FAQs

No. PortWarden is automated exposure monitoring and guidance. It helps you find and reduce obvious risk continuously. A full penetration test involves human-led validation and exploitation and is a separate service.

Small and medium sized businesses, startups, and lean IT teams that need fast visibility into internet exposure without installing and maintaining a toolchain or scheduling sales calls.

Pricing is per monitored public internet protocol (IP) address. If multiple domains point to the same public IP address, that’s typically still one monitored IP address.

No. You must own or be explicitly authorized to monitor and scan the assets you add. PortWarden may require verification of control (for example, via domain validation) and may suspend accounts that appear to scan unauthorized targets.

We run scheduled scans and change detection. Exact frequency depends on your plan and configuration. The point is consistent monitoring so you catch exposure drift quickly.

Common examples include unexpected open ports, exposed administrative interfaces, weak or misconfigured transport layer security (TLS), risky services made public by mistake, and vulnerability signals associated with exposed software.

Yes. We use service-aware interpretation and proprietary artificial intelligence (AI) analysis to correlate findings to what’s actually running, so reports are less noisy than generic “one size fits all” assumptions.

Compound Risk Analysis is how we connect findings into likely attacker paths—how a weak, exposed service can be used to pivot toward higher-value systems or data—so you can fix what reduces real risk first.

It lets you ask questions about your report in plain English: why something is risky, which remediation is best, what configuration changes to apply, and how to validate fixes. It’s designed to shrink the time between “finding” and “fixed.”

PortWarden provides guidance, not hands-on administration. Your team (or your trusted IT provider) makes the changes. After remediation, you can retest to confirm risk reduction.

Yes. Monitoring is continuous, and after you change configurations you can re-run scans to verify that exposure changed the way you intended.

We aim to scan responsibly, but any security scanning can add load or trigger defensive controls. You control the assets you monitor and can adjust schedules. If you operate fragile or rate-limited systems, tell us and we’ll tune accordingly.

PortWarden is focused on internet exposure. Some plans may include internal network scanning capabilities depending on your environment and setup. If you need internal scanning, contact us to confirm fit.

You’ll receive alerts when exposure changes (for example, new ports or services appear) and when new findings are detected. Alert frequency and recipients can be configured.

Some plans include developer integrations such as an application programming interface (API), webhooks, and exports (for example, comma-separated values (CSV)). See Pricing for details.

We minimize collection and retain data only as long as needed to operate the Service and provide useful history. See our Privacy Policy and Data Retention Policy for details.

We do not sell customer data. We may share limited data with infrastructure providers needed to run the Service, and we may disclose information when required by valid legal process.

Yes. You can cancel monitoring. If you need help with billing or exporting reports before cancellation, contact support.

We operate across the Americas and support English now. Spanish-language outputs are available on request and are expanding. If you need Spanish reports for your team, contact us and we’ll confirm what’s available for your plan.