What is the difference between a 14-day and a 30-day HailBytes ASM PoC?

A 14-day PoC covers one cloud (AWS or Azure), a small seed-domain set (typically five seeds), and is run in HailBytes-managed mode. The objective is fast validation of fit. A 30-day PoC covers one or two clouds, a fuller seed-domain set (typically 50 seeds), and can be run in HailBytes-managed or self-deployed mode. The 30-day option is the right choice when the evaluator wants integration evidence (SIEM, Jira, Slack, ServiceNow) and a compliance-mapped findings report in the closeout package.

What is Mode A versus Mode B in a HailBytes ASM PoC?

Mode A is HailBytes-run: HailBytes deploys the ASM stack in the customer's cloud account, monitors scans, generates the findings report, and presents the closeout. The customer observes. This is faster and lower-overhead, suitable for evaluators who want to see results without operating the platform during the PoC. Mode B is self-deployed: the customer takes the marketplace VM, integrates it into their own tooling, and HailBytes supports during the scan window. Mode B is truer-to-production and is the right choice when the evaluator is also evaluating operational fit, not just findings quality.

What deliverables does a HailBytes ASM PoC produce?

Seven deliverables: (1) Findings report with prioritized CVE list, exposure narrative, and remediation guidance, (2) Asset Change Summary showing what entered and exited the attack surface during the scan window, (3) Attack-path chart visualizing reachability from external assets to critical infrastructure, (4) Compliance report mapped to one named framework (SOC 2, NIST CSF, HIPAA, GLBA, PCI, FedRAMP, NYDFS, CIS Controls, LGPD, ISO 27001, or GDPR), (5) Integration evidence showing what got pushed to the customer's SIEM, Jira, Slack, or ServiceNow during the scan, (6) Recorded walkthrough video covering the platform end-to-end, and (7) Closeout document with decisions, identified gaps, and recommended next step.

How does the rollout decision-gate framework work after a successful PoC?

Four stages, each one is a budget-and-scope checkpoint, not a renegotiation. Stage 1 is PoC to 10-tenant pilot: validate operational fit at small scale, confirm integration evidence is acceptable to internal stakeholders. Stage 2 is 10 to 100 tenants: expand to the customer's first material rollout band; this is where multi-year commitment math first becomes worthwhile. Stage 3 is 100 to 1,200 tenants: large-enterprise scale; full white-label substrate typically engages here. Stage 4 is 1,200 to 5,000+ tenants: negotiated band with custom unit pricing. The gates are spaced to match procurement-cycle timing in most enterprise organizations.

For Evaluators

HailBytes ASM Proof of Concept Process

14-day and 30-day options, HailBytes-run or self-deployed, seven deliverables, four-stage rollout decision gates, and the day-0 questions to lock down before kickoff.

Companion page to the HailBytes ASM product page. This page is the operational reference for evaluators and partners scoping a PoC; the product page is for the technical and capability overview.

When this page is for you

You are evaluating HailBytes ASM, either as an end customer or as a partner pre-selling to a customer, and you want to know what a PoC actually consists of before scoping one. This page is written for the person who will own the PoC closeout decision: the technical evaluator who has to sign off on operational fit, or the procurement-adjacent leader who has to sign off on commercial fit.

If you are a partner reselling to a customer, the partner resell page is the commercial companion to this page; this page is the PoC operational reference.

PoC objectives

Qualify the buyer

Validate that the operational shape (cloud account, asset count, target-domain set, integration tooling) matches what HailBytes ASM is built for, before committing engineering and account-management time to a larger rollout.

Validate the fit

Confirm that findings quality, scan cadence, integration evidence, and compliance mapping match what the evaluator's internal stakeholders need, on the timescale they need it.

Demonstrate end-to-end value

Produce a closeout package the evaluator can take to their decision-makers without translation. Findings, asset changes, attack paths, compliance mapping, integration evidence, and a recorded walkthrough video are all in the standard deliverables set.

