Skip to main content


Attack Surface Discovery
  • Automated discovery of digital assets.
  • Eliminate false positives.
  • Monitor for changes.
Security Ratings
  • Organisation security ratings.
  • Domain security ratings.
  • Benchmarking.
Attack Surface Reduction
  • Exposed domains.
  • Functionality Vs Risk.


  • Breaches.
  • Vulnerabilities.
  • Misconfigurations.
  • Remediation workflows.
  • Organisation risk matrix.
  • Risk impact ratings.
Enquiries and Improvements
  • Live enquiries tool.
  • Access to expert analysts.
  • Track organisation and domain scores.


Reporting and Benchmarking
  • C-Suite reporting.
  • Alerts and Automated reports.
  • Custom competitor analysis.
  • Client and Supply Chain Risk.
  • Due Diligence.
  • APIs.
  • Accounts and permissions.
  • Historical scores.
  • Account security.
Speak with our experts

Speak with   
an Expert

Manage your attack surface

Gain visibility over your attack surface with accurate, automated attack surface discovery, actionable security ratings and like-for-like peer comparison.

Attack surface discovery

Automated discovery of digital assets

Orbit Cyber Risk’s powerful Machine-Learning algorithm accurately and automatically discovers your public-facing IT infrastructure.

  • ML algorithm automates the discovery process
  • Continuously monitors for domains added or taken offline
  • Identifies absolute global exposure, not just infrastructure managed by local IT team.
  • Pinpoint’s location of digital assets globally
  • Minimal manual intervention required
  • Highly accurate for identifying each of your underlying domains
  • Robust, absolute methodology, not liable to user manipulation
Eliminate false positives

Attack surface discovery module is designed to eliminate false positives, accurately identifying the digital assets an organisation manages and is exposed to.

  • Automatically monitors for new domains
  • Alerts users when changes occur
  • Updated continuously
Monitor for changes

Instantly identify when domains are added or removed from your network.

  • Organisation security rating from 0-1000
  • Analyses 10,000+ data points across six risk categories
  • Identifies breaches, vulnerabilities and misconfigurations across your attack surface
  • Updated continuously

Security Ratings

Organisation security ratings

Orbit Cyber Risk ratings provide continuous, objective analysis of your network. Our security ratings are based on Thomas Murray’s proprietary methodology, as well as analysis of open-sources and high-quality third-party data feeds.

  • Security ratings for every underlying digital asset, from 0-1000
  • Drill into underlying risks, prioritised by impact
  • Access detailed explanations and remediation advice

Orbit Cyber Risk benchmarks your organisation against its peers, giving absolute security ratings a real-world perspective.

  • Visualise every exposed digital asset in your network and identify which domains do not need to be publicly exposed
  • Identify services with known vulnerabilities
  • Take action to reduce your attack surface

Attack Surface Reduction

Exposed domains

View all your domains and sub-domains exposed to the internet and reduce the size of your attack surface.

  • Understand known risks associated with desired functionality
  • Take steps to mitigate risk while delivering on company priorities
Functionality Vs Risk

Empower your team to decide what level of risk they are willing to accept in order to deliver the required functionality

Remediate Risks and Build Security

Understand the risks that can affect your organisation and its underlying domains and build resilience with remediation workflows and access to expert security analysts.



Discover breaches in your network to prevent attacks which could lead to data loss, operational disruption, financial loss or reputational damage.

  • Continuously monitor for infrastructure breaches including Malware, Phishing or Port Scanning
  • Identify when data breaches have occurred, such as employee email addresses and passwords
  • Take action to prevent attacks and build resilience

Discover vulnerabilities running on your domains that could be exploited by malicious actors

  • Identify publicly accessible services with known vulnerabilities that do not need to be exposed
  • Scan for c.10,000 known issues and vulnerabilities
  • Each vulnerability has an impact rating, helping you determine its criticality

Continuous information about misconfigurations observed in your network, allowing you to remediation potential operational and security issues.

  • Check for misconfigurations in your network such as issues in your DNS setup, TLS or HTTPS configuration.
  • Protect your security, performance, and reputation
  • Each misconfiguration has an impact rating, helping you determine its criticality


Remediation workflows

Make your remediation simple and smart with impact ratings, risk tips and information, as well as rapid query responses.

