Book Demo
AI Powered Full Stack Cyber Resilience
IDENTIFY · Cyber Assets · Workforce Risk ASSESS · Security Checklist · VAPT · Third Party · Financial Impact MITIGATE · Security Products · Security Findings · Security Awareness · Cyber Force MONITOR · SOC 24/7 · Alert Center · Brand Intelligence AI POWERED FULL STACK CYBER RESILIENCE · by Mitigata INDIA-FIRST · RBI CSCRF · SEBI Cybersecurity · DPDP Act 2023 · IRDAI · CERT-In IDENTIFY · Cyber Assets · Workforce Risk ASSESS · Security Checklist · VAPT · Third Party · Financial Impact MITIGATE · Security Products · Security Findings · Security Awareness · Cyber Force MONITOR · SOC 24/7 · Alert Center · Brand Intelligence INDIA-FIRST · RBI CSCRF · SEBI Cybersecurity · DPDP Act 2023 · IRDAI · CERT-In
Gordon Console — by Mitigata

See Everything. Protect Everything.

India's AI-powered cyber resilience platform. Unifying SOC monitoring, VAPT, brand intelligence, dark web monitoring, GRC compliance, and cyber insurance — all in one console built for enterprises.

Gordon Console
LIVE
acme.in
acme.in
Overview
Gordon AI
Dashboard
Identify
Cyber Assets
Workforce Risk
Assess
Security Checklist
VAPT
Third Party
Financial Impact
Mitigate
Security Products
Security Awareness
Monitor
SOC Monitoring
Alert Center
Brand Intelligence
Security Overview
acme.in · Last updated just now
75
Risk Score
C · High
7
Critical Issues
49
Findings
34
Assets
11
Data Leaks
8
Notifications
Recent Security Alerts
View all ›
High
Unauthorised Access Through Gainsight Integrations
high
Critical
Critical FortiWeb Path Traversal Vulnerability
critical
High
Final Windows 10 Security Update Released
high
High
Cybersecurity Advisory: BitLocker COM Hijacking
high
High
LAPSUS$ Hires Employees for Corporate Access
high
Security Posture
WAF
⚠ Not Detected
DMARC
⊘ Not Set
SPF
✓ Configured
Dark Web Monitor
✓ Configured
Scan Status
↑ COMPLETED
Issue Categories
View all ›
Asset CVE35
weak_components5
misconfiguration4
generic_cve3
gain_information1
Asset Distribution
View all ›
10
Domains
19
IP Addresses
5
Mobile Apps
0
Employees
Security Checklist
10/60
Table Top Exercises
0/1 steps
Implement Third Party IAM
0/1 steps
Email Gateway Solution
0/1 steps
SOC Monitoring
24/7 threat detection · CERT-In compliant
ACTIVE
3
Critical
8
High
247
Resolved
--:--
Live Time
Live Alert Feed
STREAMING
Brand Intelligence
Dark web · Typosquatting · Social impersonation
Threat Radar
Active Incidents
View all ›
TYPOSQUAT
mitigata-secure.com — Live phishing domain
Registered 2h ago · Hosting active
DARK WEB
Credentials dump — 2,847 employee records
Found on BreachForums · 3h ago
SOCIAL
Fake LinkedIn — CEO impersonation profile
1.2k followers · Active since yesterday
VAPT
Vulnerability Assessment & Penetration Testing
SCANNING
4
Critical
11
High
23
Medium
41
Low
Findings
CRITSQL Injection — /api/v2/users endpoint9.8
Unsanitised user input passed directly to SQL query. Allows full database read/write. Immediate fix: parameterised queries + WAF rule.
CRITRCE via Java deserialization — payment.svc9.3
Java deserialization gadget chain exploitable for remote code execution on the payment microservice container.
CRITBroken authentication — admin panel exposed9.1
Admin panel accessible without MFA. Session tokens not invalidated on logout. Brute-force protection absent.
HIGHSSRF in webhook processor7.9
Webhook URL parameter allows internal network scanning. AWS metadata endpoint accessible via SSRF.
HIGHInsecure direct object reference — /api/orders7.5
Order IDs are sequential integers. Any authenticated user can access other users' orders by incrementing the ID.
