Frequently Asked Questions

sEyeber Hub is a NIST CSF 2.0 cybersecurity compliance platform purpose-built for financial services firms. It uses read-only Microsoft 365, Entra, Azure, Intune, and Defender connectors to discover security posture, then maps observations and findings to NIST CSF 2.0 subcategories and generates AI-suggested questionnaire answers with supporting evidence.

sEyeber Hub is built for small and mid-sized financial services firms: registered investment advisers (RIAs), broker-dealers, wealth managers, hedge funds, and private equity firms operating under Regulation S-P, FINRA Rule 3110, and similar cybersecurity oversight. The product is designed for firms that need to demonstrate a mature cybersecurity program without a full-time security team.

Traditional GRC tools are questionnaire-first: you answer hundreds of control questions, attach documents, and hope nothing drifts. sEyeber Hub is discovery-first: connectors observe your environment, AI proposes answers backed by evidence, and you review rather than author. The result is a NIST CSF 2.0 profile that reflects what is actually configured, not what someone remembered to type in.

The Microsoft-First v1.0 MVP connects to a single Microsoft tenant via a read-only Entra ID application. From there, collectors cover Entra (identity, conditional access, MFA), Azure Resource Inventory (subscriptions, resources, policy), Intune (device management, compliance), Microsoft Defender (endpoint, identity, and email alerts), and optionally Defender for Cloud Apps. Additional providers are planned after v1.0.

No. sEyeber Hub is agentless. All discovery is performed through read-only API calls to Microsoft Graph, Azure Resource Manager, Intune, and Defender. There is no software to deploy on endpoints, servers, or workstations.

No. The Microsoft-First v1.0 connector is configured with read-only Microsoft Graph and Azure scopes. sEyeber Hub does not change configuration, deploy policies, modify users, or push remediations. Discovery is observation-only by design — keeping blast radius minimal and easing security review with your IT team.

v1.0 focuses exclusively on Microsoft 365, Entra, Azure, Intune, and Defender. Most target customers — small and mid-sized RIAs and broker-dealers — already standardize on Microsoft 365, so this gives broad coverage on day one. Google Workspace, AWS, and Okta connectors are on the roadmap but are not in v1.0.

Connector data flows through a deterministic pipeline: Collect → Normalize → derive Observations → generate Findings using rules → produce Suggested Answers tied to specific NIST CSF 2.0 subcategories. Each suggested answer cites the underlying evidence (e.g., “MFA enforced for 94% of privileged users via conditional access policy X”) so a human reviewer can accept, edit, or reject the proposed answer.

The Microsoft-First v1.0 collectors are designed to provide signal for roughly 20% of the 106 CSF 2.0 subcategories — concentrated in Identify (asset and identity inventory), Protect (identity, access, configuration), and Detect (alerting and logging). The remaining subcategories require human input through the questionnaire, supplemented by uploaded evidence. Coverage expands as additional providers ship.

No. sEyeber Hub is an evidence and discovery platform — it accelerates, structures, and documents the assessment process, but it does not replace human judgment, an assessor’s professional opinion, or formal third-party audit. The platform is designed to make the work an assessor or fractional CISO does dramatically more efficient.

Each customer organization is designed to operate inside its own tenant boundary in the sEyeber Hub data model, with separate access control, storage scope, and AI processing context. One firm’s scan data, evidence, prompts, and generated outputs are not used as context for another firm’s workflows.

AI is used to (1) suggest questionnaire answers from observed evidence, (2) draft narrative summaries, and (3) propose remediation language. AI processing is organization-scoped: a firm’s data stays inside its own processing boundary. Customer scan data is not used to train shared models unless the customer explicitly opts in.

Application data is stored in Neon (PostgreSQL) in the United States. The application runs on Fly.io with the marketing site on Netlify. Payments are processed through Stripe so card data never touches the sEyeber Hub application. Each vendor has its own SOC 2 / ISO 27001 posture; details are summarized on the Security page.

On cancellation, customers can export their NIST CSF profile, evidence, and findings. Customer data is then scheduled for deletion from production systems within a defined retention window. Backups are aged out per the standard retention policy. Specific timelines will be published in the data processing addendum.

Pricing is per-organization with tiers based on firm size (employee count and assets under management), billed monthly through Stripe. AI usage and connector API calls beyond included thresholds are billed as a separate line item so customers see the full cost of compute. Detailed pricing is finalized at early-access conversion.

Request early access from the homepage. The early-access flow walks through firm size, current Microsoft tenant, and target NIST CSF 2.0 use cases. Once approved, onboarding takes a single Microsoft global-admin consent grant for the read-only application registration, after which discovery can begin.