-ready abuse-report email drafts for national CERT, cyber-crime authority, hosting-provider abuse and Microsoft in-product reporting.

Intellix CISO Cockpit · External Cybersecurity Audit

Find out what attackers see — before they do.

A free, non-intrusive 3–5 page external security review for your domain — delivered in 48 hours. Three priority observations + the controls already working in your favour. When you're ready to act: deep-dive paid report from €1,500, full security assessment with pen test from €5,000, or a complete NIS2 readiness programme from €8,000.

Show me what's exposed See the pricing ladder

15+ live clients GDPR Art. 32 mapped MITRE ATT&CK referenced NIS2 scorecard available

Intellix CISO Cockpit

Cybersecurity Audit · Free Brief

Non-Intrusive External Review

yourcompany.ie

Type

Public surface

Date

2026-XX-XX

Prepared by

Asif Khan

Classification

Confidential

Findings at a Glance

01B2B subdomain redirect chainValidate

02API config endpoint exposureValidate

03Storefront CORS policyValidate

04DMARC enforcement (p=reject)Strong

05DNSSEC + Cloudflare WAFStrong

06HSTS preload (active)Strong

Mapped to GDPR Art. 32 · NIS2 · MITRE ATT&CK · CVSS v3.1

€0

Free external scan

€1.5k

Deep-dive · from

€5k

Full assessment · from

€8k

NIS2 programme · from

15+

Live clients tracked

The Tuesday-morning question

"What should I worry about, what should I leave alone, and who do I phone?"

If you're a CISO, IT Manager or Head of Operations, that's the actual question. Not "how many CVEs do we have?" — your scanner already screams that at you. Not "can we pass a pen test?" — you'll book one when there's budget. The thing that keeps you up is whether the next BEC email gets through, whether your DNS is leaking a takeover-able subdomain, and whether someone can credibly send mail as your domain right now.

The Intellix CISO Cockpit is built around that question. The tooling runs in minutes. The analyst review takes hours, not weeks. Every finding is tagged to a single named owner — your platform vendor, your Microsoft 365 partner, your DNS registrar, your in-house developer — so the IT lead can forward each section without rewriting it.

Coverage matrix

Six layers. Every public surface. Every audit.

We scan the same six layers on every client. Findings land in the matrix below — each tagged with severity, confidence, owner and remediation steps in the paid pack. Layer six is the one most scanners skip and most attackers exploit first.

DNS & Domain Hygiene

·DNSSEC + chain of trust
·CAA pinning
·40+ subdomain patterns probed
·Stale / takeover-risk subdomains
·Lookalike & typo-squat sweep
·SOA freshness · zone hygiene

Why it mattersCatches dead subdomains pointing at orphaned IPs, ungrabbed lookalike domains, and registrar gaps.

Email Authentication & Impersonation

·SPF mechanism analysis
·DKIM (12+ selector probe)
·DMARC policy + alignment + pct
·MTA-STS / TLS-RPT / BIMI
·Null-MX (RFC 7505)
·Display-name BEC readiness

Why it mattersThe layer that catches the "Sarah-from-Accounts" lookalike-email attack before it lands in finance.

Transport Security (TLS)

·TLS 1.0/1.1/1.2/1.3 matrix
·Cipher suite + AEAD inventory
·Cert chain · SAN · key type
·HTTP → HTTPS redirect inspection
·HSTS · max-age · preload status
·HTTP/2 & QUIC advertisement

Why it mattersCloses the first-visit MITM window and stops a single expired cert taking down a whole subdomain estate.

HTTP Response Headers

·CSP, X-Frame, frame-ancestors
·Referrer-Policy, Permissions-Policy
·Cross-Origin Opener / Embedder
·Deprecated headers flagged
·Conflict & duplication detection
·Per-cookie Secure / HttpOnly / SameSite

Why it mattersCatches the silent breakage that happens when Caddy, FastAPI and Cloudflare each add a different CSP header.

Application Surface (per-platform)

·WordPress · xmlrpc · wp-json · /?author
·WooCommerce · Bookings · payment scope
·Shopware 6 · API & origin leakage
·Microsoft Power Pages · Dataverse probe
·Generic SPA / API · health · CORS
·SRI coverage + inline-script footprint

Why it mattersPlatform-specific knowledge — not a generic scanner pretending all stacks look the same.

Business-Context Layer

·BEC / display-name impersonation playbook
·Incident-response & abuse-report wording
·Vendor-validation questions ready to forward
·Owner-mapping per finding
·GDPR Art. 32 + NIS2 mapping
·MITRE ATT&CK technique tags

Why it mattersThe layer most scanners skip. Turns a vulnerability list into something an IT Manager can actually action.

