Free for personal use · Up to 10 devices

Know your
security posture
— always.

Lorika is a Device Trust Platform that verifies endpoint security posture before granting access. 210+ security checks across 13 categories, 18 compliance frameworks, CVE scanning, and a real-time Security Score for every device. One agent. One dashboard. Zero Trust.

Open dashboard How it works →
Available for macOS Windows Linux iOS · coming soon Android · coming soon
MacBook Pro — work
Good
82
🟢 Firewall enabled
🟢 Disk encryption active (FileVault)
🟡 Screen lock: 10 min (recommended: 2)
🟢 OS up to date · macOS 15.3
🔴 SSH root login allowed
Last scan: 4 min ago · Next: in 60s · Delta scan: 3 checks changed
210

Automated security checks

18

Compliance frameworks

3

Operating systems

13

Security categories

Live · v0.10.0

What’s working today

These features are implemented, deployed, and running in production right now.

210+ Security Checks

Auth, Network, Filesystem, Kernel, Software, Services, SSH, Audit — across macOS, Windows, and Linux. Continuous device security posture assessment.

18 Compliance Frameworks

CIS Controls v8.1, NIST 800-53, NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS v4.0, NIS2, CMMC, DORA, EU CRA, and more. With custom framework builder.

Software Inventory

Full package list via dpkg, rpm, apk, pacman, brew. Searchable. Tracked per scan for change detection.

Delta Scans

Agent caches previous results and only sends changed checks. ~90% bandwidth reduction on repeat scans.

Multi-Provider SSO

Sign in with Google Workspace or personal Gmail. Token rotation on every refresh. 30-minute idle auto-logout.

Multi-Tenant Orgs

Corporate domains auto-create organisations. Join by invite code or admin email. RBAC (admin/member).

Resource Monitoring

CPU, RAM, disk usage per device. Historical tracking. Infrastructure health dashboard (API, DB, Redis status).

Silent Auto-Update

Agent updates itself on startup + every 6 hours. SHA-256 verified. Zero downtime, zero user interaction.

i18n + Geo-IP

Dashboard in English + Ukrainian. Device country detection via Cloudflare. Real client IP behind proxies.

Vulnerability Scanning

Every installed package is matched against OSV.dev CVE databases. Severity breakdown (Critical/High/Medium/Low), fix availability tracking, per-device CVE timeline.

Network & Services Discovery

Open port scanning, exposed service detection (20+ dangerous services), NAT detection, and external reachability verification.

Automated Fleet Lifecycle

Stale agents auto-deactivated after 30 days. Inactive accounts get email warnings before cleanup. Zero manual fleet maintenance.

How it works

Three steps. No configuration required.

1

Sign up & install

Create a free account. Your personalised install command is waiting in the dashboard — one line, unique to your organisation. Paste it, and the agent enrols automatically.

2

Agent runs silently

Lorika runs 210+ security checks with a three-timer architecture: quick scans every 15 min, full scans every 60 min. HMAC-signed payloads, delta compression, zero CPU overhead.

3

See your Security Score

Open the dashboard to see your live score, compliance status across 18 frameworks, per-device drill-down, and trend history.

210+ security checks across 13 categories

Comprehensive assessment — macOS, Windows, and Linux. Each check contributes to your weighted Security Score.

🔒

Auth & Access Control

  • Password policy enforcement
  • SSH hardening (root login, key auth)
  • Brute-force protection (fail2ban)
  • NOPASSWD sudoers detection
  • MFA/2FA enforcement
  • Admin group audit
🌐

Network Security

  • Firewall status
  • Risky open ports detection
  • Dangerous exposed services (Redis, MongoDB, SMB, RDP + 17 more)
  • DNS-over-TLS & NTP config
💾

Filesystem Security

  • Disk encryption (FileVault / LUKS / BitLocker)
  • World-writable files
  • SUID/SGID binaries
  • Home directory permissions
  • Sensitive file permissions
⚙️

Kernel & Hardening

  • ASLR, NX/DEP, SIP (macOS)
  • Secure Boot verification
  • SELinux / AppArmor status
  • Core dump disabled
  • Kernel module blacklist
📦

