Trusted by security teams in
- Banking & Finance
- Healthcare
- Energy & Utilities
- Government & Defence
- Telecommunications
- Manufacturing
A measurable security posture
What our engagements typically deliver inside the first six months.
60%
Reduction in critical-risk findings after a Sandline-led remediation cycle
3×
Faster audit-evidence preparation vs. spreadsheet-based vulnerability tracking
< 24h
Median time to triage and contain a confirmed incident, on retainer
15+
Years of offensive-security and risk-management experience on the team
Three differences that show up in the first call
We are not a generic MSSP. We are a small, deep, senior team — and we build our own RBVM platform.
Senior engineers only
Every engagement is led end-to-end by an engineer with 10+ years of relevant experience. We do not subcontract delivery to juniors. You speak with the person doing the work, not an account manager.
Same method, services and product
We build Centraleyezer, our RBVM platform. The six-factor contextual model that powers the product is the same model we use to score findings in pentests, red-team operations and vulnerability programmes.
Audit-ready evidence
Findings ship pre-mapped to NIS2, DORA, ISO 27001, PCI-DSS, CRA and GDPR — by article and sub-clause. Your auditor gets reusable evidence, not a report that needs translating.
Seven services. One operating model.
Each engagement starts from your business risk, not from a generic checklist. The output is evidence your auditor can use and a remediation plan your engineers can execute.
Red Team
Realistic adversary simulation that measures how your detection, response and people behave under a sustained attack — not how a checklist looks on paper.
See servicePenetration Testing
Targeted, scope-bounded testing of an application, network segment, cloud account or product. Hands-on attack work that produces audit evidence and a fix plan.
See serviceVulnerability Assessment
Continuous, contextual vulnerability management across your infrastructure, web estate and code — powered by our Centraleyezer platform.
See serviceHuman Vulnerability
Phishing simulation, vishing and physical-access exercises that measure how your people behave under realistic social-engineering pressure.
See serviceCyber Threat Intelligence
Sector-specific threat intelligence that feeds your detection, vulnerability prioritisation and incident playbooks — not a daily news feed.
See serviceIncident Response & Recovery
On-retainer or on-demand response to confirmed incidents. Containment, forensics, recovery and the regulatory notifications NIS2 and GDPR require.
See serviceCybersecurity Training
Role-based training for engineers, security teams and the board. Hands-on labs, not slide decks.
See serviceFrom noise to clear action
A consistent three-step engagement model that anchors every Sandline project, from a one-off pentest to an ongoing managed programme.
Discover & scope
We map your assets, your business criticality and your regulatory drivers. We agree on the rules of engagement before we touch a system.
Test & score
Our engineers run the engagement and score every finding by real business risk — using the same contextual model that powers Centraleyezer.
Remediate & verify
We hand over a prioritised remediation plan, support fix verification, and produce the audit-ready evidence your CISO and your auditor need.
Built for the regulatory reality
NIS2 mandates vulnerability management. DORA enforces ICT risk controls. ISO 27001 Annex A.8.8 demands it. PCI-DSS Requirement 6 enforces it. We address all of them in a single engagement model.
Centraleyezer — built by Sandline
Centraleyezer is our Risk-Based Vulnerability Management platform. It scores findings by real business risk, tracks remediation against SLAs, and produces the audit evidence NIS2, DORA, ISO 27001, PCI-DSS and CRA require.
Engagement Workspace · 90 days free
Every Sandline engagement includes a Centraleyezer SaaS deployment for 90 days where you generate reports on demand. At day 90 it either closes (your DOCX/PDF reports and attestation letter stay with you) or extends as a paid SaaS subscription if you want to keep using it.
Six-factor contextual risk score
DREAD
Damage / Reproducibility / Exploitability / Affected / Discoverability
Asset criticality
Per-asset business value
Network exposure
Internet-facing vs internal
Exploitability
In-environment, not internet-scale
CTI signals
Sector-specific actor activity
Human-AI loop
Adapts to your team’s response patterns
Frequently asked questions
What does Sandline do?
Sandline is a European cybersecurity firm based in Bucharest. We run penetration tests, red team exercises, vulnerability management programmes, incident response and security training. Sandline also builds and operates the Centraleyezer Risk-Based Vulnerability Management platform.
Who will I talk to on the first call?
A senior engineer who will lead the engagement, not an account manager. We use the first half-hour to agree on scope, the regulation you have to satisfy and the systems in scope.
Do you work with EU regulations?
Yes. Every engagement is mapped to NIS2, DORA, ISO 27001, PCI-DSS, the EU Cyber Resilience Act and GDPR — by article and sub-clause. We deliver reusable audit evidence, not separate reports per framework.
How fast can we start?
Typically 2–3 weeks from SOW signature for a pentest or vulnerability assessment. Incident response retainers kick off within 5 working days.
How do you price engagements?
Fixed price per scope. We deliver a written scope note and a clear total within three working days of the first call. No hourly billing, no end-of-engagement surprises.
What is Centraleyezer?
Centraleyezer is the RBVM platform built and operated by Sandline. It scores findings by real business risk using a six-factor contextual model (DREAD, asset criticality, network exposure, in-environment exploitability, CTI signals and a Human-AI feedback loop). Documented in full at centraleyezer.io.
Do I need to use Centraleyezer to work with Sandline?
Centraleyezer is not required. We use the platform internally for scoring; the traditional deliverables (DOCX/PDF report and attestation letter) are yours to keep. On top of that, every engagement includes the Engagement Workspace — a free 90-day Centraleyezer SaaS deployment where you can generate reports on demand. After the 90 days you can extend it as a paid SaaS subscription if you want an ongoing managed programme — otherwise the deployment simply closes and the reports and attestation letter remain yours.
Do you work with SMBs?
Yes. We have a fixed-scope SMB offering, plus custom engagements for larger organisations in NIS2, DORA or PCI-DSS scope.
What languages do you work in?
English and Romanian. We will communicate in either language for the engagement and produce audit reports in both on request.
Do you offer an incident-response retainer?
Yes. The retainer includes a guaranteed response time (median under 24h to contain a confirmed incident), a named playbook with senior handlers, and NIS2 (24h / 72h / 1-month) and GDPR (72h) notification packages.