Findings are mapped against

GDPR Art. 32 NIS2 control families MITRE ATT&CK CVSS v3.1 CWE ISO 27001 alignment

Free download · 2-page PDF · No payment

The Cyber-Insurance Renewal Checklist your underwriter is already using.

Cyber-insurance renewals tightened across Ireland and the UK in 2025–2026. Underwriters now require evidence — not declarations — across five control families. We've distilled every renewal-blocker and premium-impact item into a 2-page A4 checklist you can take to your broker, board or next renewal call.

Identity & access — what MFA, conditional access and offboarding evidence is mandatory
Email & impersonation — SPF / DKIM / DMARC at p=reject, anti-impersonation and BEC controls
Endpoint & vulnerability management — EDR, patch SLAs, asset inventory expectations
Backup & ransomware readiness — 3-2-1, immutability, RTO/RPO and tested-restore evidence
Governance, incident response & supply-chain — board accountability, IR drills, supplier risk

Six tiers · One pathway

Start free. Step up when you need to act.

Every engagement starts with the free external scan. From there, you choose the depth — a deep-dive report you can hand to your insurer or board, a full security assessment with pen test and vendor coordination, or a complete NIS2 readiness programme. Quarterly monitoring and full managed cybersecurity oversight available for clients who want continuous coverage.

Tier 01 · Complimentary · No commitment

Free External Scan

Know what attackers see — in 48 hours, on us.

DNS, TLS & certificate analysis — what's already protecting you
Security headers, email spoofability (SPF / DKIM / DMARC), API surface
Public surface only · No exploitation · No login attempts · No private data accessed
Plain English. No fear-selling. No pricing pitch inside the PDF.
Delivered to your inbox within 48 hours. One free scan per organisation.

€0

3–5 page IT-Manager brief

Show me what's exposed

No credit card · No NDA needed · Delivered to your inbox

Deep-dive Paid Report

The report you hand to your insurer, board or biggest customer.

€1,500 – €3,500

One-off · fixed price · scoped before start

Everything in the free scan, expanded
Internal network vulnerability scan
Cloud configuration review (AWS / Azure / M365)
Password policy & MFA audit
Prioritised risk register with remediation steps
MITRE ATT&CK + GDPR Art. 32 mapping
30-minute walkthrough call with findings

The first-paid step most clients choose. Suitable for cyber-insurance renewals, board reporting, supplier-due-diligence response, and NIS2 gap analysis.

Scope a Deep-dive

Tier 03 · One-off · Hands-off

Full Security Assessment

Penetration test, phishing simulation — we close it with your vendor.

€5,000 – €12,000

One-off · 3–4 week engagement

Everything in the Deep-dive Report
External penetration test (manual + automated)
Social engineering / phishing simulation
Policy & procedure review (GDPR, NIS2)
Executive summary + technical appendix
Vendor coordination — we close findings with your M365 partner, DNS, hosting or in-house dev
Final retest + signed closure note for your insurer / board / auditor

Best for: pre-certification, post-incident hardening, or clients where the IT Manager just wants this closed for them.

Scope an assessment

Tier 04 · Regulatory · Programme

NIS2 Readiness Programme

End-to-end compliance for in-scope Irish & UK SMEs.

€8,000 – €18,000

Programme · 6–10 weeks

Full Security Assessment (as above)
NIS2 gap analysis against all 10 measures (Article 21)
Policy drafting — incident response, BCP, supply chain
Board-level risk briefing + CISO / DPO scorecard
Remediation roadmap with quarterly milestones
Evidence pack ready for regulator inspection or supplier questionnaire
Optional: outsourced DPO engagement

For organisations that fall under NIS2 scope and need to demonstrate compliance to regulators or large-enterprise customers.

Talk about NIS2

Continuous coverage · Recurring retainers

Tier 05 · Recurring

Quarterly Monitoring

Catch the next problem before it bites — not six months after.

€500 – €1,200 / quarter

Quarterly retainer · cancel anytime · annual discount

Quarterly external re-scan (automated + manual review)
Delta report vs. previous quarter — what changed, what regressed
DNS, email-auth and domain monitoring — alerted on change
Vendor change-detection — your Shopify / Shopware / M365 stack
Phishing & lookalike-domain monitoring — registrar sweep
Direct line to the analyst running your scans

Most clients move here after their first Deep-dive — continuous coverage at <10% of consultancy retainer cost.

Talk about monitoring

Tier 06 · For regulated estates

Managed Cybersecurity Oversight

One trusted partner across your full estate. Calm again on Monday.

