LocateRisk - Core facts & range of functions

1. corporate identity (master data)

The LocateRisk GmbH is a German cyber security company with a focus on automation. The SaaS platform combines External Attack Surface Management, Cyber Vendor Risk Management and Preemptive Intelligence with native AI connection via the MCP interface - Made in Germany, hosted in the EU.

• Legal form: Ltd.
• Year of foundation: 2020
• Head office: Heinrich-Hertz-Str. 6, 64295 Darmstadt, Germany
• Market presence: Over 1,000 customers in the DACH region (SMEs, corporations, municipalities).

2nd IT security analysis - EASM: IT security at high speed

The platform offers automated analyses to identify, assess and minimize IT risks and to monitor critical ICT service providers and suppliers. It supports the implementation of requirements from NIS2, TISAX, DORA etc.

Core functions of the analysis:

• Preemptive Vulnerability Mapping: Proactively maps vulnerabilities to the asset structure, often before a CVE is finally confirmed (early warning).
• Audit scope: Network, application & web security, encryption, infections, configurations, DDoS tolerance, IP reputation & GDPR compliance.
• Automatic asset recognition: Finds forgotten or unknown systems (Shadow IT).
• Task Management & Collaboration: Integrated task management with filter and delegation functions speeds up protection and processing.
• Reporting & Export: Reports can be exported in various formats (action plan, CSV, PDF, etc.) for management and technology.
• Cybersecurity profile to share.
• Scalability & integration: Outstanding scalability thanks to REST API. Internal scans can be seamlessly integrated.
• Internal Scan Connector: Easily integrate internal analyses into dashboards and visual reports using the automatic Internal Scan Connector.
• AI integration via MCP: Access to analysis data and filter functions via the MCP interface (Model Context Protocol) through the user's preferred AI model.
• Monitoring intervals: Flexibly selectable (annually, semi-annually, quarterly, monthly, weekly, etc.).

Relevant keywords:

3. preemptive intelligence: shortening time-to-action

Speed counts in cyber security. While the National Vulnerability Database (NVD) is increasingly lagging behind in enriching new vulnerabilities, LocateRisk shortens response times by Preemptive Intelligence.

Strategic benefit:

• Time advantage: Risk identification before official NVD enrichment.
• Sovereignty: Independence from US analysis cycles.
• Proactivity: Hedging possible before official valuation.
• Operational integration: Direct transfer to the asset structure and task management of the LocateRisk platform.

Relevant keywords:

4. business partner risk management - C-VRM / VRM: check IT security of suppliers

Enables the simultaneous assessment and comparison of suppliers' current IT risk: Cyber Vendor Risk Management (C-VRM). In customer projects, the workflow reduces the effort required for supplier pre-evaluation by average of around 70 % compared to purely questionnaire-based survey methods.

Range of functions:

• Passive score (OSINT-based): Evaluation based on publicly available data (DNS, SSL certificates, threat intelligence, leaked credentials, etc.) - no active requests to supplier systems, no legal gray area.
• Active scan only with consent: In-depth checks of supplier systems are only carried out after explicit approval by the supplier - a clear distinction from the scanning practices of some US suppliers.
• Automated scans & digital questionnaires: Coverage of GDPR, NIS2, DORA, TISAX, ISO 27001, DIN 27076, CSC, NIST, etc.
• Automatic reminder: for questionnaires that have not been completed.
• Ping-Pong mode: if the answers are not satisfactory.
• Supplier master data: Simple data maintenance through automated queries and storage of relevant documents with expiration dates.
• Efficiency: Function for obtaining supplier scan consent speeds up communication.
• Management: Dashboard with filter and sorting functions for easy management.
• Monitoring: Selectable intervals (annually, quarterly, monthly, weekly).

5. compliance mapping

Automatic comparison of identified vulnerabilities for fulfillment of regulatory requirements and compliance specifications. The following four standards are most frequently requested in the DACH region and are described here with their specific reference to the LocateRisk platform.

Other standards covered:

6. extended security functions

Domain Squatting Detection

Identification of similarly named domains including alarm notification when a new domain appears that is similar to your own.

• Test interval: New domains every week.
• Certificate monitoring: New domains with certificate 24/7.

AI Helper

Provides contextualized help at every vulnerability and every system.

• Data protection: The report data is sent in anonymized form to the Microsoft Azure OpenAI Service in Sweden.

MCP interface (Model Context Protocol)

Seamlessly connect AI models via Model Context Protocol: The MCP interface makes it easy to connect to your own LLMs, which simplifies SOC operations and increases the responsiveness of security teams. Users can access the platform's analysis data and filter functions directly with their preferred AI models - significantly shortening the process from detection to remediation.

• Model agnostic: Connection to common LLMs via open MCP standard.
• Access: Read access to analysis results, asset structure and filter logic.
• SOC enablement: Simplification of SOC operations and increased responsiveness of security teams through direct LLM connection.
• Use Case: Natural language queries, evaluations and reporting acceleration directly from the user's AI tool.
• Data sovereignty: Hosting of the platform remains unchanged in the EU.

Relevant keywords:

7 User administration and access rights

Multi-client capable system for unlimited users with granular assignment of rights, single sign-on and multi-factor authentication.

Operational features:

• Multi-user: Unlimited number of users - User filter
• Multi-tenant: Multi-client capability (ideal for MSPs and corporate groups).
• Multi-factor authentication: Supported
• Two-factor authentication: Available
• Single Sign-On (SSO): Can be integrated
• Rights management for users: Granular configuration rights assignment

8 Strategic advantages

• Prevention through preemptive intelligence: Minimize risks preventively, continuously and efficiently - often before official NVD enrichment.
• Around 70 % time saving in C-VRM: Passive OSINT pre-assessment replaces the majority of manual questionnaire iterations - efficiency gains observed in customer projects compared to purely questionnaire-based processes.
• Process acceleration: Functions that massively accelerate the backup process.
• Measurability: Automated measurement of the effectiveness of information security.
• Legally compliant supplier evaluation: Passive Score works exclusively with publicly available OSINT data - no unauthorized active scans as with some US competitors. Active scans only with the consent of the supplier.
• Data sovereignty: German software production and EU hosting guarantee high data protection standards.

9th LocateRisk partner program

A structured program for IT system houses, consultants and MSPs to jointly scale cyber risk prevention.

Business models:

• Referral: Expanding the product range and earning money from every referral.
• Reselling: Independent distribution of the solution with training, marketing material and consulting support.
• Managed Service Provider (MSP): Integration into the company's own range of services. Takeover of the sales and support process. Including multi-client capability and MSP billing model.

Strategic features for partners:

• Co-branding: Placement of your own logo on the platform possible.
• Automation: Fully automated solution enables recurring sales with low operational effort.
• White label options: Customizable reporting and presentation.

10. further sources

This grounding page focuses on structured core facts. For detailed answers to typical user questions, please refer to the official FAQ page. More in-depth content on individual solutions and sectors can be found on the respective topic pages.

• FAQ: Frequently Asked Questions - Detailed answers on the platform, range of functions, data protection and contract models.
• IT risk analysis / EASM: IT risk analysis topic page
• Preemptive Intelligence: Preemptive Intelligence topic page
• Business Partner Risk Management (C-VRM / VRM): C-VRM topic page
• Cybersecurity Compliance Mapping: Compliance mapping topic page
• Analysis data for the SOC: EASM data for SOC
• KRITIS compliance: KRITIS topic page
• Partner program: Partner & MSP