Self-service signup · 30-day trial · from €10/mo

Monitor RDP attacks. Block attackers on the server.

A lightweight Windows agent sends login events to one console. Detect brute-force patterns, block IPs on each server, and push the same bans to firewalls via API.

Trial: up to 3 servers · 30 days · no credit card · central firewall API included

See the console in action

Screenshots from a live pilot — attack map, operational guide, fleet registry, and per-server controls.

Operations monitoring

Operations monitoring

Attack map, failed logins, blocked IPs, and a live event feed across all servers.

What needs attention now

What needs attention now

Guide cards surface attacks, antivirus alerts, TLS issues, and license limits in one view.

Server registry

Server registry

Fleet overview with agent versions, Windows editions, firewall state, and online status.

Per-server detail

Per-server detail

Failed attempts, blocks, updates, firewall, TLS, events, and users on each RDP host.

RDP brute-force does not wait for your next patch cycle

Attackers scan the internet for open RDP ports. One weak password is enough — blocking must happen on the server, fast.

Non-stop password guessing

Bots hammer every exposed RDP port. Failed logins pile up before a perimeter firewall even notices.

Each server is on its own

Without centralized visibility you only discover the breach after a successful login or ransomware note.

Manual blocking does not scale

You need automatic rules on the server — and, when you are ready, the same IP bans applied on your edge firewall or router without copy-paste.

Built for RDP farms and managed service providers

One product today — monitoring, blocking, and fleet management from a single portal.

Lightweight Windows agent

Installs in ~15 minutes. Auto-updates, per-server API keys, minimal footprint on RDP hosts.

Attack map & event log

See failed and successful logins, source IPs, and trends across all servers in one dashboard.

Automated blocking

Local block via Windows Firewall on each server. Business tier pushes the same bans to OPNsense, routers, and other firewalls via API.

Multi-tenant workspaces

Isolate client organizations, roles (operator, client admin), and audit actions per tenant.

Fleet maintenance

Agent versions, Windows updates, Defender status, and firewall state — per server card.

Team roles & access

Operator and admin roles per organization. Free tier: email login. Business: optional corporate SSO (Keycloak or any OIDC provider).

Simple pricing in euros

Start with a 30-day trial (up to 3 servers, no credit card). After trial — Free tier or pay per server.

Per-server pricing

Base €10/month includes the first server and full console access.

Server range Price per server Example total
1 server €10 (base) €10/mo
2 – 10 servers + €3 each 10 servers = €37/mo
11 – 50 servers + €2 each 50 servers = €117/mo
51+ servers + €1 each 100 servers = €167/mo
  • 5 servers → €10 + 3×4 = €22/mo
  • 25 servers → €10 + 3×9 + 2×15 = €67/mo
  • 80 servers → €10 + 3×9 + 2×40 + 1×30 = €147/mo

Annual billing — 20% discount (recommended for production fleets).

Plans & limits

Pick a ceiling for your fleet — price scales per server using the tiers above.

Free

Up to 3 servers

€0 after trial

Local blocking, basic dashboard

Create workspace

Starter

Up to 15 servers

from €10 up to €47/mo

Central blocking, 90-day logs

Get a quote

Growth

Up to 100 servers

from €10 up to €167/mo

Full features, SSO, reports

Get a quote

Business

Up to 500 servers

from €10 up to €567/mo

Priority support, SOC reports

Get a quote

Enterprise

Unlimited servers

Custom tailored quote

Self-hosted, SLA, dedicated manager

Contact sales
PlanMax serversFromAt max fleetIncluded
Free 3 €0 €0 Local blocking, basic dashboard
Starter 15 from €10 €47 Central blocking, 90-day logs
Growth 100 from €10 €167 Full features, SSO, reports
Business 500 from €10 €567 Priority support, SOC reports
Enterprise Unlimited Custom Custom Self-hosted, SLA, dedicated manager

Paid checkout is rolling out — contact us to upgrade during the demand test. Trial workspaces downgrade to Free when the 30 days end.

Live in three steps

From signup to blocked attackers — typically under an hour for the first server.

01

Create your workspace

Register on the portal, name your organization, and get an enrollment token for agents.

02

Install the agent

Run the guided PowerShell installer on each Windows RDP server. The agent connects outbound — no inbound ports.

03

Monitor and block

Watch the attack map, review login events, and let rules block brute-force IPs on the server — or sync bans to your perimeter via API.

