24/7 cybersecurity monitoring

The security team you don’t have, watching the doors you do.

24/7 monitoring across Microsoft 365, Google Workspace, AWS, and Cloudflare. Built for law firms, CPA firms, contractors, agencies, and brokerages — with or without an IT team.

Run a free scan Start 7-day trial

Free scan, no card 7-day trial Setup in under 10 minutes

engines

cloud doors

24/7

stand watch

app.sentinelsmb.co

Sign-in blocked — new country

Auto-blocked. Owner notified by SMS.

just now

Monitoring All systems normal

Microsoft 365

Google Workspace

AWS

Cloudflare

Live activity 36 engines

Sign-in attempt blocked from unusual location

m365 · 2m ago

OAuth grant detected: Slack

gworkspace · 14m ago

MFA challenge passed on new device

m365 · 23m ago

Mailbox forwarding rule created — reviewed

m365 · 38m ago

S3 bucket scan: 0 public exposures

aws · 47m ago

DNS record change confirmed: TXT update

cloudflare · 1h ago

Sign-in attempt blocked from unusual location

m365 · 2m ago

OAuth grant detected: Slack

gworkspace · 14m ago

MFA challenge passed on new device

m365 · 23m ago

Mailbox forwarding rule created — reviewed

m365 · 38m ago

S3 bucket scan: 0 public exposures

aws · 47m ago

DNS record change confirmed: TXT update

cloudflare · 1h ago

11:47

Sunday, May 3

SentinelSMB now

Sign-in blocked

New country detected on sarah@firm. Auto-blocked. Tap to review.

SentinelSMB 2m

Forwarding rule disabled

External forwarding on cole@ disabled. Owner review required.

SentinelSMB 5m

S3 bucket exposed

client-uploads bucket made public at 11:42 PM. Rolled back.

The problem

You are running a firm, not an IT shop.

Your team logs into Microsoft 365, Google Workspace, maybe AWS or Cloudflare. Each one is a door. When something looks wrong on one of those doors at eleven at night on a Sunday, nobody is watching.

We are.

Why now

Three things changed this year.

Regulators, insurers, and attackers all caught up with small business at the same time.

$0 /day

FTC Safeguards Rule, 2026

The FTC is fining firms your size

CPAs, tax preparers, mortgage brokers, financial advisors, insurance agencies, and auto dealerships are all covered. Most do not realize it. We monitor and document the access and authentication evidence the rule asks for.

0% of denied claims

Coalition 2024 cyber claims data

Your underwriter wants proof at renewal

Most denied cyber insurance claims involved organizations without documented MFA. We generate the monitoring evidence underwriters now ask for, automatically, in time for renewal.

0M records exposed

LexisNexis Legal & Professional, March 2026

SaaS auth is the new perimeter

Even the legal industry's largest research vendor was breached this year. We watch the auth layer your DocketWise, Clio, Lacerte, or QuickBooks Online login depends on, in real time.

What we watch

Four cloud doors. Specific incidents.

Not capability lists. The actual things that happen when something goes wrong.

Microsoft 365 LIVE

Compromised mailbox rules, sign-ins from new countries, mass file deletions in OneDrive, suspicious mail forwarding.

Google Workspace LIVE

Unusual admin activity, OAuth grants to unknown apps, Drive sharing anomalies, account takeover patterns.

AWS LIVE

Root account use, public S3 buckets, IAM privilege escalation, unusual API spikes from unknown regions.

Cloudflare LIVE

DNS record changes, WAF bypass patterns, exposed origin servers, certificate misissues.

How it works

Three steps. Then we stand watch.

Connect

Microsoft 365, Google Workspace, AWS, or Cloudflare. Setup in under 10 minutes. No agent to install. No appliance to ship.

We watch

Twenty-four hours a day. SMS, email, Slack, and Teams alerts the moment something looks wrong, with a plain-English explanation of what it is.

Respond with confidence

Every alert ships with guided response steps. Pro adds quarterly security reviews and consulting calls when something needs a human.

Pricing

Two plans. One pays for itself the first time it catches something.

7-day free trial. Card on file. Cancel anytime.

Starter

$299/mo

For firms with one or two cloud doors to watch.

2 integrations of your choice
36 detection engines
SMS, email, Slack, Teams alerts
Guided response steps
7-day free trial

Start with Starter

Pro

$599/mo

All four doors covered. Built for FTC and insurance proof.

All 4 integrations
Up to 250 endpoints
Security policy templates
Quarterly security review
Security consulting included

Start with Pro

Enterprise

Contact sales

Custom scope. Multi-tenant or multi-site. Ask us.

Everything in Pro
Custom integrations
Dedicated point of contact
SLA on response time

Contact sales

Local roots, real accountability

Behind every alert is a founder you can call.

“The engines watch around the clock. When an alert needs a human, the reply comes from me — not a ticket queue.”

Cole Kingsley · Founder, SentinelSMB

SentinelSMB is built and run from Bismarck, North Dakota — every engine, every alert, every line of code, by one local founder. No tier-one queue. No off-shore support. No anonymous email-only relationship.

And because I built it myself, I can keep building. When your firm grows, when you adopt a new tool, when a regulator changes the rules — the platform grows with you. Tell me what you need to see in the dashboard. I am the person who can ship it.

North Dakota LLC, EIN on file
E&O insured to $2M aggregate
Founder-direct email response
Plain-English answers, no jargon
Built by one founder, every line
Grows with your business

Reach the founder directly ColeKingsley@SentinelSMB.co

FAQ

Plain answers to fair questions.

We already have an IT provider. Do we need this?

If your IT provider is doing 24/7 cybersecurity monitoring across Microsoft 365, Google Workspace, AWS, and Cloudflare with documented response steps, you do not need us. If they are not, or if you are not sure, we layer in alongside them. We share alerts with your IT contact directly and we make their job easier, not harder.

How long does setup actually take?

Under ten minutes for a single integration. Microsoft 365 and Google Workspace are an OAuth approval. AWS is a CloudFormation template you paste a Role ARN from. Cloudflare is an API token. No agent on any computer. No appliance to ship.

What happens at the end of the 7-day trial?

We charge the card on file at the tier you picked. You can cancel anytime from inside the dashboard. There is no annual commitment.

What if you find something? What do I actually do?

Every alert includes guided response steps in plain English. The first three or four are usually things you can do yourself in a few minutes. If it is bigger than that, Pro tier includes consulting calls so a human walks you through it.

Do you cover healthcare or HIPAA?

Not yet. Healthcare is on the roadmap, but it is walled off until our subprocessor BAA chain is fully executed. If you are a covered entity or business associate, please wait for that announcement before signing up.

Where are you based?

Bismarck, North Dakota. Sole proprietor LLC, EIN on file, E&O insured. Email goes straight to the founder — no tier-one queue.