[AD2] Tech
How we workStart an assessment
Methodology

AEGIS is our named methodology for assessing and fixing SMB infrastructure.

It's the reason we can deliver a fixed‑price assessment that's rigorous, repeatable, and priced for a business that isn't a Fortune 500. This page explains how it actually runs.

The pipeline

Four stages. One report at the end.

Data flows left to right. Nothing identifiable leaves your environment.

01 · stage

Collect

A dedicated collector is dropped on your network. It reads configuration, logs, and telemetry from the systems we're assessing. Raw data stays on‑site.

Edge collector · Tailscale · no inbound ports
02 · stage

Sanitize

Every client‑identifiable value — names, hosts, IPs, license keys — is replaced with a stable placeholder. Only sanitized data crosses the Tailscale boundary.

Deterministic anonymization · encrypted mapping
03 · stage

Analyze

Sanitized data is analyzed by AEGIS skill files — executable playbooks for each device class. AI assists; scoring logic is deterministic.

Skill files · per device class · structured JSON
04 · stage

Report

Findings are de‑anonymized back to real values on your side. The output is a branded, client‑ready report with exec summary, findings, and roadmap.

De‑anonymized locally · Word + PDF
Data handling

Your raw data never leaves your network.

This is the most important slide in this page. The SMB IT market has trained buyers to expect "we'll install our tools on your network." AEGIS inverts that. The collector is local, the sanitization is local, and the mapping back to real values stays on your side.

At your site

Edge collector

  • Raw configs, logs, telemetrylocal
  • Identifier ↔ placeholder mapencrypted
  • Inbound public portsnone
AEGIS analysis plane

Sanitized only

  • Sanitized configs + structured JSONok
  • Skill‑file execution per device classok
  • Your customer's name, anywherenever

Plainly ·Your name, your customers' names, your IPs, your license keys — none of that is what AEGIS analyzes. It analyzes sanitized placeholders. The final report is re‑hydrated with real values on your side at the end.

Severity framework

What CRITICAL, HIGH, MEDIUM, and LOW actually mean.

In business terms, not jargon. If it doesn't explain itself to a non‑technical owner, it doesn't belong on this page.

LevelWhat it means for the businessRemediation window
criticalA realistic path to a material incident — ransomware, data loss, a lawsuit — is open right now.within 14 days
highA known weakness that would make a breach materially worse if something else went wrong first.within 60 days
mediumReduces operational resilience or inflates cost. Not an immediate risk; worth scheduling.this quarter
lowBest‑practice hygiene. Good to fix, won't hurt you if you don't.opportunistic
What a finding looks like

One sample finding. Real shape, anonymized content.

Every finding in the report follows this exact structure. The full report has 40–120 of them, grouped and ranked.

F‑047

Domain administrator accounts do not require phishing‑resistant MFA.

Critical
Current stateFour Entra ID accounts with the Global Administrator role accept SMS and authenticator‑push factors. Two have never registered a hardware key.
Business riskA phished admin credential lets an attacker pivot to every cloud‑connected system — M365, Dropbox, HubSpot. Average recovery cost in SMB: 6–9 weeks of disruption.
RecommendationEnforce FIDO2/WebAuthn on the Global Administrator role. Issue YubiKey 5Cs to the four named admins. Remove legacy SMS fallback.
Effort
~6 hrs
Includes hardware procurement & four 30‑min admin sessions.
See the full sample report
What you see / don't see

AEGIS is a methodology. Not a SaaS product.

There is no dashboard to log into. No portal. No admin UI you're paying for. You bought an engagement, not software.

Scoping call
×The CLI
The report
×Skill files
Findings review
×Pipeline runs
Remediation roadmap
×Internal tooling