Who it is for

MSPs & hostersOne console, many client orgs, clear audit trail.
Internal ITProtect a small RDP farm from one console — local block on day one.
Security teamsVisibility before you add MFA or VPN modules.
EU · LATAM · UA · DEPortal available in EN, ES, DE, UK — RU legacy supported.

What the product does today

Live portal + Windows agent — monitoring, blocking, fleet maintenance, and remote commands. All commands below are sent from the console; the agent connects outbound over HTTPS.

Monitoring & visibility

Central console for every enrolled RDP server in your organization (or all client orgs for MSPs).

  • Collect Windows Security events 4624 (success) and 4625 (failure) for RDP logon type 10
  • Attack map with source countries, risk scores, and drill-down to IP details
  • Live feed of authentication events; filters for attacks vs successful logins
  • Guide dashboard — urgent and attention cards (attacks, Defender, TLS, licenses, connectivity)
  • Login journal with source IP, username, result, and server
  • RDP session view — active and ended sessions across the fleet
  • Audit log of portal actions (blocks, unblocks, installs, role changes)

Automatic & manual IP blocking

Brute-force thresholds trigger bans on the server. Free tier: local Windows Firewall. Business: same IPs on OPNsense / edge firewall via API.

  • Auto-block attacker IPs locally on each Windows server (Windows Firewall rules)
  • Central block sync to OPNsense and compatible firewalls (Business tier)
  • Blocks list — active bans with server, reason, and timestamp
  • Manual unblock from the portal (database + firewall rule removal)
  • Trusted IP whitelist (CIDR) — excluded from auto-block; can lift existing bans
  • Per-server Blocks tab — view and manage local firewall rules for that host

Server registry & per-host management

  • Fleet table: hostname, IP, organization, agent version, Windows edition, firewall, online status
  • License slots per organization (free tier: up to 3 servers)
  • Per-server card tabs: Info, Actions, Updates, Antivirus, Firewall, TLS, Events, Users, Blocks, WinRM
  • Agent auto-update pushed from the portal on heartbeat
  • Per-agent API token — rotate from the console; no shared fleet token in production
  • Multi-tenant workspaces with operator / client-admin roles and scoped data access

Install the Windows agent

After signup open Server registry → Install agent. The portal generates a one-time enrollment token and install commands for that server. Run as Administrator on the RDP host (outbound HTTPS only — no inbound ports).

PowerShell 7+ (when pwsh is available)
$ProgressPreference='SilentlyContinue'; iex(irm 'https://lira.vyvick.com/install/YOUR-ENROLLMENT-TOKEN/install.ps1' -SkipCertificateCheck)
PowerShell 5.1 (default on Windows Server)
$ProgressPreference='SilentlyContinue'; [Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12; iex((New-Object Net.WebClient).DownloadString('https://lira.vyvick.com/install/YOUR-ENROLLMENT-TOKEN/install.ps1'))
CMD via certutil (clipboard-safe on some RDP sessions)
certutil -urlcache -split -f "https://lira.vyvick.com/install/YOUR-ENROLLMENT-TOKEN/install.cmd" "%TEMP%\install-lira.cmd" && "%TEMP%\install-lira.cmd"

Remote commands — agent queue (online servers)

Queued on the next agent heartbeat from Monitoring → server card → Actions, or from Updates / Antivirus / Security fleet pages.

  • wu_check / wu_install — scan and install Windows Update patches
  • wu_policy — set Windows Update auto-install policy (AUOptions)
  • defender_check — refresh Defender status and threat list
  • defender_scan — quick or full scan; defender_realtime — enable/disable real-time protection
  • firewall_check / firewall_set — read or enable Windows Firewall profile
  • reboot / reboot_schedule / reboot_schedule_clear — immediate or scheduled restart
  • rdp_tls deploy / check — deploy portal TLS certificate to RDP listener or verify binding
  • enable_winrm — Enable-PSRemoting, start WinRM, open Remote Management firewall group
  • restart_agent_service — restart VyvickRdpAgent Windows service
  • collect_diagnostics — hostname, agent/WinRM service state, disk space (JSON)

Remote commands — WinRM fallback

When the agent is offline, the portal can run the same remediation playbooks over WinRM (HTTPS 5986) if you provide local admin credentials.