Generate procurement signal

Move the conversation from "does this work?" to "what's the right rollout band?" by the closeout. The four-stage decision-gate framework gives the evaluator a credible path from PoC to 1,200+ tenants without a renegotiation at each stage.

Scoping: 14-day or 30-day

14-day Light PoC

Right for: fast validation, evaluators who want a yes/no on findings quality before committing to a longer evaluation.

One cloud (AWS or Azure)
Five seed domains
HailBytes-run (Mode A) only
Findings report, Asset Change Summary, attack-path chart, recorded walkthrough, closeout doc
Compliance report optional, one framework, on request
Integration evidence light (one integration, sandbox-friendly)

30-day Standard PoC

Right for: procurement-grade evaluation, partners building a sales narrative, customers who want integration evidence in the closeout package.

One or two clouds (AWS, Azure, or both)
Up to 50 seed domains
Mode A (HailBytes-run) or Mode B (customer self-deploys)
All seven deliverables in the standard set
Integration evidence across multiple tools (SIEM, Jira, Slack, ServiceNow)
Compliance report against one named framework, included in the standard package

Both options are no-cost during the PoC window. Custom scoping (longer windows, more clouds, additional frameworks) is available on request and scoped against the eventual rollout commitment.

Mode A: HailBytes runs — or Mode B: you self-deploy

Mode A — HailBytes-run

HailBytes deploys the ASM stack in the customer's cloud account (or in a HailBytes-managed sandbox account, customer's choice), monitors the scan, generates the findings report, and presents the closeout. The customer observes.

Right for: evaluators who want to see results without operating the platform during the PoC, partners who want HailBytes to do the technical lift while they own the customer relationship.

Customer time commitment: ~2 hours kickoff, ~2 hours mid-PoC checkpoint, ~2 hours closeout. ~6 hours total over the PoC window.

Mode B — Self-deployed

The customer takes the marketplace VM, deploys it in their own cloud account, integrates it with their own tooling (SIEM, ticketing), and runs the scan. HailBytes supports during the scan window: enablement session, mid-PoC sync, closeout package preparation.

Right for: evaluators who are also evaluating operational fit (not just findings quality), customers who want truer-to-production evidence, partners who want their own team to learn the platform during the PoC.

Customer time commitment: ~8 hours deployment, ~2 hours/week ongoing during the scan window, ~2 hours closeout. ~14–20 hours total over a 30-day window.

Standard deliverables (seven items)

Every 30-day PoC produces the full set. 14-day PoCs produce a subset; details on the scoping cards above.

1. Findings report

Prioritized list of exposures and CVEs identified during the scan, with exposure narrative (why each finding matters in context), remediation guidance, and severity-band counts.

2. Asset Change Summary

Diff of what entered and exited the attack surface during the scan window. Useful for evaluators who care about discovery cadence, not just point-in-time inventory.

3. Attack-path chart

Visualization of reachability from external assets to critical infrastructure (databases, identity providers, internal APIs). Useful for security teams briefing risk to non-security stakeholders.

4. Compliance report

Findings mapped to one named framework: SOC 2, NIST CSF, HIPAA, GLBA, PCI-DSS, FedRAMP, NYDFS, CIS Controls, LGPD, ISO 27001, or GDPR. Additional frameworks on request.

5. Integration evidence

Screenshots and timestamps showing what HailBytes ASM pushed to the customer's SIEM, ticketing, or messaging tools during the scan. Demonstrates operational integration, not just import-export capability.

6. Recorded walkthrough

Video walkthrough of the platform end-to-end: discovery, scanning, findings triage, integration push, reporting. ~20 minutes; distributable to the evaluator's internal stakeholders who could not attend the live closeout.

7. Closeout document

Decisions made during the PoC, gaps identified (what HailBytes did not solve), recommended next step (PoC-to-pilot conversion, 10-tenant rollout, or post-PoC professional services). The document the evaluator hands to procurement.

Four-stage rollout decision gates

The path from PoC to enterprise scale, with budget-and-scope checkpoints at each band transition rather than a renegotiation.

