Everything you need to know about our security services, platform, and products.
Security Services
Penetration testing (pentesting) is a simulated cyberattack performed by security professionals to identify vulnerabilities in your systems before real attackers do. It involves actively exploiting weaknesses in networks, applications, and infrastructure to assess security posture and provide remediation recommendations.
Vulnerability assessment identifies and catalogues potential security weaknesses through automated scanning. Penetration testing goes further by actively exploiting those vulnerabilities to demonstrate real-world attack impact. Think of vulnerability assessment as finding unlocked doors, while penetration testing actually opens them to see what's inside.
Penetration test duration depends on scope and complexity. A focused web application test typically takes 1-2 weeks. Comprehensive enterprise assessments covering networks, applications, and cloud infrastructure may require 3-4 weeks. We provide detailed timelines during scoping calls.
CISO-as-a-Service (vCISO) provides strategic security leadership without hiring a full-time Chief Information Security Officer. You get executive-level security guidance, risk management, compliance oversight, security program development, and board-level reporting at a fraction of the cost of a full-time CISO.
We assess cloud environments against CIS benchmarks and cloud provider best practices. Our cloud security services cover AWS, Azure, and GCP including IAM configuration reviews, network security assessment, data protection evaluation, logging and monitoring validation, and infrastructure-as-code security analysis.
Our security consultants hold industry-recognized certifications including OSCP, OSCE, OSWE, CISSP, CISM, AWS Security Specialty, and Azure Security Engineer. We maintain active certifications and continuously update skills through real-world engagements and research.
Yes, we provide comprehensive remediation support. After testing, you receive detailed reports with prioritized findings and specific remediation guidance. We offer follow-up consultations to clarify findings, retest after fixes are implemented, and can provide ongoing advisory support for complex remediations.
AI Agents
H2 Security AI Agents are specialized security assistants built from real engagement experience. Unlike generic chatbots, each agent contains structured knowledge files, skills, and methodologies from actual penetration tests, compliance audits, and security operations. They're tools for practitioners, not replacements.
ChatGPT is a general-purpose language model. H2 Agents are domain-specific tools loaded with curated security knowledge — 239 knowledge files across 7 agents. They contain real methodologies, checklists, threat models, and compliance mappings that general models don't have.
We offer 7 agents, each $199: Pentest Agent, MITRE Agent, CIS Agent, SOC Agent, SOC2 Agent, DevSecOps Agent, and GitSecOps Agent. Bundles available: Offensive Bundle ($349), Compliance Bundle ($499), Complete Bundle ($999, all 7 agents + priority support).
Platform & Scanner
H2 Scanner performs SAST, IAST, DAST, and WAF assessment with 974 rules across 15 programming languages. It detects secrets, vulnerabilities, misconfigurations, and dependency issues. Integrates into your CI/CD pipeline via GitHub Action. Plans from $49/month.
The H2 Scanner is part of the H2 Security Platform. Plans start at $49/month (Recon) for 10 scans/month, $149/month (Strike) for 50 scans, $299/month (Arsenal) for unlimited scans, and $599/month (Fortress) for enterprise needs with dedicated support.
The Dome is H2's multi-layer edge security platform. It provides WAF protection, Cilium/eBPF-powered east-west traffic control, lateral movement reduction, and runtime visibility. Available in Edge, Mesh, and Complete tiers.
Compliance
SOC2 is a framework for managing customer data based on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy. H2 helps organizations prepare for SOC2 audits through gap analysis, policy development, and continuous monitoring.
CIS Benchmarks are consensus-based configuration guidelines for securing operating systems, cloud platforms, and applications. H2's CIS Agent maps your environment against these benchmarks and provides remediation guidance for AWS, Azure, Linux, Windows, and Kubernetes.
MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations. H2's MITRE Agent helps map your defenses against known threat groups and techniques, identify gaps, and build detection rules.
Reach out to our team. We're happy to help.