Get started now

Pricing

One-time audit

Recommended for small companies with minimal to no security personnel that need a one-time analysis.
Starts at $4,000.
A comprehensive one-time audit of identity attack paths. This includes analyzing your configuration, identifying the most critical attack paths, misconfigurations, and providing customized recommendations.
  • Microsoft Active Directory
  • Microsoft Azure
  • Microsoft 365

Enterprise license

Recommended for companies with security personnel that require continuous analysis and monitoring.
Starts at $10,000/year
Our comprehensive platform provides continuous monitoring of your attack surface, custom exploration tools, chokepoint analysis with business impact assessment, and can be integrated with various systems (e.g., SIEM).
  • Microsoft Active Directory
  • Microsoft Azure
  • AWS
  • SMB/CIFS FileShares
  • Okta
 
One-time audit
Enterprise license
Key functionalities
 
Resistance score
Tracks your ability to resist attacks
Top attack paths chokepoints
The top 10 attack paths chokepoints in your environment
Most dangerous objects (users, devices, etc.)
The top 50 most dangerous objects in your environment
Audit report
Interactive report with the top issues in your environment
Additional functionalities
 
Graph exploration
Ability to explore your environment like an attacker
-
Query builder
Run pre-written queries or create custom queries at will
-
Impact analysis
Sandbox-like interface to test scenarios safely
-
Full attack paths chokepoints discovery
Access all your attack paths chokepoints without limitations
-
Full misconfigurations discovery
Access all the misconfigurations without limitations
-
Contextual recommendations and business impact
Insight into how changes might impact business access
-
Automated analysis
Schedule Saporo to continuously track risk and progress
-
Ticketing system
Track your issues, can be integrated with Jira and ServiceNow
-
Change management
Track all the changes made in Saporo for audit purposes
-
Data sources
 
Main sources
 
Microsoft Active Directory
Full mapping including ADCS, Sessions, DC logs and more
Microsoft Azure
Includes Azure Entra ID, Resources, Graph API and M365
Companion sources
 
Amazon Web Services
IAM console, S3 buckets and logs
-
SMB/CIFS FileShares
Audit as an attacker (less rights) or an auditor (more rights)
-
Okta
Alpha version
-
Integrations
 
Single Sign-On (SSO)
For Microsoft Active Directory and Microsoft Azure
-
Jira On-Prem
Sync tickets between Saporo and Jira on-prem
-
Jira Cloud
Sync tickets between Saporo and Jira cloud
-
ServiceNow
Sync tickets between Saporo and ServiceNow
-
Swagger API specs
Find a list of all endpoint with some documentation and tests
-
Custom integrations
On-demand for an added fee
-
On-demand
Admin & user management
 
User management
Add/remove users, SSO login, assign roles and block access
-
Data source configurator
Add new configuration for AD, Azure and more from the Saporo UI
-
Change management
Process to propose, review and accept changes made in Saporo
-
Ticketing system
Create and track tickets directly in Saporo for any type of findings
-
Security & Compliance
 
Data encryption
Data encrypted at rest and in motion
Audit trail
Track who changed what and when in Saporo
-
On-premise deployment
No connection to cloud services required except for license checks
-
Secure cloud deployment
Data and app hosted with a secure cloud provider in Switzerland
Support & services
 
Access to support portal
Access to knowledge base
Software updates
-
Support SLAs
D+1
24*5
Premium support SLAs
-
Dedicated support and consulting
-
On-demand
Common Questions

Not quite convinced?

Get in touch with us at
hello@saporo.io
How is the pricing calculated?
Saporo's various models are priced according to the number of Active Users and Data Sources purchased. An Active User is defined as someone who has authenticated at least once in the past 90 days on the customer-selected data sources (e.g., Active Directory, Azure, AWS).

If customers are unsure how to calculate this count, Saporo provides the necessary commands to accurately determine the number of active users. For customers with annual licenses (TIER 2), Saporo will re-evaluate the number of active users before each yearly renewal.
How does Saporo ensure the security of my data? ​
Saporo places a high emphasis on data security and provides versatile deployment options, including on-premises installations on Linux or Microsoft platforms, as well as Cloud (SaaS) deployments on the customer's chosen instance. Additionally, Saporo can offer hosting within the customer's preferred country. For more information on our data security policies, please contact us.
Should I go for a one-time audit or the enterprise license? ​
Our one-time audit option is tailored for small businesses and consulting projects conducted with partners. It provides a snapshot of your identity configuration's security posture within a day, using minimal resources, and includes a concise, prioritized roadmap.

Our Enterprise License caters to more extensive needs, offering real-time monitoring, security and IT integrations, collaboration, autonomy, and alerting features.
How long does it take to deploy and run Saporo? ​
Deployment typically takes around two hours, even for large-scale environments, and can be performed on-premises or in the cloud. Feel free to request a demo for more information on the deployment process and how it would suit your needs.

The analysis speed depends on the size of the environment (e.g., AD, Azure, O365, AWS) being audited. On average, the analysis takes about fifteen minutes or less for smaller businesses (e.g., 500 employees) and around four hours for large enterprises (e.g., 200,000 employees).
Will I need dedicated personnel to manage Saporo?
Saporo can be utilized daily, weekly, or monthly, based on your priorities. While you will receive alerts for any risky changes in your identity configurations, Saporo emphasizes anticipation over reaction.

We believe that identity is the top exposure for companies today, and you should allocate the necessary time to ensure your most valuable assets are well-secured and segmented from other identities before addressing anything else.

Typically, usage ranges from 1 to 4 hours a week, mainly by IT ops teams, sysadmins and security managers.
Does Saporo offer consulting services?
Saporo provides basic services and consulting for audits and can also offer monthly security/IT sessions with your team to assist with recommendations, resolutions, and any support needed for the solution itself.

For more extensive and in-depth consulting projects, Saporo collaborates with numerous partners in various countries, all of whom possess the relevant expertise and qualities to support you. You can find a list of our partners here.

"Saporo is an indispensable defense tool for all organizations that want to be one step ahead in controlling risks within their increasingly complex infrastructures."

Christophe Bouillard
CISO at Bank Mirabaud & Cie

"Saporo addresses strategic priorities in a super-fast, simple and cost effective way. Saporo anticipates weaknesses and minimize the business impact of attacks."

Ludovic Chouet
CISO at Centre Hospitalier Dôle

"Saporo is an indispensable solution to prevent and fight against cyberattacks. Saporo gives us visibility into attack paths and issues like no other tools."

Jean-Baptiste Gard
CISO at ST-Quentin Hospital
"Saporo provides immediate and actionable information to focus on what matters most in a chaotic environment."
Christopher Morales
CISO at Netenrich
Winner of the 2024 Jury's Favorite Award
Winner of the 2022 Best Cyber Security Start-Up Award