Frequently Asked Questions

HailBytes builds two cloud-native security platforms: HailBytes SAT (Security Awareness Training) for phishing simulation and employee training, and HailBytes ASM (Attack Surface Management) for continuous external reconnaissance. Both deploy to your AWS or Azure account through the cloud marketplace and are priced on infrastructure ($0.24/vCPU/hour) rather than per-seat or per-asset.

HailBytes SAT is self-hosted in your own cloud account, source-available under ELv2, and priced on infrastructure rather than seats. A 1,000-user company pays roughly the same as a 200-user company because cost is set by VM size, not headcount. KnowBe4 and Proofpoint are SaaS, per-seat, and proprietary. See the side-by-side comparison for feature, pricing, and architectural differences.

HailBytes ships under ELv2, which lets customers read, audit, modify, and self-host the source. The single restriction is that you can’t offer HailBytes itself as a competing hosted SaaS. For most buyers (security teams, MSSPs, pen-test firms reselling under their own brand) ELv2 is functionally equivalent to open source — you get every benefit of source visibility for security review and customization.

$0.24 per vCPU per hour through AWS or Azure Marketplace, for both SAT and ASM. The recommended 2 vCPU instance runs about $4,200/year, including the underlying VM, storage, and networking on a single marketplace bill. There are no per-seat, per-asset, or per-scan fees. See the pricing page for the full breakdown.

Yes. Annual and multi-year private offers are available for both products with discounts off the marketplace rate. Contact sales to discuss specific terms.

Yes. Marketplace charges count toward AWS Enterprise Discount Program and Azure MACC commits. This is why most enterprise procurement teams prefer the marketplace deployment path — it draws down existing committed spend instead of adding a new line item.

Yes — 30 days free through both AWS Marketplace and Azure Marketplace. The trial includes the underlying VM on most starter sizes, so you can run real campaigns or scans during the evaluation period.

Yes. SAT works with any SMTP-capable email provider, and the SMTP setup tutorial covers M365 and Google Workspace allowlist configuration explicitly. See SMTP setup for phishing testing.

SAT ships with built-in post-click training modules that show employees a short interactive lesson the moment they click a simulated phishing link, with quizzes to confirm comprehension. See the post-click training tutorial, or try the live quiz demo.

Yes — SAT supports per-segment campaigns with custom templates so executive simulations can run on tighter cycles than company-wide programs. See executive spear-phishing tutorial.

ASM continuously enumerates subdomains, fingerprints services and software versions, runs port scans, identifies known CVEs against discovered software, and tracks changes over time. It’s reNgine deployed as a managed service in your cloud account — the same engine many security teams already know.

Pen tests are point-in-time and goal-oriented; ASM runs continuously and surfaces drift — new subdomains, exposed admin panels, expired certificates, newly disclosed CVEs against existing services. Most security teams use ASM to fill the visibility gap between pen tests rather than to replace them. See pen test definition.

Yes, and many do. The pen-test firm playbook covers white-label arrangements, pricing tiers, and engagement mechanics for offering ASM as a recurring deliverable between point-in-time engagements.

Five to ten minutes for the first instance. One-click deploy from AWS Marketplace or Azure Marketplace, then access the web UI as soon as the VM is up. Tutorials walk through the rest of the setup: SAT on AWS, SAT on Azure, ASM on AWS, ASM on Azure.

For SAT: 2 vCPU / 8GB RAM is enough for most deployments regardless of headcount. For ASM: 2 vCPU is fine for moderate attack surfaces; large surfaces (thousands of subdomains, frequent rescans) typically run on 4–8 vCPU.

Yes. ASM emits findings to Splunk, Elastic, Microsoft Sentinel, Chronicle, and any SIEM that accepts webhook or syslog input. SAT and ASM both push notifications to Slack and tickets to Jira out of the box. See SIEM integration tutorial and findings routing deep dive.

In your own cloud account. HailBytes runs as a marketplace deployment in the AWS or Azure region you choose. HailBytes the company never holds your campaign data, employee records, or scan findings — there is no shared multi-tenant SaaS to compromise.

Yes. Both products generate audit-ready evidence (campaign launches, training completion, branded PDF certificates, structured audit logs) aligned to PCI-DSS Requirement 12.6, HIPAA Security Rule §164.308(a)(5), SOC 2 CC2.2, ISO 27001 A.7.2.2 / A.6.3, and NIST CSF PR.AT. Every artifact is CSV-exportable for client-facing reports. See the compliance mapping page.

Both SAT and ASM support per-tenant OIDC for enterprise SSO. MSSPs running multi-client deployments configure OIDC per client instance, which keeps identity boundaries clean even when several clients run on the same MSSP-managed infrastructure.

Yes. Per-tenant branding (logo, favicon, colors, support URL, email-from name) is built in, and the ELv2 license explicitly permits service-provider rebrand arrangements. One-instance-per-client architecture keeps tenant data fully isolated — the model SOC 2 auditors expect from MSSP-delivered services. See the full MSSP playbook.

Because HailBytes prices on infrastructure (~$4,200/year for one SAT instance), the cost basis stops scaling once you hit one instance per client. Gross margin on a 500-seat client is dramatically better than a per-seat reseller agreement with KnowBe4 or Proofpoint. Concrete tier math and a sample 200-seat P&L: white-label margin economics.

Yes — the HailBytes Partner Program covers reseller economics, AWS and Azure marketplace co-sell motions, and partner enablement materials.