MEDWildcard CORS — allows all origins6.1
Access-Control-Allow-Origin: * on authenticated endpoints enables cross-site request forgery from any domain.
MEDMissing security headers — CSP, HSTS5.4
Content-Security-Policy and Strict-Transport-Security headers absent. Increases XSS and downgrade attack surface.
Workforce Risk
Employee cyber risk scoring · Behavioural signals
Department Risk Heatmap
Employee Risk Scores
View all ›
EmployeeDeptScoreRiskTop Signal
Rahul KumarFinance87HIGH3 phishing clicks
Sneha JoshiSales74MEDShared credentials
Priya SharmaHR61MEDWeak password, no MFA
Arjun MehtaEngineering22LOWClean record
Risk Signals
Security Awareness
Phishing simulations · Training completion · Leaderboard
Finance Dept
34%
Sales Dept
22%
Engineering
8%
Q1 Phishing Simulation
88%
Password Hygiene
72%
Social Engineering
45%
Data Handling
91%
#1
Arjun Mehta · Engineering
Score: 98
#2
Kavya Nair · Legal
Score: 95
#3
Rohan Verma · IT
Score: 91
#4
Priya Sharma · HR
Score: 78
Gordon AI
AI-powered security recommendations
AI Insights
Priority Action: 3 critical vulnerabilities in payment.svc require immediate patching. Estimated breach probability: 78% within 30 days if unaddressed.
Anomaly Detected: Rahul Kumar (Finance) accessed 847 files outside business hours. Possible insider threat or compromised credentials.
Compliance Gap: DMARC not configured. 12 phishing emails spoofing your domain detected this week. Fix estimated: 2 hours.
Cyber Assets
10 Domains · 19 IPs · 5 Mobile Apps
Asset Inventory
10
Domains
19
IP Addresses
5
Mobile Apps
48
Subdomains
Security Checklist
10/60 controls implemented · 17% complete
Identity & Access
78
MFA enforced for all admin accounts
SSO configured for SaaS tools
!
Privileged access review overdue
Third-party IAM not implemented
Endpoint Security
45
EDR deployed on 80% of endpoints
Mobile device management absent
Patch management policy missing
Network Security
62
Firewall rules reviewed quarterly
!
WAF not configured on main domain
Network segmentation incomplete
Third Party Risk
Vendor security posture monitoring
Vendor Risk Scores
AWS (Cloud Infrastructure)
92LOW
Salesforce (CRM)
85LOW
Razorpay (Payments)
71MED
Gainsight (CS Platform)
43HIGH
Freshdesk (Support)
67MED
Financial Impact
Quantify cyber risk in ₹ terms
Without Gordon
₹4.2 Cr
Avg. loss exposure
With Gordon
₹0.8 Cr
↓ 81% reduction
Security Products
Recommended security tools for your stack
Recommended Stack
WAF
Cloudflare WAF — Web Application Firewall
Addresses 3 open findings · ~₹8,000/mo
EDR
CrowdStrike Falcon — Endpoint Detection
Covers 45 unprotected endpoints
IAM
Okta — Identity & Access Management
Resolves Third-Party IAM gap
Alert Center
All security alerts across modules
All Alerts
LIVE
01
MONITOR · SOC

Your 24/7 SOC.
Without the headcount.

Gordon's SOC module combines AI-powered alert triage with expert human analysts — eliminating 90% of false positives before they reach your team, and escalating only what truly matters.

AI-powered alert triage — 90% false positive reduction, prioritised by business impact
Kill-chain reconstruction — full forensic evidence with MITRE ATT&CK mapping
Automated response playbooks — isolate, contain, and remediate without manual intervention
CERT-In compliance — 6-hour incident reporting, automated evidence packaging
Explore SOC Monitoring
SOC Monitoring — Threat Timeline
ACTIVE
3
Critical
8
High
247
Resolved
--:--
Live
02
IDENTIFY · WORKFORCE

Score every employee's
cyber risk. Automatically.

