Gordon runs Comprehensive Security Checks — automated assessment across all key security domains: Identity & Access, Endpoint Security, Network Security, Data Protection, Incident Response, Backup & Recovery, Cloud Security, and Security Awareness. Each check is scored and benchmarked against industry standards.
Every check is mapped to NIST CSF, ISO 27001, CIS Controls, and Indian regulatory frameworks (RBI IT, SEBI, IRDAI, DPDP Act). See exactly which framework controls you pass, fail, or partially meet — with evidence for auditors.
Failed checks are ranked by risk impact and remediation effort — so you always know what to fix first. Each remediation item includes step-by-step instructions, estimated effort in hours, and the risk reduction value of fixing it.
Gordon re-runs the assessment automatically every 30 days — tracking your security score over time, alerting you when scores drop, and showing the improvement trend as you remediate issues. Your security posture is never stale.
Generate board-ready security posture reports and audit-ready evidence packs in one click. Reports include your overall security score, domain-by-domain breakdown, trend over time, and comparison against industry peers in your sector.
See how your security score compares to other organisations in your industry, revenue band, and geography. Understand whether you are above or below the median for your sector — and what the top-quartile organisations do differently.
Gordon integrates with your Microsoft 365, Google Workspace, AWS, Azure, and GCP environments via read-only API connections. No agents to install, no firewall changes required. Setup takes under 30 minutes.
Gordon automatically runs all 60 checks against your connected environment — checking MFA status, patch levels, backup configurations, encryption settings, access controls, and more. No manual questionnaires to fill in.
Results are scored on a 0–100 scale across 8 domains. Your overall security score is benchmarked against industry peers, regulatory requirements, and best practice frameworks. You receive a full report within 24 hours of connecting.
Work through the prioritised remediation roadmap. Gordon automatically detects when you fix an issue and updates your score in real time. Track your security improvement journey with month-over-month trend charts.
A payment gateway company had an RBI IT framework audit in 90 days. Their CISO had no clear picture of their current compliance posture and was worried about failing the audit.
Gordon's assessment revealed 23 gaps against RBI IT framework requirements. The prioritised remediation roadmap helped them fix all critical gaps in 60 days. They passed the RBI audit on their first attempt with no major observations.
A ₹800Cr manufacturing company had never formally assessed their security posture. After a competitor suffered a ransomware attack, their board demanded a security report within 30 days.
Initial score: 34/100. Gordon identified 31 gaps, with MFA and patch management as the top priorities. After 6 months of working through the remediation roadmap, their score reached 78/100 — above the industry median of 62.
A healthcare technology company needed ISO 27001 certification to win enterprise contracts. They had no idea how far they were from certification requirements or how long it would take.
Gordon's ISO 27001 gap assessment identified 47 control gaps. The prioritised roadmap helped them achieve certification in 8 months — 4 months faster than the industry average. The certification helped them close 3 enterprise deals worth ₹12Cr.
Choose the plan that fits your team. Upgrade or cancel anytime.
For growing companies up to 100 employees. Core security, GRC, and insurance in one platform.
Start Free TrialFor companies with 100–500 employees. Expanded limits across all modules.
Start Free TrialFor large enterprises 500+ employees. Unlimited scale, dedicated support, and custom SLAs.
