ADCS Official Launch:
Automated Cybersecurity for SMBs

1. The Problem: Why SMBs Are the Primary Target

Cyberattacks on small and medium-sized businesses have surged over the past three years. According to multiple industry reports, over 60% of SMBs that suffer a major breach shut down within six months. Yet the security tools that exist have historically been designed for large enterprises with dedicated IT and security teams — organizations with the people and budget to interpret raw scan output and act on it.

The result is a predictable gap: SMBs know they're exposed, but don't know where to start. They run a vulnerability scanner, receive a 200-page PDF of findings, and have no clear path forward. The report sits unread. The risk stays unaddressed.

ADCS is designed specifically for organizations without a dedicated security team — companies where the CEO is also the IT manager, or where a small development team maintains the entire digital infrastructure alongside their core product work.

2. What is ADCS?

ADCS stands for Autonomous Defensive Cybersecurity System. The platform runs 54 specialized security scanners against your organization's digital attack surface — web applications, network services, cloud configurations, APIs, email security, SSL/TLS, data exposure, and more — and delivers results within 24 hours as a structured, actionable report.

But the report is only the beginning. Unlike conventional scanners that hand over findings and disappear, ADCS:

• Prioritizes vulnerabilities by combining CVSS technical scores with real-world business impact
• Generates step-by-step fix instructions specific to each finding — automatically
• Assigns findings as tasks to relevant team members via a dashboard
• Rescans after fixes to verify remediation was successful
• Issues a shareable security certificate once your score meets threshold — usable in vendor questionnaires, client pitches, and M&A due diligence
• Automatically maps scan results to 11 major compliance frameworks including IPA, GDPR, ISO 27001, and NIST CSF

The platform's tagline — "The Default Security Foundation for SMBs" — reflects a deliberate design choice: ADCS should be the baseline layer every company installs before anything else, not an advanced tool reserved for organizations that already have security maturity.

3. 3-Layer Security Maturity Architecture

ADCS is structured as a progressive maturity platform, not a one-off tool. The three layers build on each other:

Most organizations start at Layer 1 — understanding their current exposure and fixing it. As they grow, Layer 2 adds continuous monitoring. Layer 3 converts their security posture into auditable evidence for regulators, clients, and financial partners.

4. Inside the 54-Scanner Engine

The 54 scanners are organized into six categories, aligned with international standards including OWASP Top 10, CVSS, and MITRE ATT&CK. Each scanner runs independently and reports into a unified risk score.

External OSINT Intelligence (9 Sources)

In addition to active scanning, ADCS cross-references findings against nine external threat intelligence sources — pulling in data on known-bad IP addresses, leaked credentials, certificate histories, and exposed service inventories.

This combination of active scanning and passive OSINT provides a materially broader attack surface view than point-in-time scanning alone. Shodan indexes internet-connected devices globally; LeakCheck surfaces credential leaks that traditional scanners never see; SecurityTrails exposes DNS history that reveals previously exposed infrastructure.

5. 11 Compliance Frameworks, Auto-Mapped

One of the most time-consuming aspects of security compliance is translating technical findings into evidence that satisfies auditors. A vulnerability in your authentication system may be relevant to ISO 27001 Annex A, NIST CSF PR.AC controls, and GDPR Article 32 simultaneously — but drawing those connections manually takes significant expertise.

ADCS auto-maps every scan finding to the applicable frameworks. The result is a compliance dashboard that shows exactly where you stand against each regulation, and an auto-generated PDF that's submission-ready for auditors.

Compliance add-ons are available as one-time purchases starting at ¥29,800 per framework. Premium plan subscribers receive full access to all 11 frameworks at no additional cost.

6. CTEM: Continuous Threat Exposure Management

Traditional security assessments are snapshots. They tell you what was true on the day the scan ran. But attackers don't work on your schedule — new CVEs are published daily, attack techniques evolve, and your infrastructure changes continuously as features are added and services are updated.