Gordon continuously scores every employee from 0–100 based on real behaviour signals — phishing clicks, credential reuse, off-hours access, data exfiltration patterns — and surfaces the highest-risk individuals before incidents occur.

Per-employee risk score (0–100) — updated continuously from real behaviour signals
Behavioural anomaly detection — unusual access patterns, off-hours logins, data exfiltration signals
Department-level heatmaps — identify high-risk teams before incidents occur
HRMS integration — syncs with Darwinbox, Keka, SAP SuccessFactors automatically
Explore Workforce Risk
Workforce Risk — Employee Risk Map
LIVE
EmployeeDeptScoreRiskTop Signal
Rahul KumarFinance87HIGH3 phishing clicks
Sneha JoshiSales74MEDShared credentials
Priya SharmaHR61MEDWeak password, no MFA
Arjun MehtaEngineering22LOWClean record
Risk Signals
03
ASSESS · VAPT

Find vulnerabilities
before attackers do.

Continuous automated scanning combined with CERT-In empanelled expert testers — covering web apps, APIs, networks, cloud infrastructure, and mobile apps. CVSS-scored findings with PoC-backed reports.

Continuous automated scanning — new vulnerabilities detected within hours of disclosure
CERT-In empanelled testers — expert pentests with full PoC exploitation and remediation guidance
Full coverage — web apps, APIs, networks, cloud (AWS/Azure/GCP), mobile (iOS/Android)
Remediation tracking — assign, track, and verify fixes with developer-friendly tickets
Explore VAPT
VAPT — Vulnerability Findings
SCANNING
CRITSQL Injection — /api/v2/users endpoint9.8
Unsanitised user input passed directly to SQL query. Allows full database read/write. Immediate fix: parameterised queries + WAF rule.
CRITRCE via Java deserialization — payment.svc9.3
Java deserialization gadget chain exploitable for remote code execution on the payment microservice.
CRITBroken authentication — admin panel exposed9.1
Admin panel accessible without MFA. Session tokens not invalidated on logout.
HIGHSSRF in webhook processor7.9
Webhook URL parameter allows internal network scanning. AWS metadata endpoint accessible.
HIGHInsecure direct object reference — /api/orders7.5
Order IDs are sequential integers. Any authenticated user can access other users' orders.
MEDWildcard CORS — allows all origins6.1
Access-Control-Allow-Origin: * on authenticated endpoints enables CSRF from any domain.
MEDMissing security headers — CSP, HSTS5.4
Content-Security-Policy and Strict-Transport-Security headers absent.
04
ASSESS · THIRD PARTY

Your vendors are
your attack surface too.

Gordon continuously monitors the security posture of every vendor in your supply chain — scoring them on 200+ signals including CVEs, misconfigurations, dark web exposure, and compliance gaps.

200+ security signals — CVEs, open ports, SSL issues, dark web exposure, compliance
Automated questionnaires — VSAQ, SIG Lite, custom frameworks sent and tracked automatically
Real-time breach alerts — notified within hours if any vendor is compromised
Explore Third Party Risk
Third Party Risk — Vendor Network
MONITORING
AWS (Cloud Infrastructure)
92LOW
Razorpay (Payments)
71MED
Gainsight (CS Platform)
43HIGH
Freshdesk (Support)
67MED
05
MONITOR · BRAND

Protect your brand
across the entire internet.

Gordon monitors the dark web, typosquatting domains, social media, paste sites, and app stores — detecting impersonation, credential leaks, and brand abuse before they damage your customers or reputation.

Dark web monitoring — credentials, PII, and source code leaks detected in real time
Typosquatting detection — 500+ domain permutations monitored continuously
Automated takedowns — one-click takedown requests for phishing domains and fake profiles
Explore Brand Intelligence
Brand Intelligence — Threat Radar
SCANNING
TYPOSQUATmitigata-secure.com — Live phishing domain2h ago
DARK WEBCredentials dump — 2,847 records3h ago
SOCIALFake LinkedIn — CEO impersonation1d ago
06
MITIGATE · AWARENESS

Turn your employees
into a security asset.

