Attack Surface Management and Phishing Simulation in Your Own Cloud

SAML 2.0 & OIDC SSO

Okta, Microsoft Entra ID, Google Workspace, OneLogin, JumpCloud, Auth0, and any standards-compliant IdP. Single sign-on means your analysts and security team use their corporate credentials — no password to manage, no shared account, full audit trail tied to real identities.

SCIM 2.0 Auto-Provisioning

Okta, Entra ID, Google Workspace, and any RFC 7644-compliant IdP. Users created in your identity directory are automatically provisioned in HailBytes SAT. Users deactivated in the directory are automatically deprovisioned — no manual offboarding checklist item required.

Role-Based Access Control

Administrator, User, and Read-Only roles. Separate admin accounts from analyst accounts from read-only executive access. API tokens are scoped per user with last-used timestamps — the controls your auditors expect to see.

Per-Organization Isolation

Org-scoped data isolation is enforced at the model layer with user_id filtering on every query. If you run HailBytes SAT for multiple business units or subsidiaries, each unit's data is invisible to the others. No shared campaign templates, no shared results, no cross-org audit log leakage.

HailBytes ASM — External Exposure Evidence

North American frameworks (US Enterprise priority):

• SOC 2 CC7.x (system monitoring & vulnerability identification)
• NIST CSF 2.0 (Identify, Protect, Detect)
• HIPAA Security Rule (technical safeguards)
• GLBA Safeguards Rule (Section 314.4)
• PCI DSS 4.0 (Req. 11.3 external scans)
• FedRAMP Moderate (RA-5, CM-7, SI-2, SI-4)
• NYDFS 23 NYCRR Part 500 (500.5, 500.9)
• CIS Controls v8 IG1 & IG2

Latin American · Global:

• LGPD Art. 46 (Brazil) · BACEN, LFPDPPP, Argentina mappings published
• ISO/IEC 27001:2022 (A.8.8) · GDPR Art. 32

HailBytes SAT — Training & Simulation Evidence

North American frameworks (US Enterprise priority):

• SOC 2 Type II (security awareness controls)
• NIST CSF PR.AT (awareness and training)
• HIPAA Security Awareness (annual requirement)
• PCI-DSS Requirement 12.6 (security awareness training)
• GLBA training-and-awareness expectations

Global:

• ISO 27001 A.7.2.2 (information security awareness)
• Branded PDF training certificates per completion

Private offers carry negotiated terms

Multi-year commitments, negotiated pricing, and customer-specific terms route through AWS Marketplace and Azure Marketplace private offers. The marketplace contract layer sits alongside the standard HailBytes DPA; no separate direct master agreement is required for the data-protection terms. Marketplace charges count toward AWS Marketplace Annual Spend and Azure MACC commitments, so the purchase typically draws down existing committed spend rather than adding a new procurement vehicle.

International invoicing routes through the hyperscaler

For Brazilian customers, AWS Brasil (Amazon's CNPJ-registered Brazilian entity for AWS services) or Microsoft do Brasil acts as reseller of record. They invoice in BRL and issue the Brazilian Nota Fiscal Eletrônica; ICMS, ISS, PIS/COFINS, and import-of-services tax route through the hyperscaler's established Brasil compliance infrastructure. Equivalent local-entity invoicing applies in other countries the hyperscaler supports.

Professional services bundle two ways

Professional services and onboarding bundle into the ASM private offer, or can be purchased separately via the HailBytes Support Hub SaaS listing (Azure Marketplace today; AWS Marketplace listing in flight). For Brazilian customers buying via Azure, the Support Hub SaaS subscription invoices in BRL through the same Microsoft do Brasil pipeline as the ASM license.

Direct contracts remain available

Where customer procurement prefers a non-marketplace path, direct HailBytes LLC contracts execute under the standard export-of-services arrangement. For most international customers the marketplace path produces less friction on tax and FX, which is why we lead with it. For private-offer construction or DPA counter-signature, email [email protected].