From €1,800 / month

Annual contract · scoped to estate

Microsoft 365 security hardening + ongoing review
Firewall review + change management
Hospitality-grade WiFi — guest network + segmentation done properly
Backup & ransomware readiness — tested, not just configured
Vendor coordination — single point of contact for your IT stack
Guest-data / customer-data protection support (hotels, retail, clinics)
Optional: full managed IT maintenance contract

Strongest fit: hotels, ecommerce brands, food producers, equine businesses, medical clinics, luxury retail.

Discuss a managed engagement

Strongest fit — businesses where downtime, trust and data matter most

Hotels & hospitalityEcommerce brandsFood producersEquine businessesLuxury retailMedical clinicsProfessional servicesLogistics firmsB2B portal manufacturers

Our wedge: hospitality, ecommerce and food production systems. That's where our credibility runs deepest — Cashel Blue, Shawarma, Umi Falafel, Capital Stud and 15+ live cybersecurity clients across Ireland and the UK.

How the scan runs

Three evidence layers. Zero disruption.

Everything we do generates traffic your browser, a search-engine crawler or a legitimate integration would already make. The strict no-go list is on the cover of every PDF.

Passive reconnaissance

Read-only DNS lookups, HTTP HEAD / OPTIONS, TLS handshake inspection. Zero traffic that any normal browser, search-engine crawler or partner integration wouldn't already generate.

Headless-browser evidence

Chromium under Playwright loads the page, captures full screenshots, inspects the cookie jar, walks the redirect chain, and harvests rendered HTML for things server-side requests miss.

Analyst review

Every machine finding is hand-graded by an analyst for severity, confidence (Confirmed vs Requires Validation), business impact and owner. Nothing reaches a client report without a human reading it.

What this review IS

· External, public-surface review only
· Read-only HTTP and DNS
· Permission-based and uniformly applied
· Evidence captured in your report (headers, redirect chains, DNS records, screenshots)
· Findings prioritised: validate-first vs best-practice hardening
· Confirmation of the strengths already in place

What this review is NOT

· No login attempts or password testing
· No fuzzing, scanning of admin paths, or input injection
· No exploitation of any finding
· No access to private data, customer records or internal systems
· No aggressive or rate-limited scanning
· Nothing that could disrupt service for real users

Compared to

Between the scanner that screams and the consultancy that takes six months.

Most external security reviews do one of two things and stop. Pure-tooling scanners generate hundreds of low-context machine findings that need a security engineer to translate. Pure-consulting reports are good but take 4–8 weeks, cost €15–50k, and are stale the day they ship. The CISO Cockpit sits between the two.

	Pure-tooling scanner	Big-4 consultancy	Intellix CISO Cockpit
Time to first report	Minutes — but unreadable for an IT Manager	4–8 weeks	Free External Scan in 48 hours
Cost	€500–5k/yr subscription · no analyst	€15–50k one-off	Free Scan at €0 · Deep-dive from €1,500 · scoped & fixed before start
Finding context	Hundreds of CVEs · no owner · no priority	Deep but generic	Every finding tagged to a named owner with copy-and-forward wording
Tone	Alarmist · severity-inflated	Authoritative · slow	Calm · evidence-led · "worth confirming with your vendor"
Vendor handoff	Not included	Sometimes	Included in Full Security Assessment — we close with your vendor
Compliance mapping	Bolt-on add-on	Included if scoped	GDPR Art. 32 + NIS2 + MITRE ATT&CK + CVSS + CWE in every paid tier
Re-scan cost	Subscription locked in	Another engagement	Quarterly Monitoring retainer · €500/qtr · cancel anytime

What this means for your organisation

Three hours of our time. Three months of your engineers' priorities, sorted.

0–48 hrs

Turnaround

Most Free Briefs go back within 48 working hours of confirmed scope. Larger estates: a week.

2–6

Priority items, on average

Enough to action quickly. Few enough that nothing falls through the cracks on a busy week.

100%

Service uptime during the review

By design — nothing we do touches your live transactions, sessions, or admin surfaces.

EU / IE

Data jurisdiction

Reports and any temporary working copies stay within EU storage. Findings are never shared outside your organisation without written instruction.

Request your Free Brief

One form. One domain. One report.

Tell us the domain, where to send the PDF, and we'll confirm scope within one working day. We treat your enquiry confidentially — same as everything else we do.

No marketing follow-up unless you ask for it.
One Free Brief per organisation. Additional domains at our discretion.
You own the report. Share with your board, insurer, vendor, or auditor.
No credit card. No NDA needed for the initial summary.

Common questions

What CISOs and IT Managers ask us first.

If we haven't answered yours, the form above goes straight to the analyst running the scans — not a sales inbox.