For procurement & vendor risk teams

Check any vendor's external
security posture in 90 seconds.

Same passive scan methodology used by SecurityScorecard and UpGuard — without the enterprise contract. Check any domain from the public internet. No vendor cooperation required.

Free for a single domain check. Results include severity breakdown and all finding titles. Full detail, PDF report, and shareable verification link available as part of the Deal Package.

What the scan covers

TLS/SSL grade

SSL Labs

Certificate validity, cipher suites, protocol version, downgrade protection

Email authentication

MXToolbox

SPF, DMARC, DKIM — phishing risk for your users and employees

Security headers

SecurityHeaders.io

HSTS, CSP, X-Frame-Options — browser-level protection for your users

Open ports / exposed services

Shodan

Publicly accessible admin interfaces, databases, or development ports

Known CVEs

NVD / NIST

Unpatched vulnerabilities in technology stack detected from version banners

DNS security

MXToolbox DNS

DNSSEC, CAA records, zone transfer exposure

Certificate transparency

crt.sh

Subdomain inventory from public CT logs — unexpected attack surface

Reputation checks

VirusTotal / URLScan

Flagged domains, malicious associations, current blocklist status

All checks are passive and read-only. No credentials, no installation, no vendor notification. Public sources only.

Common procurement scenarios

Procurement analyst

Need to vet 15 SaaS vendors for an RFP. Want a quick security triage before going through full questionnaire process.

90-second scan per vendor. See grade distribution. Prioritize deeper review for grades D/F.

Vendor risk manager

Running annual vendor review. Need current posture data for existing suppliers, not a 6-month-old questionnaire response.

Scan any domain. See what's changed since last review. Compare against previous scan.

CISO / security team

Third-party assessment before contract renewal. Want independent data that doesn't rely on vendor self-reporting.

Passive scan from public sources. No vendor cooperation. Independent verification.

vs. SecurityScorecard / UpGuard

SecurityScorecard

Sycrion

Price

$30–100K/year

Free scan · €199 report

Setup

Enterprise contract + onboarding

90 seconds, no account

Built for

Enterprise buyers at scale

Single domain checks

Historical data

Years of continuous monitoring

Current + weekly refresh

Vendor self-service

Separate vendor portal product

Primary use case

EU data residency

US-based infrastructure

Frankfurt, EU

SecurityScorecard and UpGuard are the right tools for enterprise procurement teams managing hundreds of vendors continuously. Sycrion is for targeted checks on specific vendors — without the enterprise contract.

Scope — what this doesn't cover

Sycrion covers external, publicly-visible technical hygiene. It does not assess internal controls, security policies, employee practices, incident history, or authenticated surfaces. A clean Sycrion score means no obvious red flags in publicly visible infrastructure — not a comprehensive security certification. For full vendor risk management at scale, SecurityScorecard or equivalent enterprise tools are appropriate.

Free · no account · 90 seconds

Check a vendor domain now

Enter any domain. Get severity breakdown, finding titles, and source labels free. Full detail with Deal Package.

Check a vendor free →