Viriatus
Viriatus
VIRIATUS // INITIALIZING
AI-Powered Cybersecurity Platform

Artificial Intelligence to Anticipate
and Combat Threats.

Viriatus uses AI to unify ASM, GRC, and vCISO in a single platform. External reconnaissance, endpoints, firewall, vulnerabilities, incidents, and compliance — with an intelligent vCISO grounded in your real data.

Request Free Demo See Features
NIS2 / DL 65
RGPD
ISO 27001
CNCS
LIVE FEED
8
Integrated Modules
10min
Scan Cycle
100%
EU Infrastructure
<1h
Setup Time
Protected Organizations
Monitored Assets
Vulnerabilities Detected
% Platform Uptime

Sectors we protect

Public Administration Healthcare Financial Services Industry Telecommunications Education

Everything you need. In one platform.

Nine integrated modules covering your entire attack surface management, autonomous pentesting, incident response, and governance needs.

01

External Surface

Discover and monitor your complete digital footprint exposed to the internet.

Explore
02

Internal Surface

Complete visibility of your IT estate with multi-vendor XDR/EDR integration.

Explore
03

Firewall

Real-time visibility into network traffic, threats, and user behavior.

Explore
04

Vulnerabilities

Unified, prioritized vulnerability tracking across your entire infrastructure.

Explore
05

Incidents

Complete incident lifecycle management with built-in NIS2 compliance.

Explore
06

GRC

Translate technical security into business language and manage compliance obligations.

Explore
07

vCISO

Your virtual CISO, powered by your real data.

Explore
08

Cases

Remediation tracking and management with SLAs and automatic escalation.

Explore
New
09

Probus

Autonomous penetration testing with AI. 100% Portuguese engineering, European infrastructure.

Explore
Transformation

Without Viriatus vs With Viriatus

WITHOUT VIRIATUS
5+ disconnected tools

SIEM, scanner, antivirus, firewall, GRC — no correlation

Response time: 72h

Manual detection, no playbooks, no automation

Risk in qualitative matrices

"High/Medium/Low" — the board doesn't understand

Annual pentests: €25,000

One snapshot per year — outdated in weeks

NIS2: non-compliant

No CNCS workflow, no evidence for the regulator

Estimated annual cost €85,000+
WITH VIRIATUS
1 platform, 9 modules

Correlated data, unified dashboard, integrated AI

Response time: < 4h

Automatic detection, integrated playbooks, real-time war room

Risk quantified in €

FAIR + Monte Carlo — VaR 95, what-if scenarios, business language

Probus: continuous 24/7 pentest

Autonomous, no false positives, €0 extra

NIS2: 100% compliant

Automatic CNCS workflow, 4 phases, deadlines, evidence

Viriatus annual cost From €6,000
01

Your virtual CISO. Powered by your data.

The Viriatus vCISO doesn't give generic advice. It uses RAG (Retrieval-Augmented Generation) over your organization's vulnerabilities, incidents, risks, and compliance data for contextual, actionable responses.

  • Frameworks: NIST CSF, MITRE ATT&CK, FAIR, ISO 27001, CIS Controls
  • Structured responses: Executive Summary → Analysis → Business Risk → Prioritized Recommendations → Success Metrics
  • Automatic daily executive summary
  • Sources cited in every response (document type, relevance)
Explore vCISO
vCISO Assistant
RAG Enabled

Analyze CVE-2024-3400 in the context of our infrastructure

Executive Summary

Critical PAN-OS vulnerability (CVSS 10.0) affecting 3 of your firewalls. Active exploitation confirmed by CISA KEV.

Business Risk

Estimated impact: full perimeter compromise. Priority P1 — immediate action recommended.

Recommendation

Apply hotfix PAN-OS 11.1.2-h3. Isolate affected segments until patched.

Sources: 3 CVEs 2 Firewalls 1 KEV
02

Translate technical risk into business language.

Viriatus quantifies risk with FAIR and Monte Carlo, giving you values in euros that the board understands. Not estimates — simulations with 10,000 iterations.

  • Complete FAIR methodology (TEF, TCap, RS, Primary/Secondary Loss)
  • Monte Carlo simulation: loss distribution, VaR 95, CVaR 95
  • Sensitivity analysis (which parameters drive risk the most)
  • What-if scenarios: compare baseline vs modified scenario
Explore GRC
Monte Carlo — 10,000 iterations FAIR Model
freq VaR 95% Mean
Mean ALE
€47,200
VaR 95%
€128,500
Confidence
94.7%
03

NIS2 isn't a problem. It's a workflow.

Viriatus has the complete CNCS notification workflow built into incident management. From detection to final report — with automatic deadlines and status tracking.

  • 4 notification phases: Initial Alert → Detailed Notification → End of Impact → Final Report
  • Automatic deadline calculation from detection
  • IoCs embedded in notification (root cause, effects, measures)
  • Approval workflow (Draft → Pending → Approved → Sent)
Explore Incidents
NIS2 Notification — INC-2024-047 In progress
Initial Alert T+0h — Sent

CNCS notified within 24h of detection

Detailed Notification T+48h — Sent

IoCs, root cause and measures documented

End of Impact Deadline: T+72h

Awaiting containment confirmation

Final Report Deadline: T+30d

Complete post-mortem for CNCS

How Viriatus works

From configuration to continuous monitoring in 4 simple steps.