Gordon runs automated phishing simulations, micro-learning campaigns, and gamified training — tracking completion, click rates, and improvement over time. Fully localised for Indian enterprises.

Automated phishing simulations — 50+ templates, department-targeted, zero setup
Micro-learning modules — 5-minute lessons triggered by risk events, available in Hindi and English
Compliance-ready reporting — SEBI, RBI, IRDAI training completion reports auto-generated
Explore Security Awareness
Security Awareness — Training Dashboard
ACTIVE
Finance Dept
34%
Sales Dept
22%
Engineering
8%
Q1 Phishing Sim
88%
Password Hygiene
72%
Social Engineering
45%
#1
Arjun Mehta · Engineering
98
#2
Kavya Nair · Legal
95
#3
Rohan Verma · IT
91
07
ASSESS · FINANCIAL

Quantify cyber risk
in rupees, not ratings.

Gordon's financial impact module translates technical vulnerabilities into board-ready financial exposure estimates — using FAIR methodology calibrated for Indian regulatory and business context.

FAIR-based quantification — probabilistic loss modelling for ransomware, breach, BEC, supply chain
Before/after Gordon comparison — shows exact ROI of each security investment in ₹ terms
Board-ready reports — one-click export to PDF with executive summary and risk heat map
Explore Financial Impact
Financial Impact — Scenario Analysis
MODELLING
Without Gordon
₹4.2 Cr
Avg. loss exposure
With Gordon
₹0.8 Cr
↓ 81% reduction
08
ASSESS · CHECKLIST

Know exactly where
your gaps are.

Gordon's Security Checklist maps your controls against RBI CSCRF, SEBI Cybersecurity Framework, DPDP Act 2023, and CERT-In guidelines — giving you a real-time compliance score with prioritised remediation steps.

India-specific frameworks — RBI CSCRF, SEBI, IRDAI, DPDP Act, CERT-In built-in
Auto-evidence collection — Gordon pulls evidence from connected tools, no manual uploads
Audit-ready exports — one-click compliance reports for regulators and auditors
Explore Security Checklist
Security Checklist — Domain Scores
LIVE
Identity & Access
78
MFA enforced for all admin accounts
SSO configured for SaaS tools
!
Privileged access review overdue
Third-party IAM not implemented
Endpoint Security
45
EDR deployed on 80% of endpoints
Mobile device management absent
Patch management policy missing
Network Security
62
Firewall rules reviewed quarterly
!
WAF not configured on main domain
Network segmentation incomplete
Data Protection
88
Data classification policy in place
Encryption at rest and in transit
DLP solution deployed
09
MITIGATE · INSURANCE

Transfer the residual risk.
Get the right cover.

Gordon analyses your risk posture and matches you with the optimal cyber insurance policy from India's leading insurers — with live premium estimates, coverage gap analysis, and claims support.

Live premium calculator — instant estimates from ICICI Lombard, HDFC Ergo, Bajaj Allianz, and more
Risk-adjusted pricing — Gordon's security score directly reduces your premium by up to 40%
Claims support — Gordon provides forensic evidence packages for faster claims settlement
Explore Cyber Insurance
Cyber Insurance — Coverage Overview
INCLUDED
Cyber Insurance is included in every Gordon plan
Coverage Gap Analysis
Identify what your current policy doesn't cover before a claim occurs.
Posture-Linked Pricing
Better Gordon security score = lower insurance premium. Up to 40% discount.
Claims Support
Gordon SOC team provides forensic evidence packages for faster claims settlement.
Top Insurer Network
Compare policies from ICICI Lombard, HDFC Ergo, Tata AIG, and more.
Why Gordon Console

Gordon vs. the alternatives

CapabilityGordon ConsolePoint SolutionsIn-house SOC
Unified platform (single pane)~
India-specific compliance (RBI, SEBI, DPDP)~
SOC + VAPT + Brand + Workforce in one tool
Financial impact quantification (₹)
Cyber insurance integration
Setup timeHoursWeeks–months6–12 months
Annual cost (SME)$1,787/mo$5K–$20K/mo (combined)$50K–$200K/yr
CERT-In empanelled~~
Pricing

Full-Stack Cyber Resilience, Powered by AI.