CTEM (Continuous Threat Exposure Management) — selected by Gartner as a Top 10 Strategic Technology — addresses this by continuously measuring your organization's exposure and alerting you before risks escalate. ADCS implements CTEM on the Standard plan and above:

• Attack Path Simulation: Monthly automated simulation of which routes attackers would realistically use to infiltrate your systems, based on current configuration and known vulnerability data
• Risk Score Trends: A time-series view of your security score, so you can quantify the impact of fixes and identify areas trending in the wrong direction despite active remediation effort
• Instant CVE Assessment: When a new vulnerability is disclosed publicly, ADCS automatically evaluates whether your systems are affected and surfaces the finding immediately — no waiting for the next scheduled scan
• Industry Benchmarking: Compare your security score against companies in your sector and of similar size, providing an objective external reference point for board reporting and partner conversations

7. How ADCS Differs from Competitors

The automated security scanning market has several established players. Based on a review of their public documentation and feature sets in March 2026, ADCS differs in three areas that matter most to SMBs without dedicated security teams:

Capability	ADCS	Typical Competitors
Target audience	SMBs without IT staff	Dev teams or enterprise
Auto fix instructions	✓ Auto-generated per finding	✗ Raw findings only
Rescan after fix	✓ Included	✗ Manual re-trigger / paid
Shareable security link	✓ Included	✗ Not available
11-framework compliance mapping	✓ Auto-mapped	✗ OWASP only (at best)
IPA SECURITY ACTION support	✓ Application guide included	✗ Not available
CTEM (continuous exposure mgmt)	✓ Standard plan and above	✗ Partial or unavailable

The most significant differentiation is the end-to-end loop. Competitors stop at discovery — they find vulnerabilities and hand over a report. ADCS closes the loop: find → prioritize → fix instructions → assign → verify → certificate. For an SMB where the person running the scan is also the person expected to fix the issues, this distinction is the difference between a useful tool and an unused one.

8. Pricing and Plans

ADCS is available in four tiers, designed to match different organizational needs. All subscription plans include a 20% discount when billed annually.

Annual billing reduces all subscription plan pricing by 20%: Starter becomes ¥23,840/month, Standard ¥47,840/month, Premium ¥79,840/month — billed once annually.

Compliance Add-On Pricing

For Starter and Standard plan subscribers who need specific compliance frameworks, add-ons are available as one-time purchases:

• IPA SECURITY ACTION SA1: ¥29,800
• IPA SECURITY ACTION SA2: ¥49,800
• APPI (Japan): ¥29,800
• GDPR: ¥49,800
• NIST CSF / SOC 2: ¥49,800 each
• ISO 27001: ¥79,800
• PCI DSS / CMMC / NIS2: ¥79,800 each

Premium plan subscribers receive all frameworks included with their subscription.

9. Data Security and Infrastructure

Given that ADCS scans your organization's attack surface, the question of where your data goes and how it's protected is legitimate and important.

• Scan scope: Only the target domain you authorize is scanned. No lateral expansion without explicit permission.
• Encryption: All collected data is encrypted at rest with AES-256.
• Data residency: Hosted on servers in Japan (Railway infrastructure + Supabase).
• Third-party sharing: Scan data is never shared with third parties.
• Payments: Processed via Stripe (PCI DSS Level 1 certified). Card numbers are never stored on Avisail's servers. Bank transfer is also accepted.
• APPI & GDPR: ADCS is designed to comply with Japan's Act on Protection of Personal Information and GDPR. Data export, deletion, and consent management are built into the platform.

We consider it a basic requirement that a security platform be held to the same standards it measures in others. ADCS practices what it preaches.

10. How to Get Started

The recommended path for most organizations is:

1. Free self-check — Answer 10 questions about your current security posture and receive an instant scored report. No signup required, runs entirely in your browser. This gives you a baseline and helps you understand which ADCS tier is right for your situation.
2. Spot assessment — A one-time ¥50,000 full scan if you want the complete picture before committing to a subscription. Delivered within 24 hours.
3. Starter subscription — Move to monthly scanning at ¥29,800/month once you've seen the value. Add compliance frameworks as needed.
4. Standard — When you're ready for continuous monitoring and want CTEM capabilities to track your security posture over time.

For organizations with an immediate compliance deadline — IPA SECURITY ACTION certification, an ISO 27001 audit, or a GDPR review — contact us directly at info@avisail.com and we'll identify the fastest path to the documentation you need.