A picture of a computer.

No more forgotten servers!™

The modern approach to applications, with hybrid clouds, automation, and work-from-home staff, means it’s never been easier to scale your organisation. But how do you deal with a security threat-model that is literally changing minute-to-minute?

We created scarlet to make it ridiculously simple to find your unmanaged-assets, and take control of your external attack surface, so you can get back to whatever else it is that you would rather be doing.

Try scarlet for free!

Why the fuss about forgotten servers?

If you've ever read any articles about a successful hack, you may have noticed that the root cause is often something basic: unmanaged assets, missing patches, and vulnerable configurations. On top of this, a lot of legislation and security standards require an organisation to maintain an up-to-date asset list if they are to be compliant.

It’s obvious if you think about it: if you don’t know about your assets, how can you secure them?

A picture of a pile of money.

Wondering what scarlet could do to help?

scarlet constantly searches for unmanaged-assets within your external attack surface, and when it finds any changes, it forwards events to your existing management platforms.

Why’s that important? It’s because if you are serious about improving your security, it’s not enough to bury the data in yet another pretty dashboard that no-one is going to see: it needs to be actioned straight away. And we think that the best way to do that, is to build upon your existing tools and processes, so that there is literally nothing new for your team to learn or manage.

When your attack surface changes

A picture of some arrows pointing to options.

Let the DevOps team know on their Slack channel

Send the asset data and tags to the SIEM

Update the documentation on Confluence

Send the new assets to Qualys

When your attack surface changes:

  • Let the DevOps team know on their Slack channel
  • Send the asset data and tags to the SIEM
  • Update the documentation on Confluence
  • Send the new assets to Qualys
A picture of some cogs.

Worried that you don’t have the time to install yet another product?

We understand that you’re already busy, so by design, scarlet doesn’t need anything to be installed, and only requires the minimum amount of configuration: you can literally be up and running within minutes. All you have to do is generate access keys for the integrations that you want to use. And that’s it.

Want to know which integrations we support?


  • Akamai (coming soon)
  • Alibaba Cloud
  • Amazon AWS
  • Cloudflare
  • DigitalOcean
  • DNS Made Easy
  • Google GCP
  • IBM Cloud (coming soon)
  • Microsoft Azure
  • Oracle Cloud (coming soon)
  • OVHcloud


  • Check Point (coming soon)
  • Fortinet (coming soon)
  • Palo Alto (coming soon)


  • Discord
  • Slack
  • Teams


  • Elasticsearch
  • Sentinel
  • Splunk


  • Confluence
  • SharePoint (coming soon)

Vulnerability Management:

  • InsightVM (coming soon)
  • Qualys
  • tenable.io (coming soon)


  • Canary

Attack Surface Management:


Wondering if it is going to be affordable?

With scarlet there is no subscription charge or confusing, tiered pricing: everything is based on usage. If you don’t use it much, you don’t pay much. It’s as simple as that.

Everything we monitor is an asset (IP addresses, domain names and URIs), and we only charge €0.02 per asset, per day. So, if you have a hundred assets, you’ll pay around €60.00 per month (plus taxes).

Try scarlet for free!
A picture of a pile of money.