Stage 1 — PoC to 10-tenant pilot

Validate operational fit at small scale. Confirm integration evidence is acceptable to internal stakeholders. Typical timing: 30–60 days after PoC closeout. Commercial mechanism: 1-year private offer (standard band pricing).

Stage 2 — 10 to 100 tenants

First material rollout band (Band 2). Multi-year commitment math first becomes worthwhile here. Typical timing: 3–6 months after pilot kickoff. Commercial mechanism: 2-year or 3-year private offer with band-2 pricing and 10–15% multi-year discount.

Stage 3 — 100 to 1,200 tenants

Large-enterprise scale (Band 3). Full white-label substrate typically engages here (ProjectQuota, /billing/projects/). Typical timing: 9–15 months after Stage 2 kickoff. Commercial mechanism: committed 3-year private offer at band-3 pricing.

Stage 4 — 1,200 to 5,000+ tenants

Negotiated band (Band 4). Custom unit pricing under a committed multi-year private offer. Typical timing: 18+ months after Stage 3 kickoff. Commercial mechanism: negotiated 3-year or 5-year private offer with custom unit pricing.

Gates are spaced to match procurement-cycle timing in most enterprise organizations. The pricing math at each band is documented on the partner-resell page.

Explicitly out of scope for the PoC

Named upfront so the closeout document doesn't surface them as gaps. Each item is on the roadmap or available as a post-PoC professional-services engagement.

Two-way BeWise integration. One-way integration (push findings into BeWise) is available; bidirectional sync (BeWise findings flow back to HailBytes) is on the roadmap and not in PoC scope. Track on the public roadmap.
Native ICS/OT discovery. Standard external attack-surface discovery covers IT assets, cloud surface, and exposed services. Native ICS/OT protocol discovery (Modbus, DNP3, S7) is on the roadmap and not in PoC scope.
Custom dashboard development. The standard reporting and dashboard set is what the PoC demonstrates. Custom dashboards for specific stakeholder views (board, audit committee, regional CISO) are post-PoC professional-services engagements.
End-customer training programs. The PoC includes the recorded walkthrough and one closeout session. Full operator training, security-awareness training programs (separate from HailBytes SAT), and bespoke certification programs are post-PoC professional-services engagements.
Production migration of pre-existing scan data. The PoC starts from a clean baseline. Migration of historical scan data from a previous vendor is a post-PoC engagement and is scoped against the eventual rollout band.

Day-0 open questions to lock down before kickoff

The PoC starts cleaner when these ten questions are answered in writing before kickoff. HailBytes provides a fillable scoping document on request.

Cloud preference. AWS, Azure, or both? If both, is one primary?
Mode. A (HailBytes-run) or B (self-deployed)?
Length. 14-day or 30-day?
Target seed set. Which domains, IP ranges, or asset inventories are in scope? Out of scope (sensitive subsidiaries, test environments)?
Integration sandboxes. Is there a SIEM, Jira, Slack, ServiceNow, or BeWise sandbox the PoC can push to, or is integration evidence going to production?
Presenter identity. Who from HailBytes (technical lead, account lead) presents the closeout, and who from the evaluator team is the primary contact?
Distribution permissions. Is the closeout package internal-only, customer-facing, or available as a marketing case study (with permission)?
Primary compliance framework. Which framework is the closeout compliance report mapped to (SOC 2, NIST CSF, HIPAA, etc.)? Secondary frameworks on request.
Reference permission. If the PoC converts, is the evaluator open to being a reference, a case study, or a logo on the customer page?
Closeout decision-maker. Who is the named person who will say yes or no after the closeout? Is that person attending the closeout session?

Next step

If you are an end customer scoping a PoC, email sales@hailbytes.com with the cloud preference, mode, and length, and HailBytes returns the fillable scoping document plus a proposed kickoff date.

If you are a partner pre-selling to a customer, email partners@hailbytes.com; the PoC scoping runs in parallel with the partner-resale authorization if you are not already enrolled.

Scope a PoC