Software & Patches

  • Pending OS updates
  • Unattended upgrades config
  • EOL OS detection
  • Pending kernel reboot
  • Untrusted package repos
🖥️

Services & Docker

  • Screen lock timeout
  • Antivirus / EDR presence
  • Docker daemon not on TCP
  • Docker privileged containers
  • Docker Content Trust
🔑

SSH Hardening

  • PermitRootLogin disabled
  • PasswordAuth disabled
  • MaxAuthTries limit
  • AllowTcpForwarding
  • ClientAliveInterval
📝

Audit & Logging

  • auditd running
  • Log retention policy
  • Syslog configured
  • Privileged command audit rules

Built-in Compliance Frameworks

Pre-mapped controls for the most common security standards. Pass your next audit with evidence collected on autopilot.

CIS Controls v8.1 NIST 800-53 NIST CSF 2.0 NIST 800-171 ISO 27001 SOC 2 PCI DSS v4.0 NIS2 CMMC UK Cyber Essentials AU Essential Eight SG Cyber Essentials DORA EU CRA NBU №143 NBU №95 ДССЗЗІ №75 + custom
CIS L1

CIS Level 1

Essential security hygiene benchmarks. Practical baseline for all workstations and servers.

NIST

NIST 800-53

US federal security controls baseline. Required for government contractors and FedRAMP.

ISO

ISO 27001

International ISMS standard. Map endpoint controls to your ISO 27001 certification requirements.

SOC 2

SOC 2 Type II

Automated endpoint evidence collection for SOC 2 audits. Every check mapped to SOC 2 controls — export a report when your auditor asks.

PCI

PCI DSS v4.0

Payment card industry data security. Continuous endpoint compliance for cardholder environments.

НБУ

NBU Resolution №143

Information security requirements for non-banking financial service providers regulated by NBU. 16 controls covering authentication, passwords, logging, network security, and OS hardening.

НБУ

NBU Resolution №95

Information security requirements for banks regulated by the National Bank of Ukraine. 18 controls covering MFA, account lockout, encryption, antivirus, network segmentation, and workstation hardening.

ДССЗЗІ

SSSCIP Order №75

Catalog of Cybersecurity Measures for critical infrastructure operators (NIST CSF 2.0). 14 controls covering identity management, data protection, platform security, network resilience, and continuous monitoring.

Continuous SOC 2 compliance. Without the spreadsheet chaos.

Automated evidence collection on every device, every day.

SOC 2 Type II requires ongoing evidence that your endpoints are secure — not just at audit time. Lorika maps every security check to SOC 2 controls and collects evidence automatically. When your auditor asks, you export a report. That’s it.

Need a custom framework? Build your own in the dashboard with custom control mappings.

View compliance dashboard →

Platform Evolution

From endpoint audit to a full Cybersecurity & IT Operations ecosystem — one agent, one dashboard, growing with your organisation.

✓ Phase 1 · Live Now
🛡️

The Auditor — Security Foundation

Know what’s wrong. Prove what’s right.

210+ security checks, 18 compliance frameworks, delta scans, software inventory, resource monitoring, multi-provider SSO (Google, Microsoft, GitHub, X, Apple), multi-tenant organisations, guided onboarding, and a full dashboard — deployed and running.

  • 210+ checks across 13 categories (macOS/Win/Linux)
  • 18 frameworks: CIS, NIST, ISO, SOC 2, PCI DSS, NIS2, DORA & more
  • Token rotation & 30-min idle timeout
  • Infrastructure health monitoring
  • Automated fleet lifecycle management
✓ Phase 2 · Partial
🔬

The Analyst — Vulnerability & Risk Intelligence

More than auditing — continuous risk control.

Every installed package is cross-referenced against OSV.dev vulnerability databases. Severity breakdown, fix availability tracking, fleet vulnerability dashboard, and exposed services detection — deployed and running.

