CTP247PRE-LAUNCH

Coming soon.

CTP247 is cyber threat protection that never clocks out — autonomous agents watching your attack surface, brand, and the dark web 24/7. Leave your email and we'll let you know when it's live.

One email at launch. No newsletters, no marketing dripfeed.

CTP247
Get a demo
Cyber threat protection · 24/7/365

We see the threat
before it sees you.

CTP247 watches your attack surface, your brand, your executives, and the dark web — around the clock. Autonomous agents ingest the feeds, triage the alerts, enrich the IOCs, and draft the takedowns, so the 3 a.m. typosquat is a closed case by stand-up.

Get a demoExplore the platform
0
Live feeds, free + commercial
0
Autonomous agents, one queue
0
Compliance frameworks mapped
0/7
On watch — no night shift to staff
The standing watch · 24/7
27 live feeds
NVDEPSSCISA KEVAlienVault OTXGreyNoiseAbuseIPDBURLhausThreatFoxFeodo TrackerCloudflare RadarRIPE RIS LiveCertificate TransparencyWHOISTorI2PTelegramMatrixRansomware Leak SitesStealer MarketsGoogle PlayApple App StoreDMARC Aggregate ReportsNVDEPSSCISA KEVAlienVault OTXGreyNoiseAbuseIPDBURLhausThreatFoxFeodo TrackerCloudflare RadarRIPE RIS LiveCertificate TransparencyWHOISTorI2PTelegramMatrixRansomware Leak SitesStealer MarketsGoogle PlayApple App StoreDMARC Aggregate Reports
CAM-01The standing watch

The 24/7 watch

Somebody is always on shift.

Registrations, certificates, leak sites, stealer markets, feed entries — the contacts keep coming whether your team is awake or not. The agents sweep continuously, triage everything that pings, and queue only what deserves a human.

  • Every contact lands with evidence attached — screenshot, source, score.
  • Severity decides who gets paged and who reads it at stand-up.
  • The 3 a.m. find is a drafted takedown by morning, pending your approval.
SIMULATED SWEEP · ALL SECTORS--:--:--UTC
acquiring contacts…
CAM-02The camera wall

Platform

Six modules. One camera wall.

Everything an attacker can see of you — infrastructure, domains, people, paste sites, card shops, mail headers — watched from one place, written into one case fabric. Click any module for the full deep-dive.

CAM-01REC

Attack Surface

Subdomain discovery, port and service scans, TLS posture, and CVE matching against what you actually run — continuously, from the outside in.

VIEW MODULE ↗
CAM-02REC

Brand Protection

Certificate-transparency and WHOIS watch catch typosquats at registration time. 1,500+ TLD permutations, logo abuse by perceptual hash, takedowns drafted.

VIEW MODULE ↗
CAM-03REC

Dark Web Monitoring

Crawlers inside Tor, I2P, Telegram, and Matrix. Ransomware leak sites, stealer markets, and phishing forums watched continuously for your name.

VIEW MODULE ↗
CAM-04REC

Data Leakage & Fraud

Leaked card detection with Luhn validation and BIN matching, custom DLP policies, and breach-notification SLA tracking from first sighting to closure.

VIEW MODULE ↗
CAM-05REC

Email Security

DMARC, SPF, and DKIM aggregate reports parsed and scored. Spoofing analytics, phishing classification, and sender governance in one view.

VIEW MODULE ↗
CAM-06REC

Threat Intelligence

27 live feeds normalized into one IOC store with enrichment, MITRE ATT&CK mapping, and a TAXII 2.1 server your other tools can read from.

VIEW MODULE ↗
CAM-03Chain of custody

From signal to takedown

One pipeline, end to end.

Most stacks stitch a TIP to a SOAR to an ASM and lose context at every seam. CTP247 is one application over one Postgres — the entry that arrived as a feed item leaves as a takedown, with the whole chain auditable in between.

01Ingest27 feeds · CT logs · crawlers
02Normalizededupe · IOC extraction
03Triageagent classifies vs your stack
04Alertseverity · owner · SLA
05Casetimeline · evidence · MITRE
06Takedowndrafted, sent on approval

Agents

Five agents. One queue. End to end.

Each agent owns a chunk of the SOC's day. They write into the same case fabric, so a takedown drafted on Tuesday shows up on Thursday's investigation timeline without anyone copy-pasting.

Feed Triage

Classifies every new feed entry, extracts IOCs, decides if it's a real alert.

Runs on every new feed entry

Investigation

Pivots from any alert through actor, asset, IOC, and prior cases — autonomously.

Runs on any alert worth a deeper look

Threat Hunter

Picks an active actor cluster and hunts gaps in your defensive posture weekly.

Weekly sweep · 'Run hunt now' anytime

Brand Defender

Catches typosquats and impersonations the moment they register, drafts takedown.

Daily sweeps · CT streaming opt-in

Case Copilot

Summarises every linked alert/finding, drafts the response timeline as you work.

One-click refresh on any case

See each agent end to end

Threat map

The whole world, on one pane.

CTP247 geolocates the indicators it ingests and layers them on a world map — honeypot attackers, botnet C2, ransomware victims, malware distribution, phishing, Tor exits, exploited CVEs. The live map runs inside the product, filtered against your stack; the globe here is an illustration of the layer system.

See the threat map
illustration·250sample points
© OpenStreetMap · CARTO

Operating rhythm

You read the log, not the manual.

CTP247's worker emits a single, dense, monospaced log. Every ingest, every triage decision, every IOC, every takedown — the SOC sees the same line your engineers see. No stitching across dashboards.

  • Triage. AI classifies new entries against your stack and brand. Hits become alerts; misses cost you nothing.
  • Investigation. On every alert, an agent pivots through actor → asset → IOC → prior cases — and writes its findings.
  • Hunt. A weekly hypothesis-driven sweep against an active actor cluster, surfacing the gaps you can fix before Friday.
  • Brand. Typosquats and impersonations caught at registration time. Drafts the takedown, asks before sending.
  • Case. Every linked alert + finding folds into a timeline the agent keeps fresh as you work.
CTP247 · alert queueREC--:--:-- UTC
27
Feeds live
12
Frameworks
5
Agents on shift

Deployment

Self-hosted. Your data, your perimeter.

CTP247 ships as a single Docker Compose stack — Postgres, Redis, MinIO, the worker, and the API — with the dashboard served alongside by start.sh. Drop it in your VPC, point it at your feeds, run a triage.

Yours, not ours

No telemetry. No phone-home. Outbound traffic is the feeds you enable plus the LLM call — and you can swap to a self-hosted model with one env var.

Postgres-native

Indicators, alerts, cases, agent traces — all in one Postgres. Inspect with psql. Back up with pg_dump. No magic black boxes.

LLM agnostic

Ollama fully local, Anthropic, or any OpenAI-compatible endpoint. The agents speak prompt, you choose the model. Cost lands on your bill, not ours.

Compare plans — Core, Enterprise, Sovereign

CyberThreatProtection247

The watch never ends.

Spin up CTP247 in your environment. Connect a feed. Run a triage. See what a watchfloor that never sleeps does for the team that has to.

Book a 30-min demoSee pricing