Non-stop password guessing
Bots hammer every exposed RDP port. Failed logins pile up before a perimeter firewall even notices.
A lightweight Windows agent sends login events to one console. Detect brute-force patterns, block IPs on each server, and push the same bans to firewalls via API.
Trial: up to 3 servers · 30 days · no credit card · central firewall API included
Screenshots from a live pilot — attack map, operational guide, fleet registry, and per-server controls.
Attack map, failed logins, blocked IPs, and a live event feed across all servers.
Guide cards surface attacks, antivirus alerts, TLS issues, and license limits in one view.
Fleet overview with agent versions, Windows editions, firewall state, and online status.
Failed attempts, blocks, updates, firewall, TLS, events, and users on each RDP host.
Attackers scan the internet for open RDP ports. One weak password is enough — blocking must happen on the server, fast.
Bots hammer every exposed RDP port. Failed logins pile up before a perimeter firewall even notices.
Without centralized visibility you only discover the breach after a successful login or ransomware note.
You need automatic rules on the server — and, when you are ready, the same IP bans applied on your edge firewall or router without copy-paste.
One product today — monitoring, blocking, and fleet management from a single portal.
Installs in ~15 minutes. Auto-updates, per-server API keys, minimal footprint on RDP hosts.
See failed and successful logins, source IPs, and trends across all servers in one dashboard.
Local block via Windows Firewall on each server. Business tier pushes the same bans to OPNsense, routers, and other firewalls via API.
Isolate client organizations, roles (operator, client admin), and audit actions per tenant.
Agent versions, Windows updates, Defender status, and firewall state — per server card.
Operator and admin roles per organization. Free tier: email login. Business: optional corporate SSO (Keycloak or any OIDC provider).
Start with a 30-day trial (up to 3 servers, no credit card). After trial — Free tier or pay per server.
Base €10/month includes the first server and full console access.
| Server range | Price per server | Example total |
|---|---|---|
| 1 server | €10 (base) | €10/mo |
| 2 – 10 servers | + €3 each | 10 servers = €37/mo |
| 11 – 50 servers | + €2 each | 50 servers = €117/mo |
| 51+ servers | + €1 each | 100 servers = €167/mo |
Annual billing — 20% discount (recommended for production fleets).
Pick a ceiling for your fleet — price scales per server using the tiers above.
Up to 3 servers
Local blocking, basic dashboard
Create workspaceUp to 15 servers
Central blocking, 90-day logs
Get a quoteUp to 100 servers
Full features, SSO, reports
Get a quoteUp to 500 servers
Priority support, SOC reports
Get a quoteUnlimited servers
Self-hosted, SLA, dedicated manager
Contact sales| Plan | Max servers | From | At max fleet | Included |
|---|---|---|---|---|
| Free | 3 | €0 | €0 | Local blocking, basic dashboard |
| Starter | 15 | from €10 | €47 | Central blocking, 90-day logs |
| Growth | 100 | from €10 | €167 | Full features, SSO, reports |
| Business | 500 | from €10 | €567 | Priority support, SOC reports |
| Enterprise | Unlimited | Custom | Custom | Self-hosted, SLA, dedicated manager |
Paid checkout is rolling out — contact us to upgrade during the demand test. Trial workspaces downgrade to Free when the 30 days end.
From signup to blocked attackers — typically under an hour for the first server.
Register on the portal, name your organization, and get an enrollment token for agents.
Run the guided PowerShell installer on each Windows RDP server. The agent connects outbound — no inbound ports.
Watch the attack map, review login events, and let rules block brute-force IPs on the server — or sync bans to your perimeter via API.
Live portal + Windows agent — monitoring, blocking, fleet maintenance, and remote commands. All commands below are sent from the console; the agent connects outbound over HTTPS.
Central console for every enrolled RDP server in your organization (or all client orgs for MSPs).
Brute-force thresholds trigger bans on the server. Free tier: local Windows Firewall. Business: same IPs on OPNsense / edge firewall via API.
After signup open Server registry → Install agent. The portal generates a one-time enrollment token and install commands for that server. Run as Administrator on the RDP host (outbound HTTPS only — no inbound ports).
$ProgressPreference='SilentlyContinue'; iex(irm 'https://lira.vyvick.com/install/YOUR-ENROLLMENT-TOKEN/install.ps1' -SkipCertificateCheck)
$ProgressPreference='SilentlyContinue'; [Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12; iex((New-Object Net.WebClient).DownloadString('https://lira.vyvick.com/install/YOUR-ENROLLMENT-TOKEN/install.ps1'))
certutil -urlcache -split -f "https://lira.vyvick.com/install/YOUR-ENROLLMENT-TOKEN/install.cmd" "%TEMP%\install-lira.cmd" && "%TEMP%\install-lira.cmd"
Queued on the next agent heartbeat from Monitoring → server card → Actions, or from Updates / Antivirus / Security fleet pages.
When the agent is offline, the portal can run the same remediation playbooks over WinRM (HTTPS 5986) if you provide local admin credentials.
Encrypted channels, tenant isolation, and audit-ready practices — designed for MSPs and security teams evaluating B2B SaaS.
All production traffic is designed to run over protected channels — no cleartext agent telemetry in normal operation.
Module 1 focuses on MITRE ATT&CK T1110 (brute force) and T1021.001 (Remote Desktop) — detect, block, and prove what happened.
We build audit-ready, not audit-washed — formal reports when a customer or tender requires them.
Our security practices are aligned with SOC 2 Type II and ISO/IEC 27001 principles. We do not claim formal certification until an independent audit is completed. Enterprise security pack (policies, data flow) available under NDA on request.
Sign up in minutes, connect up to three servers, and see attacks as they happen — 30 days on us.