Sable, the security platformthat comes with security people.

Run your whole program in one workspace: findings, risk, vendors, policies, and SOC. Then, when it matters, SubRosa's offensive team works inside the same platform you do.

Start free trial

No credit card needed · No demo gate · 20+ years of offensive security, productized

⌐Findings & response

sable // findings

Findings

+ Add finding

Search findings…All severities ▾All statuses ▾

TitleSeverityStatusAssigned To

Insufficient access controlsHighOpenM. ReyesSubRosa

Exposed S3 bucket policyCriticalIn ProgressM. ReyesSubRosa

Outdated TLS on API gatewayMediumOpenD. Okafor

Unpatched CVE-2026-1142HighResolvedA. LinSubRosa

Weak password policyLowAccepted RiskD. Okafor

⌐Frameworks & compliance

sable // frameworks

Frameworks Library

Browse compliance frameworks and spin up assessments.

Search frameworks…

Framework NameDescriptionVersionActions

SOC 2 Type IITrust services criteria2017+ Assess

ISO 27001:2022Information security management2022+ Assess

GDPREU data protection regulation1.0+ Assess

HIPAAHealthcare data security2013+ Assess

PCI DSSPayment card data security4.0+ Assess

NIST CSFCybersecurity framework2.0+ Assess

⌐Security posture

sable // dashboard

Security Posture

Northwind

Security score82/100▲ climbing

Open findings143 critical

Pending tasks7requiring action

Findings · resolving

IAM privilege escalationCriticalIn Progress

Exposed S3 bucket policyCriticalOpen

Outdated TLS on gatewayHighIn Progress

Weak password policyMedium✓ Resolved

⌐Security posture · live

sable // dashboard

Security Posture

Northwind

Security score82/100▲ climbing

Open findings143 critical

Pending tasks7requiring action

Findings · resolving

IAM privilege escalationCriticalIn Progress

Exposed S3 bucket policyCriticalOpen

Outdated TLS on gatewayHighIn Progress

Weak password policyMedium✓ Resolved

⌐ One workspace

Every security function,one security posture.

Findings, risk, vendors, policies, SOC, and frameworks all roll up into a single picture, so nothing falls through the cracks.

⌐ One unified security posture ⌐

Not a PDF. Not a portal.

Security experts, inside your workspace.

When it matters, SubRosa's offensive team works in Sable alongside you: assigned to findings, commenting on controls, running engagements. The platform you use every day, run by the people who break into systems for a living.

Explore the offensive team→

sable // engagements

Engagements

SubRosa · 2 in progress

Engagement NameTypeStatusAssigned To

AWS Cloud Security ReviewCloud SecurityIn ProgressMRSubRosa

SOC 2 Gap ReviewComplianceIn ProgressMRSubRosa

Web Application Pen TestWeb App PentestDraftMRSubRosa

sable // findings

Findings

+ Add finding

Search findings…All severities ▾All statuses ▾

TitleSeverityStatusAssigned To

Insufficient access controlsHighOpenM. ReyesSubRosa

Exposed S3 bucket policyCriticalIn ProgressM. ReyesSubRosa

Outdated TLS on API gatewayMediumOpenD. Okafor

Unpatched CVE-2026-1142HighResolvedA. LinSubRosa

Weak password policyLowAccepted RiskD. Okafor

Map once. Audit forever.

Frameworks that move forward.

ISO 27001, SOC 2, HIPAA, GDPR. Map controls once, evidence once, audit once. When one updates, everything connected to it updates with it.

Explore compliance→

sable // risk

Risk Register

Northwind

12Total risks

1Critical

68%Mitigation

RiskCategoryLevelStatusOwner

Vendor data exposureOperationalCriticalActiveMRSubRosa

Ransomware via phishingTechnicalHighActiveDOYou

Unpatched legacy DBTechnicalMediumMitigatedMRSubRosa

sable // frameworks

Frameworks Library

Browse compliance frameworks and spin up assessments.

