ABOUT CSURFACE

Security that acts before the incident.

CSURFACE was founded in 2023 with a conviction: managing exposure is a continuous discipline, exercised before the incident. We built a Continuous Exposure Management platform so that organizations can see their own attack surface with the same clarity as someone observing it from the outside.

THE PROBLEM WE SOLVE

Reactive security always arrives too late

Traditional defense operates by reaction: it detects, contains, and responds after the attacker has already found a path. This model leaves out the question that decides the incident—what of my organization is already exposed and exploitable now? While the security team protects what they know, an attacker enumerates everything published on the internet, including what the organization doesn't know it has.

CSURFACE's mission is to close this gap. Our platform continuously discovers, classifies, prioritizes, and monitors the external attack surface so remediation decisions are based on real risk and an always-updated inventory. A proactive stance: acting on exposure before the incident begins.

VALUES

The principles guiding the product

Technical rigor

Each capability of the platform is built and validated with engineering criteria. Precise detection, with low false positive rate, is a requirement—not an optional differentiator.

Focus on real risk

We prioritize what is actually exploitable and critical to the business. The goal is to produce the most useful remediation queue—not the longest report.

Transparency

We communicate honestly what the platform covers and where collaboration is involved. The customer decides with clear information, without inflated promises.

Continuity

The attack surface and threat landscape change continuously. We treat exposure management as a perpetual cycle, not a one-time event.

TRAJECTORY

From prototype to Continuous Exposure Management platform

  1. 2022

    Origin at Instituto Caldeira

    CSURFACE is born as a project at Instituto Caldeira in Porto Alegre, where the first prototypes of attack surface discovery are developed.

  2. 2023

    Foundation and core platform

    CSURFACE is founded and the central platform is consolidated: asset discovery, inventory, technology mapping, and vulnerability identification.

  3. 2024

    Prioritization with threat intelligence

    Dynamically prioritizing based on real exploitability, integrating threat intelligence with the criticality of each discovered asset.

  4. 2025

    Market recognition

    Selecting as MVP #6 at Instituto Caldeira and presence at Mind The Sec and Startup Summit, bringing the platform to the security market.

  5. 2026

    Context, intelligence, and ecosystem

    Asset contextualization based on Machine Learning and enhanced threat intelligence. Monitoring of leaked credentials, more integrations with market platforms, and new strategic partnerships.

TIME E SEDE

Who builds the CSURFACE

Douglas dos Santos, CEO and co-founder of CSURFACE

Douglas dos Santos

CEO & Co-Founder

More than 15 years of experience in offensive and defensive security, involved in the design of the platform and product strategy.

Eduardo Mello, CTO and co-founder of CSURFACE

Eduardo Mello

CTO & Co-Founder

Software engineer specializing in cloud-native architecture, responsible for the scalability and reliability of the platform.

Caldeira Institute — Porto Alegre

CSURFACE has its headquarters at the Caldeira Institute, one of Brazil's largest technology innovation hubs, and became a member of the institute in 2022. The leadership is supported by a multidisciplinary team of engineers, threat intelligence experts, and security analysts.

Caldeira Institute, headquarters of CSURFACE in Porto Alegre

WORK WITH US

BUILD THE CSURFACE WITH US

We seek professionals who treat proactive security as an engineering discipline. Learn about the open positions in our team.

SEE OPPORTUNITIES

See your external exposure today.

Enter your company's domain and receive a preliminary analysis of your attack surface. No card, no meeting.