Talk to Sales| Features | Free | Startup $1,787/mo |
Mid-Market $3,382/mo |
Enterprise $6,607/mo |
|---|---|---|---|---|
| ▶Attack Surface Monitoring12 scans/year | ||||
| Monitored Assets (Domains, IPs, Mobile Apps) | — | 1 asset | 3 assets | 10 assets |
| Exposed subdomains & open ports | — | ✓ | ✓ | ✓ |
| SSL/TLS certificate health | — | ✓ | ✓ | ✓ |
| DNS anomalies & misconfigurations | — | ✓ | ✓ | ✓ |
| Web technology fingerprinting | — | ✓ | ✓ | ✓ |
| CVE & vulnerability scoring | — | ✓ | ✓ | ✓ |
| Continuous monitoring & alerts | — | ✓ | ✓ | ✓ |
| ▶SOC Monitoring24/7 | ||||
| Monitored Endpoints | — | Upto 100 | Upto 500 | Upto 2,000 |
| AI-powered alert triage | — | ✓ | ✓ | ✓ |
| Kill-chain reconstruction (MITRE ATT&CK) | — | ✓ | ✓ | ✓ |
| Automated response playbooks | — | ✓ | ✓ | ✓ |
| CERT-In 6-hour incident reporting | — | ✓ | ✓ | ✓ |
| Threat intelligence (IOCs, Campaigns) | — | 10 threats, 5 IOCs | 50 threats, 20 IOCs | Unlimited |
| ▶Workforce Risk & Security Awareness | ||||
| Monitored Employees | — | Upto 100 | Upto 500 | Upto 2,000 |
| Email phishing simulation | — | ✓ | ✓ | ✓ |
| Custom phishing templates | — | ✓ | ✓ | ✓ |
| Security awareness training + LMS | — | ✓ | ✓ | ✓ |
| ▶Dark Web Monitoring | ||||
| Monitored Keywords (brand, legal name, vendors) | — | 1 keyword | 1 keyword | 5 keywords |
| Tor forums, paste sites, Telegram channels | — | ✓ | ✓ | ✓ |
| Breach databases & data dumps | — | ✓ | ✓ | ✓ |
| Ransomware & APT group monitoring | — | ✓ | ✓ | ✓ |
| ▶Cloud Security & Billing Monitoring | ||||
| Cloud Instances Monitored | — | 1 instance | 2 instances | 5 instances |
| Misconfiguration detection (CIS 572 benchmark) | — | ✓ | ✓ | ✓ |
| IAM & privilege escalation checks | — | ✓ | ✓ | ✓ |
| S3 / Blob public exposure alerts | — | ✓ | ✓ | ✓ |
| Cloud billing tracking & optimisation | — | ✓ | ✓ | ✓ |
| ▶GRC & ComplianceAudit charges extra | ||||
| Compliance Frameworks | — | 2 frameworks | 4 frameworks | 5 frameworks |
| Automated control mapping | — | ✓ | ✓ | ✓ |
| AI gap assessment & remediation tasks | — | ✓ | ✓ | ✓ |
| Policy & procedure auto-generation | — | ✓ | ✓ | ✓ |
| Risk register automation | — | ✓ | ✓ | ✓ |
| AI-based internal audit & audit-ready reports | — | ✓ | ✓ | ✓ |
| Trust center | — | ✓ | ✓ | ✓ |
| ▶Third Party Risk Management (TPRM) | ||||
| Vendors Monitored | — | 100 vendors | 250 vendors | 1,000 vendors |
| AI security questionnaire dispatch & scoring | — | ✓ | ✓ | ✓ |
| Continuous external surface scan | — | ✓ | ✓ | ✓ |
| Breach & dark web alerts for vendor | — | ✓ | ✓ | ✓ |
| Risk rating (A–F) with trend | — | ✓ | ✓ | ✓ |
| ▶Gordon AI | ||||
| AI Credits / Tokens | — | 500 credits | 1,000 credits | 1,000 credits |
| Auto-generated risk narratives | — | ✓ | ✓ | ✓ |
| One-click remediation playbooks | — | ✓ | ✓ | ✓ |
| Executive summary generation | — | ✓ | ✓ | ✓ |
| AI-assisted questionnaire filling (CRQ) | — | ✓ | ✓ | ✓ |
| Threat intelligence summaries | — | ✓ | ✓ | ✓ |
| ▶Brand Intelligence & Takedowns | ||||
| Brand Assets Monitored | — | 1 asset, 20 keywords | 3 assets, 60 keywords | 5 assets, 100 keywords |
| Fake domain / phishing page / typosquat monitoring | — | ✓ | ✓ | ✓ |
| Reverse imaging / logo detection | — | ✓ | ✓ | ✓ |
| Social media & counterfeit listing monitoring | — | ✓ | ✓ | ✓ |
| Takedowns (Rogue app, DMCA, Phishing pages) | — | 25 takedowns | 100 takedowns | 125 takedowns |
| ▶Consent Manager (DPDPA) | ||||
| Unique Consents (website / mobile app users) | — | 25K consents | 100K consents | 500K consents |
| Granular consent collection & withdrawal | — | ✓ | ✓ | ✓ |
| 15+ platform integrations | — | ✓ | ✓ | ✓ |
| 22 Indian language translation (DPDPA Art. 18) | — | ✓ | ✓ | ✓ |
| Cookie scanner, data deletion & grievance requests | — | ✓ | ✓ | ✓ |
| Google Consent Mode V2 support | — | ✓ | ✓ | ✓ |
All plans include a 15-day free trial — no credit card required.
Run a free 60-point security assessment and get your score, gap analysis, and prioritised remediation roadmap — no agents, no consultants, no waiting weeks for results.