01

Configure

Define your organization, integrate your security tools, and configure scanning parameters.

02

Map your assets

Viriatus automatically discovers and maps your entire attack surface — external and internal.

03

Identify vulnerabilities

Automatic vulnerability detection with CVSS + EPSS + CISA KEV scoring and intelligent prioritization.

04

Continuous monitoring

Automatic scans every 10 minutes, real-time alerts, and unified dashboard with temporal evolution.

First 24 hours

What happens when you activate Viriatus

From deployment to full visibility in less than a day.

0h

Deploy

Docker + PM2 + Nginx installation. VPN configured. Platform operational.

15m

Organization setup

Name, domains, XDR/EDR and firewall integrations configured.

1h

47 subdomains discovered

Complete automatic external surface scan. 12 with critical vulnerabilities identified.

2h

423 endpoints inventoried

XDR/EDR integration synced. Software, hardware, health scores imported.

3h

First vulnerability scan

34 CVEs correlated with CVSS + EPSS + CISA KEV. 8 classified P1 (critical).

4h

NIS2 workflow configured

4 CNCS notification phases ready. Templates filled. Automatic deadlines activated.

8h

First vCISO report

Executive summary with 3 priority recommendations. Security score: 67%. FAIR risk: €234,000 VaR 95.

12h

Probus starts autonomous pentest

First autonomous intrusion test cycle. 3 attack vectors identified and validated with evidence.

24h

Full operational visibility

Unified dashboard active. Scans every 10 minutes. Real-time alerts. NIS2 compliance active. Team with full access.

Connections that make a difference.

Universal integration with the platforms you already use.

Sophos

Sophos

Endpoints, alerts, software, hardware

CrowdStrike

CrowdStrike

XDR, threat hunting, Falcon

SentinelOne

SentinelOne

Autonomous XDR, automated response

Microsoft

Microsoft

Azure AD, Defender, Microsoft 365

Palo Alto Networks

Palo Alto Networks

Traffic, threats, users

Fortinet

Fortinet

FortiGate, FortiAnalyzer, FortiClient

Check Point

Check Point

Firewalls, VPN, Threat Prevention

Cisco

Cisco

Firewall, ISE, SecureX

Google

Google

Google Workspace, Chronicle SIEM

AWS

AWS

CloudTrail, GuardDuty, Security Hub

Splunk

Splunk

SIEM, log analysis, correlation

Elastic

Elastic

Elastic SIEM, observability

Wazuh

Wazuh

Open-source SIEM, intrusion detection

Darktrace

Darktrace

AI-powered threat detection

CVE Radar

CVE Radar

CVE vulnerability database

CISA KEV

CISA KEV

Actively exploited vulnerabilities

EPSS

EPSS

Exploitation probability

VirIAtus LLM

VirIAtus LLM

Local AI engine for vCISO

Recognition
Portugal Digital Awards 2024
Portugal Digital Awards 2024
Best Digital Startup Project
INNCYBER Innovation Hub 2024
INNCYBER Innovation Hub 2024
2nd Place — Cybersecurity Innovation

Frequently Asked Questions

Does Viriatus replace a SIEM?

No. Viriatus complements your SIEM by focusing on attack surface management, vulnerabilities, and GRC. It integrates with data you already have (XDR/EDR, firewalls, SIEM) for context and prioritization.

Do I need a specific XDR/EDR solution to use Viriatus?

Viriatus integrates with XDR/EDR solutions from any vendor (Sophos, Microsoft Defender, CrowdStrike, SentinelOne, and others) for the internal surface. You can also use Viriatus with just the external surface, firewall, and GRC modules.

Where does my data stay?

Viriatus runs on controlled infrastructure — either on CyberS3C's infrastructure (accessed via VPN) or on your own. In both cases, data stays in European territory and is never shared with third parties.

What's the difference between Essencial and Enterprise?

Essencial covers external surface and vulnerabilities (up to 50 assets). Avancado adds internal surface (XDR/EDR) and incidents (up to 100 assets). Enterprise includes everything: firewall, full GRC, AI vCISO, and Monte Carlo, with unlimited assets.

Does the vCISO use my data to train AI models?

No. The vCISO uses RAG (Retrieval-Augmented Generation) — your data is searched and included in the query context, but never used to train models. The AI engine runs locally on controlled infrastructure and does not retain data.

Do you support NIS2?

Yes. Viriatus has the complete CNCS notification workflow for NIS2 built into incident management, with automatic deadline calculation, 4 notification phases, and status tracking.

How does deployment work?

Viriatus can run on CyberS3C's infrastructure (with VPN access) or be deployed on your own infrastructure. We use Docker + PM2 + Nginx. Typical setup takes less than one hour.

Which firewall integrations are supported?

Viriatus integrates with firewalls from any vendor, including Palo Alto, Fortinet, Check Point, Cisco, pfSense and Sophos XG, through log ingestion and APIs.

360°

Ready to know your entire attack surface?

Request a demo and see how Viriatus can unify your organization's security management.

Request Free Demo Talk to Sales

Setup in under 1 hour · CyberS3C or your own infrastructure · Data in the EU