Search frameworks…

Framework NameDescriptionVersionActions

SOC 2 Type IITrust services criteria2017+ Assess

ISO 27001:2022Information security management2022+ Assess

GDPREU data protection regulation1.0+ Assess

HIPAAHealthcare data security2013+ Assess

PCI DSSPayment card data security4.0+ Assess

NIST CSFCybersecurity framework2.0+ Assess

Know what's exposed.

Vulnerability management, built in.

Continuous scans across your hosts and apps, deduplicated and ranked by real-world risk, then routed straight into findings and tasks so the right fixes happen first.

Explore vulnerability management→

⌐Vulnerability dashboard

sable // vulnerabilities

Vulnerability Dashboard

▶ New scan

Total scans

142

3 active

Critical / High

3 crit · 6 high

Unique CVEs

across all scans

Hosts scanned

318

unique IPs

Findings by severity

Critical3

High6

Medium14

Low22

Info31

Recent scansView all

api-gateway.northwind.io

12 findings · 2 crit4h ago

vpn.northwind.io

5 findings1h ago

s3-edge.northwind.io

no findings1d ago

Always watching.

Security operations, in the loop.

24/7 detection across Office 365, Entra ID, Defender, and your endpoints, triaged by SubRosa analysts and escalated to you, with every event, telemetry trend, and incident in the same workspace.

Explore security operations→

sable // escalations

Escalations

Awaiting client

In progress

Resolved

Closed

Search escalations…All types ▾All status ▾

CreatedTypeStatusSummary

6 months agoInvestigation AwaitingInvestigation: detection

10 months agoInvestigation AwaitingInvestigation: info

sable // security-ops

Security Operations

Feed status · 24h

Office 365

Connected

Entra ID

Connected

Defender

Connected

Endpoint

Connected

Events processed

337

Critical (24h)

Active incidents

Open escalations

Telemetry volume

Top affected hosts

host-616

host-1375

host-584

host-1474

host-674

Tenant telemetry health

TenantVolumeStatus

SubRosa (Demo)300High risk

Kestrel13Stable

Meridian12Stable

Altamont12Stable

⌐ Who Sable is for

Built for the team runningyour security program, whoever that is.

For Companies

You're running your own security program.

From a 30-person SaaS team chasing SOC 2 to a Series C with a real security org. Sable replaces the seven tools you're stitching together.

→Frameworks, evidence, and audit prep in one workspace
→Vendor risk that doesn't take a quarter to run
→Risk register that updates itself as controls change
→SubRosa's services team on-demand when you need humans

Start free trial

For MSPs & MSSPs

You're running security for other companies.

Multi-tenant from day one. Manage your full client book (frameworks, vendors, findings, posture) in one platform, without spinning up separate logins or duct-taping tools together.

→Multi-tenant client switcher with per-client module access
→Volume pricing per tenant, billed how you want
→White-glove onboarding for your delivery team
→Co-marketing for partners delivering real outcomes

Schedule a 15-minute call→

⌐ The services team

When you needhumans, not software.

Sable handles the system of record. SubRosa's services team handles the work that takes a human, fully integrated into your Sable workspace.

Penetration testing

Real offensive testing of your apps, networks, and cloud, run by people who break in for a living.

Learn more→

Incident response

When something happens, our responders work inside your workspace to contain and remediate, fast.

Learn more→

vCISO & advisory

Senior security leadership on demand: strategy, board reporting, and program direction.

Learn more→

AI governance

Practical guardrails for the way your teams actually use AI, set by people who have secured it.

Learn more→

⌐ The work behind Sable

We don't just build the platform.We use it.

SubRosa's services team brings 20+ years of offensive security work for AI companies, SaaS platforms, healthcare networks, and the MSPs that protect them. Every engagement now runs on Sable. Every finding, scope doc, and remediation track lives in the same platform our clients use.

When you sign up, you're not just getting software. You're getting a platform shaped by real client work, and a team you can pull in when the work needs humans.

Built on engagements, not assumptions

See what we do→

Stop managing securityin spreadsheets.

Free trial. No credit card needed. No demo gate. No “talk to sales” before you can see the product.

Start free trial See pricing→

20+ years of offensive security, productized