  • ✓ CVE matching against OSV.dev feeds
  • ✓ Severity tiers (Critical/High/Medium/Low)
  • ✓ Fix availability tracking
  • ✓ Network services & NAT detection
  • Coming: Security Risk Score (CVSS + CIS deviation)
  • Coming: SIEM export to Elastic/Splunk
Coming · Phase 2
🔧

Active Remediation

Don’t just detect — fix automatically.

In paid tiers, the agent applies security fixes: enable firewalls, harden SSH, configure screen lock, deploy unattended upgrades. All actions logged, admin-approved, with dry-run preview.

  • One-click fix for detected issues
  • Admin approval workflow
  • Dry-run preview before apply
  • Full audit trail of all changes
Coming · Phase 3 · The Controller
🔑

Adaptive Conditional Access

Trust, but verify the device state.

Integrate with your Identity Provider. If a device’s Risk Score drops below the threshold — access to corporate systems is blocked until issues are resolved.

  • Okta, Google Workspace, JumpCloud, Azure AD
  • Three-tier trust: compliant / limited / blocked
  • Real-time enforcement on score change
  • Automatic access restoration after fix
Coming · Phase 3
📱

Mobile Agent — Read-Only Advisor

BYOD-friendly. Privacy-first. No MDM required.

A lightweight iOS & Android app that checks device security (OS version, passcode, encryption, jailbreak) and calculates a Security Score — without invasive MDM permissions. Non-compliant devices are blocked from corporate resources via Conditional Access.

  • No wipe, no surveillance — advisory only
  • Standard App Store / Google Play distribution
  • Push notifications with remediation guidance
  • Conditional Access enforcement (Okta/Google)
Coming · Phase 3
☁️

Cloud & SaaS Security (CSPM)

Protection beyond the perimeter.

Automatic audit of cloud service configurations: AWS, Azure, GCP, and Google Workspace. Detect open S3 buckets, excessive IAM permissions, and non-compliance — no agents needed in the cloud.

  • AWS, Azure, GCP, Google Workspace checks
  • Open storage & IAM overpermission alerts
  • Compliance mapping to CIS, SOC 2, PCI DSS
  • Scheduled & on-demand cloud scans
Coming · Phase 4 · The Guardian
🔒

ZTNA & Endpoint Defense

Zero Trust from agent to resource.

The agent evolves into a network access gateway. Every connection is verified against the device’s live Risk Score, with EDR integration and DNS filtering for malicious domains.

  • ZTNA — per-connection trust verification
  • EDR integration (Elastic/Endgame)
  • DNS filtering & domain blocking
  • Real-time anomaly detection
Coming · Phase 5 · The Ecosystem
🏢

IT Lifecycle & HRM

Single window for IT and HR.

From laptop issuance to digital offboarding checklist. Manage IT budgets, track licence costs, and automate identity lifecycle — all integrated with device security data.

  • IT asset registry with financial tracking
  • Software licence utilisation reports
  • Onboarding / offboarding automation
  • NFC badge + Geo-fencing mobile access

Works with your existing stack

Lorika is the posture layer; we don’t replace your EDR, MDM, or identity provider. Here’s what we live alongside today — and what’s next on the integration roadmap.

EDR (Endpoint Detection & Response)

  • CrowdStrike Falcon
  • SentinelOne Singularity
  • Microsoft Defender for Endpoint
  • Sophos Intercept X

MDM (Device Management)

  • Jamf Pro
  • Microsoft Intune
  • Kandji
  • Mosyle

Identity provider

  • Google Workspace
  • Microsoft Entra ID
  • GitHub OAuth
  • Okta · roadmap
  • JumpCloud · roadmap

SIEM & observability

  • Sentry (errors)
  • Prometheus / Grafana
  • Splunk · roadmap
  • Datadog · roadmap
  • Elastic SIEM · roadmap

Don’t see your tool? Most posture data is exportable as JSON or CSV today — drop us a line and we’ll add it to the roadmap.

Built for every scale

From personal devices to enterprise fleets — Lorika adapts to your needs.

👤

Personal

Understand how secure your own devices are. Free forever, up to 10 devices. Live Security Score with email alerts.