  • Scan for c.10,000 known issues and vulnerabilities
  • Identify known vulnerabilities that do not need to be exposed
  • Every risk is given an explanation and impact rating
  • Both granular and high-level queries get rapid responses by our analysts
Organisation risk impact matrx

See your organisation-wide risk profile, where key risks are concentrated and which to prioritise.

  • View the risk impact of every breach, vulnerability and other risk in your network
  • See how each domain is exposed, and how to mitigate every risk
Risk impact by domain

Within every domain, see which risks are high, medium and low impact, to prioritise remediation and build resilience.

  • Scan for c.10,000 known issues and vulnerabilities
  • Identify known vulnerabilities that do not need to be exposed
  • Every risk is given an explanation and impact rating
  • Both granular and high-level queries get rapid responses by our analysts

Enquiries and Improvements

Live enquiries tool

Make your remediation simple and smart with impact ratings, risk tips and information, as well as rapid query responses.

  • All queries responded to by expert analysts
  • Query anything from risk impact to remediation tips and likely score improvements
  • Reduce your attack surface with help of industry experts
  • Chart score changes over time
  • See the impact of remediations in real time
  • Demonstrate to management the impact of their investment
Access to expert analysts

Access our team of expert cyber security analysts for remediation advice, risk quantification and any other queries.

Track organisation and domain scores

See how your organisation score changes over time, as well as every underlying domain.


Get alerts directly to your inbox, create tailored competitor benchmarks, and report with confidence to management in language they understand. Escalate your monitoring with due diligence, supply chain risk analysis and data integration.

Reporting and benchmarking

Executive reporting

Access tailored management reporting suite for boards, regulators, risk and compliance and IT Security

  • Reporting with scores, history, benchmarks and underlying risks
  • Filter based on multiple categories
  • Generate customised reporting
  • Export to PDF
Email Notifications

Get real-time alerts and reporting directly to your inbox, with custom triggers and recipients.

  • Default notifications when score drops or new risks arise
  • Set custom notifications to ensure oversight at all times
  • Customise audience, risk triggers and timing
  • Set regular, bespoke reports summarising risks
Custom Competitor Analysis

Create custom benchmark of direct peers and competitors

  • Default benchmarks against peers and ‘Global’ universe of companies
  • Custom peer analysis can include named competitors
  • Provide management with comparative, as well as absolute, cyber risk performance in language they understand


Client and Supply Chain Risk

Escalate your monitoring programme at any time to gain visibility over your clients and supply chain

  • Easily upgrade your account to monitor any number of third parties
  • Priced to allow you to monitor all companies in scope, not just key service providers
  • Satisfy management that you are actively monitoring supply chain cyber risk
Due Diligence

Build a robust third-party cyber risk management programme with IT Security questionnaires and integrated reporting via risk dashboards

  • Issue questionnaires at scale and analyse responses on our bank-grade platform
  • Library of standard questionnaires, as well as fully custom templates
  • Automated scoring and reporting
  • Achieve best-in-class third-party cyber risk management
APIs and Data Feeds

Access information via APIs, or integrate external data feeds into your Thomas Murray account

  • Get real-time information, security ratings and remediation steps via our API
  • Integrate existing risk feeds into Thomas Murray’s platform
  • Integrate your risk analysis into a single platform for ease of use and holistic oversight

Oversight and operations

Accounts and permissions

Share access with InfoSec and management colleagues across departments and offices.

  • Provide access to colleagues in your team and across departments
  • Allocate permissions and track account usage
  • Add or remove users easily
Historical performance

See your organisation’s security performance at any point in history

  • View your full analysis from any historical point in time
  • See how remediations have impacted risk profile over time
  • Demonstrate reduced attack surface to management
  • Report on any previous point in time
Account Security

Ensure account and data security with permissions, sensitive data redaction and robust platform security

  • Manage SSO permissions with other Thomas Murray platforms and products
  • Breached sensitive data is redacted and carefully managed
  • Thomas Murray’s platform and staff adhere to the highest security standard
have any bg image

Have any questions?

Contact an expert

Robert Smith

Robert Smith

Head of SaaS Sales and Customer Success 

Derek Duggan

Derek Duggan

Managing Director | Banks