Choose the plan that fits your team. Upgrade or cancel anytime.

Monthly
Annual SAVE VS MONTHLY
Free
$0
15-day trial
 

Explore the platform with limited access. No credit card required.

Get Started
Most Popular
Startup
$17,875
/yr
Save ~$3,569 vs monthly

For growing companies up to 100 employees. Core security, GRC, and insurance in one platform.

Start Free Trial
Mid-Market
$33,820
/yr
Save ~$6,764 vs monthly

For companies with 100–500 employees. Expanded limits across all modules.

Start Free Trial
Enterprise
$66,070
/yr
Save ~$13,214 vs monthly

For large enterprises 500+ employees. Unlimited scale, dedicated support, and custom SLAs.

Talk to Sales
Included Not available limit = Usage limit
Features Free Startup
$1,787/mo		 Mid-Market
$3,382/mo		 Enterprise
$6,607/mo
Attack Surface Monitoring12 scans/year
Monitored Assets (Domains, IPs, Mobile Apps)1 asset3 assets10 assets
Exposed subdomains & open ports
SSL/TLS certificate health
DNS anomalies & misconfigurations
Web technology fingerprinting
CVE & vulnerability scoring
Continuous monitoring & alerts
SOC Monitoring24/7
Monitored EndpointsUpto 100Upto 500Upto 2,000
AI-powered alert triage
Kill-chain reconstruction (MITRE ATT&CK)
Automated response playbooks
CERT-In 6-hour incident reporting
Threat intelligence (IOCs, Campaigns)10 threats, 5 IOCs50 threats, 20 IOCsUnlimited
Workforce Risk & Security Awareness
Monitored EmployeesUpto 100Upto 500Upto 2,000
Email phishing simulation
Custom phishing templates
Security awareness training + LMS
Dark Web Monitoring
Monitored Keywords (brand, legal name, vendors)1 keyword1 keyword5 keywords
Tor forums, paste sites, Telegram channels
Breach databases & data dumps
Ransomware & APT group monitoring
Cloud Security & Billing Monitoring
Cloud Instances Monitored1 instance2 instances5 instances
Misconfiguration detection (CIS 572 benchmark)
IAM & privilege escalation checks
S3 / Blob public exposure alerts
Cloud billing tracking & optimisation
GRC & ComplianceAudit charges extra
Compliance Frameworks2 frameworks4 frameworks5 frameworks
Automated control mapping
AI gap assessment & remediation tasks
Policy & procedure auto-generation
Risk register automation
AI-based internal audit & audit-ready reports
Trust center
Third Party Risk Management (TPRM)
Vendors Monitored100 vendors250 vendors1,000 vendors
AI security questionnaire dispatch & scoring
Continuous external surface scan
Breach & dark web alerts for vendor
Risk rating (A–F) with trend
Gordon AI
AI Credits / Tokens500 credits1,000 credits1,000 credits
Auto-generated risk narratives
One-click remediation playbooks
Executive summary generation
AI-assisted questionnaire filling (CRQ)
Threat intelligence summaries
Brand Intelligence & Takedowns
Brand Assets Monitored1 asset, 20 keywords3 assets, 60 keywords5 assets, 100 keywords
Fake domain / phishing page / typosquat monitoring
Reverse imaging / logo detection
Social media & counterfeit listing monitoring
Takedowns (Rogue app, DMCA, Phishing pages)25 takedowns100 takedowns125 takedowns
Consent Manager (DPDPA)
Unique Consents (website / mobile app users)25K consents100K consents500K consents
Granular consent collection & withdrawal
15+ platform integrations
22 Indian language translation (DPDPA Art. 18)
Cookie scanner, data deletion & grievance requests
Google Consent Mode V2 support

All plans include a 15-day free trial — no credit card required.