Book a demo

Network Security Posture Management

Posture and vulnerability management, purpose-built for NGFW & SD-WAN

Automatically scores new advisories against your real configuration to expose true risk.

Book a demo See how it works
Fortinet Fabric-Ready Partner

The problem

Your firewall is the highest-value target on the network

Firewall and SD-WAN appliances sit on the perimeter, between the internet and your private networks, controlling how traffic flows and who reaches your most sensitive systems. That makes them one of the most actively targeted assets you operate. The Five Eyes cyber security agencies have warned that AI is “shrinking the window between vulnerability discovery and exploitation ever more quickly”. AI-automated attacks against firewall appliances have already been observed in the wild. Any exposed flaw is highly likely to be exploited.

Five Eyes cyber security agencies, June 2026

3 of 3 Leaders in Gartner's Magic Quadrant for Hybrid Mesh Firewall had a critical, actively-exploited vulnerability in the first half of 2026 +263% growth in vulnerabilities disclosed each year from 2020 to 2025, a trend AI-assisted research is set to accelerate 1 device is all an attacker needs to reach the whole network

Why ThreatSabre

No single tool covers network security posture end-to-end

A strong posture depends on sound configuration, contextual vulnerability risk, and active lifecycle management working together. Each adjacent class of tool only covers a slice, and none was built for these devices.

Exposure assessment platforms

Combine vulnerability assessment and external attack surface management. They match firmware to known CVEs, or scan from the outside, but can't see a device's real configuration, enabled features, or reachable attack surface.

Network security policy management

Strong on multi-vendor rule hygiene, change management, and policy optimisation, but operationally heavy to run, and blind to vulnerability risk and device lifecycle.

Our approach

ThreatSabre integrates at an API level and applies a deep understanding of how these devices operate, the common configuration mistakes that lead to high-risk exposure, and how each vulnerability impacts individual devices based on their specific configuration. It rolls this up into the ThreatSabre Security Benchmark, a holistic measure of each device's risk that prioritises the issues with the highest impact and the clearest path to resolution.

How it works

From hidden exposure to prioritised action

Continuously map exposure across every device, weigh each vulnerability against its real config, and respond to what actually matters.

Discover

Build a complete picture of every device's exposure across interfaces, services, VIPs, trusted hosts, and local-in and firewall policies. That picture powers your posture rules and vulnerability assessments to surface true, contextual risk.

Assess

Continuously measure every device against the ThreatSabre Security Benchmark, a holistic view of risk that weighs attack surface, high-risk firewall policies, device hardening, exposed vulnerabilities, lifecycle and more. The benchmark is tuned to what genuinely impacts security and operations.

Triage

As each new vulnerability is disclosed, ThreatSabre rates its real risk to every device: is the affected feature configured, how is it exposed, and could it actually be exploited? Teams act immediately on what's genuinely critical and keep pace with a relentless stream of disclosures.

Report

Get the critical data out of the platform and in front of stakeholders, from an MSP's monthly customer report to a CISO briefing on the latest vulnerability impact. Alerts complement the reporting, notifying your team the moment something important changes, such as a high-risk configuration or a newly disclosed vulnerability affecting your devices.

Contextual risk rating

Know what to fix first, and prove what can wait

Security teams can't action every advisory at once. ThreatSabre scores each new advisory against every device's real configuration, so your team acts immediately on what's genuinely exposed and can confidently deprioritise what isn't, with the evidence to show stakeholders. Less noise, more time for the work that matters.

CVE-2026-31XYZ · Authentication bypass CVSS 9.8
Branch-FW-LDN Vulnerable feature enabled, exposed to the public internet
Critical High priority
Core-FW-01 Vulnerable feature not enabled
Low Low priority

Same advisory · prioritised by per-device impact. Illustrative example.

Complete coverage

One score, three categories of risk

ThreatSabre rolls configuration, vulnerability and lifecycle risk into one benchmark.

Configuration risk

Catch high-risk configurations and policy weaknesses as they appear, measured against a consistent baseline.

Vulnerability risk

Every advisory scored against the actual configuration of each device, not a generic CVSS number.

Lifecycle risk

Firmware and hardware lifecycle, support and licensing, surfaced before an end-of-support date becomes a problem.

Solutions

From a single site to the largest MSSP

Managed Service Providers

Offer managed firewall services backed by ThreatSabre. Differentiate your service with a credible posture and vulnerability story that wins and retains customers, and prioritise across every tenant during global events.

  • Differentiate your managed service
  • Multi-tenant CVE impact analysis
  • Per-tenant posture reporting
  • Renewals & lifecycle at scale
Learn more →

Enterprise & SMB

Complete visibility and risk-based prioritisation across your whole fleet, with continuous compliance, lifecycle management and independent assurance.

  • Complete fleet visibility
  • Risk-based prioritisation
  • Continuous compliance
  • Independent assurance & evidence
Learn more →
Independently assured
SOC 2 Type 1 Security — certifiedNZ Privacy Act 2020 CompliantGDPR programme Aligned
Visit the Trust Centre →

FAQ

Common questions

What platforms and devices does ThreatSabre support? +

ThreatSabre currently supports Fortinet FortiGate next-generation firewalls, including FortiGate Rugged and FortiWiFi models. Devices can be connected directly or through FortiManager and FortiManager Cloud, and support for additional platforms is on the way.

How does ThreatSabre access my devices? +

Through a lightweight, standalone Linux agent installed with a simple script. It runs almost anywhere Linux does, from cloud platforms like AWS, Azure and GCP down to a Raspberry Pi. The agent connects read-only and needs only outbound HTTPS access to our platform and to the devices it polls. It can be locked down tightly and supports full SSL inspection.

How quickly can I get started? +

Onboarding is straightforward and typically takes as little as 10 minutes.

Read the onboarding guide →

See the platform in action

Book a personalised demo and see how ThreatSabre improves your security posture.

Book a demo See how it works