Free plan →
💼

Corporate Fleet

Manage hundreds of employee devices from one dashboard. Enforce security policies, automate patching, integrate with Okta or Google Workspace.

Contact sales →
📱

BYOD / Remote Teams

Let employees use personal devices safely. The mobile Read-Only Advisor checks security without invasive MDM permissions — blocking non-compliant devices from corporate resources.

Coming soon →
🛡️

Cyber Insurance

Use Security Score as objective evidence for policy pricing. Continuous monitoring replaces point-in-time assessments.

Contact us →
🏦

Banking & Fintech

Surface endpoint security in client-bank sessions. Use the score as a signal for suspicious payment detection and step-up authentication.

Contact us →
📊

Compliance & Audit

Map device checks to CIS, NIST, ISO 27001, SOC 2, PCI DSS. Continuous evidence collection. Export reports for auditors.

View frameworks →

Simple, transparent pricing

Start free. Scale when you need more.

Personal
Free forever
  • ✓ Up to 10 devices
  • ✓ 210+ security checks
  • ✓ 18 compliance frameworks
  • ✓ Vulnerability scanning (CVE)
  • ✓ Software inventory
  • ✓ Network services discovery
  • ✓ Multi-provider SSO
  • ✓ Threat Landscape & kill chain analysis
  • ✓ 90-day scan history
  • ✗ AI recommendations
  • ✗ Maturity assessment
  • ✗ Remediation actions
Get started
Popular
Business
€4 / device / month
  • ✓ Up to 100 devices
  • ✓ Everything in Personal
  • ✓ AI-powered security recommendations
  • ✓ Cybersecurity maturity assessment & roadmap
  • ✓ Industry benchmarking (29 industries)
  • ✓ Active remediation
  • ✓ CVE matching & Risk Score
  • ✓ Team management (RBAC) — 3 admins
  • ✓ Score sharing API & webhooks
  • ✓ 1-year scan history
  • ✓ Priority email support (48h)
  • ✗ SIEM / Jira integrations
  • ✗ Conditional Access
Get started
Enterprise
Custom pricing
  • ✓ Unlimited devices
  • ✓ Everything in Business
  • ✓ SIEM integration (Splunk, Elastic, Sentinel)
  • ✓ Jira / ServiceNow auto-ticketing
  • ✓ Slack & Teams native alerts
  • ✓ Advanced RBAC (Admin / Auditor / Viewer / Device Manager)
  • ✓ SSO (SAML / OIDC)
  • ✓ Conditional Access (Okta / Azure AD)
  • ✓ CSPM (AWS / GCP / Azure)
  • ✓ Full REST API
  • ✓ 2-year scan history + custom retention
  • ✓ Audit log (1 year + export)
  • ✓ Custom compliance frameworks
  • ✓ White-label reports
  • ✓ Dedicated support & SLA (99.9%, 4h response)
Contact sales

Why upgrade?

Personal → Business

  • AI recommendations — not just “what’s broken”, but “what to do and why”
  • Maturity roadmap — demonstrate progress to leadership and auditors
  • Industry benchmarking — compare your posture against peers in your sector
  • More than 10 devices
  • Active remediation — fix issues in one click

Business → Enterprise

  • SIEM integration — Lorika becomes part of your SOC ecosystem
  • Jira / ServiceNow — auto-create tickets from AI recommendations
  • Advanced RBAC — CISO sees everything, IT admin sees their devices, auditor gets read-only
  • SSO (SAML / OIDC) — mandatory for enterprise procurement
  • Full API — automation, custom dashboards, internal integrations
  • SLA + priority support — for companies where downtime = money

Supported Platforms

Sign in to your dashboard to get a personalised install command for your OS.

macOS

Apple Silicon (M1 / M2 / M3 / M4) & Intel

macOS 12 Monterey or later

Windows

x64 architecture

Windows 10 (1903+) or Server 2019+

Linux

x86_64 & ARM64 (aarch64)

Ubuntu 20.04+, Debian 10+, RHEL 8+, Fedora 38+

Go to dashboard for install command →

Frequently asked questions

Most of what customers ask before signing up. Still have a question? Email [email protected].

