Frequently Asked Questions.
Everything you need to know about SecurityBox — what it does, how it deploys, and what it costs.
General.
SecurityBox is a managed continuous behavioral risk assessment platform. It evaluates the risk posture of every host in your environment through behavioral analysis, assigns confidence-rated risk scores, and delivers actionable recommendations. The goal is measurable risk reduction — taking organizations from critical risk to sustained low-severity conditions.
A SIEM produces event correlation, rule matches, and alert volumes that require skilled analysts to interpret. SecurityBox produces prioritized investigative objects, context-rich case artifacts, and actionable recommendations. The difference is operational: a SIEM creates work for your team, SecurityBox eliminates it.
Not necessarily. The purpose of a SIEM is to aggregate security information from multiple sources and produce actionable alerting and detections — and SecurityBox does exactly that. It ingests signals from network traffic, Active Directory, cloud services, identity providers, and EDR, correlates them, and produces prioritized findings with actionable recommendations. The difference is that a SIEM hands your team raw alerts to triage, while SecurityBox delivers finished, prioritized findings with clear guidance. That said, if you already have a SIEM or need one for regulatory reasons, all SecurityBox detections and alerts can be forwarded to it. For compliance purposes, every case that SecurityBox creates and every risk report generated are retained for a minimum of one year by default.
SecurityBox serves organizations of all sizes that need measurable risk reduction. Small businesses benefit from the fully managed model that requires no in-house security expertise. Managed service providers use SecurityBox to deliver continuous risk assessment to clients. Organizations in regulated industries rely on the continuous compliance documentation and board-ready reporting.
Deployment.
Both run the same risk assessment platform. SecurityBox-Network is an on-premise appliance that ingests all signal sources — Active Directory, identity, cloud services like M365 and Azure, EDR — plus network traffic analysis via a bi-directional port mirror. It's the full package. SecurityBox-Cloud is for organizations with no physical office: we provide a cloud-hosted SecurityBox instance (included in pricing) that does everything except network traffic analysis, since there's no physical network to mirror. The only difference is where it runs and whether you get the network traffic layer.
The appliance has two network interfaces. The management interface connects to a standard user VLAN — this is how it communicates, receives updates, and sends assessment data. The monitoring interface connects to a port mirror (SPAN port) on your firewall or edge switch — this captures bidirectional network traffic for analysis.
SecurityBox-Network deploys on-premise in hours — not weeks. SecurityBox-Cloud requires no hardware at all; we provision a cloud-hosted instance and begin assessment immediately. Baseline risk posture is established quickly, and you begin seeing measurable risk trends within the first week.
No. SecurityBox is an agentless platform — there is nothing to install on your workstations, servers, or devices. It assesses risk by ingesting signals from your existing infrastructure: network traffic, Active Directory, cloud services, and identity providers. The only exception is SentinelOne XDR, an optional add-on that installs a lightweight endpoint agent. SentinelOne adds autonomous host protection and deeper telemetry collection, which is especially valuable for remote and work-from-home environments where there is no corporate network to monitor.
SentinelOne XDR is strongly recommended for work-from-home environments. Without a corporate network, SentinelOne provides the endpoint-level telemetry that SecurityBox needs to build complete per-host risk profiles for remote users. It also adds industry-leading autonomous endpoint protection. It is an optional add-on.
The Deliverable.
Every host under management carries a continuously updated risk score — a single confidence-rated number from clean to critical. The score reflects behavioral anomalies, baseline deviations, and correlated signals. It tells you exactly where each host stands without requiring technical interpretation.
SecurityBox produces weekly risk trend reports, per-host risk summaries, executive risk posture overviews, and detailed case artifacts for investigated findings. Reports are designed for both technical teams and business leadership.
SecurityBox follows a three-phase approach: baseline your current risk posture, reduce critical and high-severity conditions through prioritized recommendations, and sustain low-risk conditions through continuous behavioral assessment. Weekly trend reports show measurable progress.
In a fully managed engagement, our team handles continuous risk assessment, investigation, and recommendations. Your team receives prioritized findings and acts on clear guidance. In a co-managed engagement, your security team works alongside ours with direct visibility into risk states and investigations.
Pricing.
An identity is a Microsoft 365 or Google Workspace email account. Each identity is monitored for sign-in anomalies, geographic impossibilities, privilege changes, and access pattern deviations. Service accounts and shared mailboxes that have sign-in capability count as identities.
A host is any device with an operating system and an IP address that communicates on the network. This typically includes workstations, laptops, servers, and networking devices. Although VoIP phone systems are also hosts, they are not counted in licensing. Host pricing is based on the number of devices actively being monitored by SecurityBox.
The platform base includes agentic AI analysis, continuous behavioral risk assessment, per-host risk scoring, weekly risk trend reports, executive summaries, actionable recommendations, and fully managed operation. No feature gates — you get the full platform from day one.
SecurityBox offers three commitment tiers: month-to-month with no contract, a 1-year commitment, and a 2-year commitment. Longer commitments receive lower per-unit pricing. All plans are billed monthly in USD.
Yes. If you start on a month-to-month plan, you can convert to a 1-year or 2-year commitment at any time. Your pricing will adjust to the lower committed rate immediately. Many organizations start monthly to validate the platform, then lock in a longer commitment once they see the results.
SecurityBox pricing starts with a platform base, plus per-host and per-identity charges based on your environment size. Additional sites and SentinelOne XDR are optional add-ons. All prices are in USD. Volume discounts are available for larger host and identity counts — contact us for custom pricing.
SecurityBox doesn't offer a free trial, but every deployment is backed by our 30-Day Guarantee: if we don't produce actionable findings that improve your security posture within 30 days, we refund your first month in full.
Yes. Volume discounts are available for larger host and identity counts. Contact us for custom pricing tailored to your environment.
All SecurityBox deployments include platform support. For general inquiries, contact us through the contact page or at info@cyberhunter.solutions.
Still Have Questions? Let's Talk.
Our team is here to help. Get a personalized walkthrough of SecurityBox and see how it fits your environment.