Rescue & Stabilization
Half-broken platform — performance, identity, integrations, data inconsistencies. We fix it. Outcome: stable, operable platform. Extensions by change request.
From 40 k€
Duration 4–6 weeks typical
Rescue & Hardening for Sovereign Security Platforms
Your team deployed a sovereign platform — OpenCTI, Authentik, Matrix, MISP, TheHive — but it never reached usable production or doesn't meet your security baseline. We stabilize it and harden it. Managed operations may follow for selected environments.
It's for you if
- ✓You have a sovereign on-premise platform (OpenCTI, MISP, Authentik, Matrix, Wazuh, etc.) deployed.
- ✓You need it production-grade for a sensitive environment.
- ✓Your team lacks capacity or expertise to maintain it seriously.
- ✓You operate under NIS2 / DORA / ENS without public cloud dependency.
It's not for you if
- ✗You're looking for a generic MSSP.
- ✗You need response to an active incident — for that, route to a dedicated incident response team.
- ✗You haven't deployed yet (better: start with an architecture conversation).
- ✗You expect open-ended 24/7 coverage — custom availability is case by case, not a public product.
TWO MODES
Two modes. One operating posture.
Hardening & Productionization
Functional platform but not ready for sensitive environments. We prepare it: TLS, secrets, RBAC, segmentation, observability, backups, runbooks. Extensions by change request.
From 50 k€
Duration 6–8 weeks typical
WHAT'S INCLUDED
Measurable scope, closed milestones.
- 01
Initial technical diagnostic
Quick deployment audit and prioritized action plan. 1–2 weeks if no prior Review.
- 02
Stabilization and hardening
Performance, identity, secrets, TLS, RBAC, segmentation, observability, backup/restore, regulatory baseline.
- 03
Runbooks and reference architectures
Living documentation. Your team and ours work from the same reusable material.
- 04
Documented handover
Production-grade outcome with everything your team needs to operate it themselves. No lock-in.
- 05
Optional managed continuation
If a managed engagement fits, it opens after rescue or hardening. Selective intake, scoped contract.
- 06
Reporting
Engagement reporting during delivery. If managed continuation is contracted, monthly operational report and quarterly review with CISO/CIO.
HOW WE WORK
From 4 weeks to production-grade.
- 01 1 week
Discovery
Technical call, NDA if applicable, preliminary scope and mode (Rescue / Hardening).
- 02 1-2 weeks
Proposal
Closed proposal with scope, milestones and fixed price.
- 03 4-8 weeks typical (CR for extensions)
Delivery
Sprint-based work with your team. Transparent access to our internal Gitlab.
- 04 Closing or ongoing
Handover or continuation
Documented handover to your team. Where it fits, managed operations open as a separate contract.
OUTCOMES
When we consider the engagement closed.
Rescue & Stabilization
A platform is considered stabilized when…
- Critical services start reproducibly.
- Primary data is accessible.
- Critical connectors and integrations are recovered, isolated or documented.
- P0 risks are contained.
- An operational baseline is documented.
- A prioritized hardening plan remains for the next phase.
Hardening & Productionization
A platform is considered production-ready when…
- Exposure and TLS are controlled.
- Identity, MFA and RBAC are defined.
- Secrets and credentials have clear custody.
- Encrypted backups and restore drill are tested.
- Minimal observability is in place.
- Runbooks and break-glass are documented.
- Residual risks are accepted or prioritized.
MANAGED CONTINUATION
Managed operations, by qualification.
Selective intake. We open managed operations only for environments we already know — typically after a Platform Review, Rescue or Hardening engagement. Scoped contract, not generic MSSP coverage. We do not take on operation of platforms we have not been able to review first.
Extended availability — including 24/7 — is contracted case by case for environments where it adds real value, with documented on-call and escalation.
WHAT'S NOT INCLUDED
What's not included.
- Generic MSSP services unrelated to sovereign platforms.
- Active incident response in progress (we route to a dedicated incident response team).
- Custom development unrelated to platform operation.
- Hardware or licenses — billed separately at cost.
ENTRY PATH
Enter where it fits.
Most engagements start with a Platform Review (2 weeks, from 12 k€) when scope is unclear. From there, Rescue or Hardening kick in as separate contracts. The sequence Review → Rescue → Hardening → Managed is typical, never forced.
See OpenCTI Platform Review → FAQ
Frequently asked.
01 Do you only work with OpenCTI?
No. OpenCTI is where we hold formal partnership, but we also stabilize and harden MISP, TheHive, Authentik, Matrix, Wazuh, Proxmox, Vaultwarden, n8n, among others. See Technologies.
02 Do you offer 24/7 monitoring?
Custom availability — including 24/7 — is case by case, under formal contract, only for environments we already operate. We do not publish a 24/7 SKU.
03 Do you work in classified environments?
Yes, depending on level and procedure. Team with real operational experience in defense public-sector organizations.
04 Can managed operations follow Rescue or Hardening?
Yes, by qualification, as a separate scoped contract. We do not promise managed coverage by default.
05 Is there an early-termination penalty?
No. 60-day notice from either party. If you internalize, we provide a documented handover at no additional cost.
06 Do you lock the platform with proprietary configs?
No. Everything we deploy is standard open source. Runbooks, configs and reference architectures stay with you after handover.
Your platform, in production-grade shape.
Tell us what you have and where it's stuck. If it fits, we'll say so directly.