Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
HailBytes offers two cloud-native security product lines: HailBytes SAT for phishing simulations and security awareness training, and HailBytes ASM for continuous attack surface management and external reconnaissance. Both are deployed to the customer's own cloud account via the AWS or Azure Marketplace, emphasizing self-hosting, auditable source code (ELv2 source-available), and a non-multi-tenant SaaS architecture.
In terms of protection types, SAT covers employee phishing drills, 45+ templates, post-click training, PDF certificates, resilience scoring, department leaderboards, and one-click Outlook reporting; ASM provides 30+ reconnaissance tools, a 7-stage scanning pipeline, subdomain enumeration, port and vulnerability scanning, cloud asset discovery, exposure clustering, and SARIF export. For deployment, it supports one-click launch on AWS/Azure, with the official claim that instances can be started in 5–10 minutes. Management and alerting capabilities are quite comprehensive, including audit logs, reports, Webhooks, Slack/Jira/SIEM notifications, as well as integrations like API, MCP Server, SCIM, OIDC, and SAML.
Pricing is very clear: both SAT and ASM are $0.24/vCPU/hour, with a recommended 2 vCPU instance costing about $4,200/year. There are no per-user, per-asset, or per-scan fees, and a 30-day free trial is available. For organizations with thousands of employees or massive assets, this infrastructure-based billing is more predictable than a per-seat model. In terms of compliance, the documentation states that audit evidence for SOC 2, HIPAA, PCI-DSS, NIST CSF, and ISO 27001 can be exported, but it does not claim that HailBytes itself holds these certifications.
Pros include data staying in the customer's cloud account, costs scaling linearly with VMs rather than headcount, SAT and ASM covering both the human layer and technical perimeter, and white-label capabilities suitable for MSSPs. Limitations include a heavy reliance on the AWS/Azure Marketplace; pricing and SLAs for optional support tiers are not fully disclosed; and there is insufficient information regarding access, payment, and local compliance in mainland China. It is particularly well-suited for enterprise security teams, penetration testing firms, and MSSPs that already have AWS/Azure procurement systems in place and prefer to self-host their security data.
The main text provides no information on direct connectivity, payments, local invoicing, or cloud marketplace availability in mainland China, so China access can only be rated as unknown. Domestic users may need to specifically verify the purchasability on AWS/Azure Marketplace, network connectivity, email deliverability, the availability of Microsoft 365/Google Workspace integrations, and whether they need to opt for local alternatives for security awareness training or attack surface management.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on hailbytes.com official site.
hailbytes.com is an United States Security provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach hailbytes.com directly.