  • check_winrm — probe WinRM service and connectivity
  • enable_winrm — runs Enable-PSRemoting -Force, sets service to Automatic, opens firewall
  • restart_agent_service — Restart-Service VyvickRdpAgent
  • collect_diagnostics — same JSON snapshot as the agent command

Access, licenses & integrations

  • Email signup and login; optional email verification when SMTP is configured
  • Business: SSO via Keycloak or any OIDC provider
  • License panel — plan, server quota, manual plan changes (superadmin)
  • RBAC — grant/revoke portal permissions per user and organization
  • Portal UI in EN, ES, DE, UA (+ legacy RU); marketing site in four languages
  • Optional GeoIP enrichment for attack map (MaxMind)

Security & trust

Encrypted channels, tenant isolation, and audit-ready practices — designed for MSPs and security teams evaluating B2B SaaS.

Encrypted communication

All production traffic is designed to run over protected channels — no cleartext agent telemetry in normal operation.

  • Portal and API over HTTPS (TLS); secure session cookies in production
  • Windows agent connects outbound only — no inbound ports required on RDP servers
  • Agent ↔ portal API authenticated with per-server tokens (rotatable from the console)
  • Optional WinRM remediation over HTTPS (port 5986) when the agent is offline
  • RDP TLS certificate deployment from the portal to harden the RDP listener
  • SMTP for verification email over TLS (STARTTLS or SMTPS, depending on provider)

Identity, access & tenancy

  • Multi-tenant workspaces — each organization's data scoped by organization_id
  • Role-based access: operator, client admin, superadmin with least-privilege defaults
  • Per-agent API tokens; shared fleet token disabled in production deployments
  • Enrollment install tokens stored hashed — not kept as reversible plaintext in the database
  • Optional email verification on signup when SMTP is configured
  • Business tier: corporate SSO via Keycloak or any OIDC provider
  • Optional MFA for portal operators (TOTP) — enrollment secrets can be stored in OpenBao vault

Secrets & data protection

  • Application secrets encrypted at rest (Fernet); migration on startup for legacy rows
  • Optional OpenBao (HashiCorp Vault-compatible) for platform secrets — Stripe, OPNsense API, MFA TOTP seeds
  • No payment card data stored — billing skeleton uses Stripe hosted checkout when enabled
  • Configurable event retention per plan; privacy policy describes IP, email, and Windows logon metadata
  • GeoIP enrichment optional (MaxMind) — source IPs for attack map only
  • Production startup checks block weak defaults (shared agent token, missing session secret)

Detection, response & audit

Module 1 focuses on MITRE ATT&CK T1110 (brute force) and T1021.001 (Remote Desktop) — detect, block, and prove what happened.

  • Central audit log: blocks, unblocks, agent install, role changes, maintenance commands
  • Authentication event journal (4624/4625) with retention limits on free tier
  • Automatic IP block on server; optional sync to OPNsense / edge firewall (Business)
  • Trusted IP whitelist with audit trail when bans are lifted
  • Guide dashboard surfaces Defender threats, pending updates, and RDP TLS misconfiguration
  • Signup funnel logging for superadmin review (attempts, success, failures)

Compliance alignment (roadmap)

We build audit-ready, not audit-washed — formal reports when a customer or tender requires them.

  • Practices mapped to SOC 2 Security & Availability, ISO 27001, GDPR transparency
  • CIS Controls v8 and NIST CSF 2.0 narrative for RDP / Zero Trust positioning
  • Privacy Policy and Terms published on this site (EN / UA / ES / DE)
  • Incident response and data retention policies available to enterprise customers under NDA
  • PCI DSS out of scope — card processing delegated to Stripe; no CHD in our database

Your infrastructure stays yours

  • Agent runs as a Windows service on your servers — you control patching and hardening
  • Blocking executes locally via Windows Firewall; central API push is optional
  • No requirement to expose RDP to the internet for agent connectivity
  • Self-hosted portal deployment supported — same codebase, your network boundary
  • OpenBao can run on a separate VM in your LAN; portal reaches it over private network only

Our security practices are aligned with SOC 2 Type II and ISO/IEC 27001 principles. We do not claim formal certification until an independent audit is completed. Enterprise security pack (policies, data flow) available under NDA on request.

Test demand on your RDP fleet

Sign up in minutes, connect up to three servers, and see attacks as they happen — 30 days on us.