Products
Built in the field, not in a pitch deck
Every CCI product began as a tool our own auditors needed. The ones that survived hundreds of engagements are the ones you can buy.
Evidence
EviGen
Your engineers lose weeks assembling audit evidence by hand. EviGen collects it on Windows, macOS and Linux automatically — returning 3 to 8 weeks of effort per engagement, at 99% customer satisfaction across SWIFT CSP work. Most of our SWIFT customers now require it by default.
Quantification
cVaR
Risk registers rank; they do not price. cVaR computes cyber value-at-risk for any industry from your full inventory, metrology, the FAIR method and Monte-Carlo simulation. An agent-less edition is coming very soon.
Finance resilience
DORA-MAST
DORA asks financial entities to prove resilience, not assert it. DORA-MAST models your operational resilience and computes financial loss where it matters. Model it. Compute it. Govern it.
Visibility
NetDiagramer
Network documentation is out of date the day it is drawn. NetDiagramer generates diagrams from inventory and discovery data, rendered by the same 3D engine that powers our architecture graph.
Research
GCIDB·1834
Cyber incidents did not start with the internet — the first network attack predates the telephone. GCIDB·1834 is our static research corpus of incidents from the 1834 telegraph fraud onward, for reference, teaching and analysis.
Custody
Regulated evidence vault
Audit findings and documents in LPM and NIS 2 contexts cannot live in a shared drive. Our evidence vault keeps them under regulated-grade custody. Final product name to be announced.
Hardware
Domain separation for finance
Some assets must never share a machine with the open world. Our hardware-separated endpoint gives financial institutions two physically isolated domains in one device — no lateral movement, by construction.
Coming
PenTeva
A virtual machine that executes penetration tests and simulates vulnerabilities from a domain-specific language — so you can challenge what your pentesters tell you. In development; customers are already waiting.
Coming
AML/CFT Transaction Filter
AI/ML-driven sanctions screening and transaction monitoring. Reduces false positives by 50–70 % against legacy rule-based systems. Covers UEMOA, GAFI, OFAC and Basel typologies. In development — prospect engagement open.
Common questions
Who uses CCI products and services?
CISOs and risk teams in regulated industries — banking, financial infrastructure, energy, and government. Any organisation subject to SWIFT CSCF, DORA, NIS 2, ISO 27001, or LPM that must show a regulator numbers, not colours.
What would finally deliver quantified cyber risk where everything else has failed for 30 years?
Metrology applied to security. CySSURANCE uses the FAIR method and Monte-Carlo simulation over your actual inventory data — not self-assessment scores. Risk becomes a distribution with a financial figure, not a traffic light.
We cannot touch production. Can you go agent-less?
Yes. EviGen operates without a persistent agent on the target host. cVaR’s agent-less edition is in active development. Our SWIFT assessments have always been conducted without standing access to production systems.
We have a CMDB. Can you complement it rather than replace it?
Yes. CySSURANCE and NetDiagramer both ingest CMDB exports. We enrich what you already have — resilience scores, value-at-risk, compliance status, and visual topology — without displacing your source of truth.
We already have 150+ cybersecurity products. What do you bring that we do not have?
Computation. Your 150 tools produce logs, alerts, and scores. CySSURANCE converts that output into a single quantified risk picture your board and regulator can read. We sit above your stack, not inside it.
We use Excel for risk management. Why move to your platform?
Excel is a spreadsheet; CySSURANCE is a risk engine. A 40,000-row inventory run through FAIR with Monte-Carlo simulation takes seconds in CySSURANCE and hours in a spreadsheet. The output is auditable, versioned, and board-ready.
Our audit is in three months and we are not confident. Can you help?
Yes — three months is enough. EviGen can collect and structure evidence in days. Our assessors have delivered hundreds of SWIFT, DORA, NIS 2, and ISO 27001 engagements under exactly this pressure. Contact us this week.