What is a Device Trust Platform — and how is it different from EDR or MDM?
A Device Trust Platform continuously verifies whether each endpoint is in a safe state before it accesses corporate resources. EDR detects active attacks; MDM enforces device configuration. Lorika sits between them: 210+ posture checks, mapped to 18 compliance frameworks, with a real-time Security Score for every device. We're the layer Zero Trust gateways consult to decide "is this device safe to grant access to right now?"
What does the agent collect — and do you read my files?
No file contents, no screen captures, no keystroke logging. The agent reads OS configuration: firewall state, disk-encryption status, password policy, installed-package list, network services, kernel hardening flags. The full check list is open and documented in our Trust Center. The agent runs as a least-privileged service account — read-only telemetry, no data modification.
Is the free Personal tier really free forever?
Yes — up to 10 devices, all 210+ checks, all 18 compliance frameworks, 90-day scan history, no credit card required, no time-limited trial. We mean "free forever" the way Cloudflare means it for their free DNS: a real product, not a pitch.
How long does it take to deploy across a fleet?
A single device: 47 seconds from sign-up to first Security Score. A 100-device fleet: usually a single afternoon. The agent installer is a one-line shell command on macOS/Linux and a signed MSI on Windows — deployable via Jamf, Intune, Group Policy, or any MDM. No manual configuration per device.
Where is my data stored?
EU data residency by default. Production database is encrypted at rest (LUKS, TPM-bound keys), backed up nightly to encrypted EU object storage, with a verified weekly restore drill. Full infrastructure transparency in our Trust Center. We never sell or share customer telemetry.
Do I need MDM permissions to install the agent?
No. The agent runs entirely in user space — no kernel extensions, no MDM enrolment required. That's by design: customers tell us MDM friction is the #1 reason endpoint security tools don't ship across BYOD fleets. Lorika installs like any other LSP-style daemon.
What happens when a device fails a check?
The Security Score drops, the failed check shows up in the dashboard with plain-English remediation guidance, and (if you've wired it up) a Zero Trust gateway can deny access to sensitive resources until the device passes again. Failures don't auto-quarantine — Lorika is a posture signal, not an enforcement layer.
Which compliance frameworks does Lorika support?
CIS Controls v8.1, NIST 800-53, NIST CSF 2.0, NIST 800-171, ISO 27001, SOC 2 Type II, PCI DSS v4.0, NIS2, CMMC, UK Cyber Essentials, AU Essential Eight, SG Cyber Essentials, DORA, EU CRA, NBU №143, NBU №95, ДССЗЗІ №75 — plus a custom-framework builder. Every check is pre-mapped, so the same evidence supports multiple audits.
How do I migrate from my current EDR / MDM?
You don't have to. Lorika is complementary, not replacement — it runs alongside EDR (CrowdStrike, SentinelOne, Defender) and MDM (Jamf, Intune, Kandji) without interference. Most customers keep both and use Lorika as the audit-and-Zero-Trust layer.
Where can I see the source — is the agent open?
The agent is open-source (and Sigstore-signed for supply-chain integrity). The dashboard backend is closed but extensively documented at docs.lorika.dev. Public SBOM at /api/v1/meta/sbom for procurement teams that want it.

Security by design

We take security seriously — it’s what we do, after all.

HMAC-SHA256 signed payloads

Every scan result is cryptographically signed with the device token. Tampered payloads are rejected.

Token rotation

Refresh tokens carry a version claim. Each refresh increments the version. Logout invalidates all sessions instantly.

Binary integrity

SHA-256 checksums verify agent binaries before installation and every auto-update cycle.

Cloudflare proxy

Server IP hidden behind Cloudflare. All DNS records proxied. Real client IP extracted via CF-Connecting-IP header.

Idle timeout

30-minute inactivity auto-logout. Activity tracked across all API interactions.

Zero secrets in code

All credentials via environment variables. Device tokens stored as SHA-256 hashes. Enrolment tokens expire in 24h, single-use.

Start monitoring your devices today

Free forever for personal use. No credit card required. 210+ checks, 18 frameworks, live Security Score.

Create free account →