Our Stack

Openly built
You see everything You can take over everything

Open source at the core — 13 categories, 58 building blocks, fully documented, with no licence costs.

Why open source

What open source gives you
Cost-control Independence Security

Our stack is open source. There are three reasons for that:

No licence costs
You pay for our work, not for licences. No price hikes, no hidden costs.

No vendor lock-in
You decide, not the vendor. Open standards, so you can take over or switch whenever you want.

Security through openness
Open code instead of a black box: many eyes review it, gaps get closed fast. Your own AI can check it too.

We run the stack for you, document everything in full and hand it over at any time — to you or the next provider — free of charge. That doesn't make us cheap. It makes our pricing honest.

The tools

What we work with
every tool named openly

AuthentikAuthentik NetBirdNetBird TeleportTeleport midPoint PacketFence GitLab OPNsenseOPNsense Suricata MikroTikMikroTik ntopng HashiCorp VaultVault nginxnginx TraefikTraefik step-castep-ca MatrixMatrix ElementElement WazuhWazuh MS Defender GLPIGLPI AnsibleAnsible ChocolateyChocolatey OpenSCAP Greenbone PrometheusPrometheus GrafanaGrafana ZabbixZabbix Uptime KumaUptime Kuma Shuffle n8nn8n SonarQubeSonarQube OWASP ZAPOWASP ZAP TrivyTrivy DefectDojo MetasploitMetasploit MISP TheHive Velociraptor Proxmox Backup ServerProxmox PBS CephCeph MinIOMinIO ZoneMinder nwipe BookStackBookStack Eramba Prowler OpenDLP PG Anonymizer GophishGophish MoodleMoodle
13 categories

What we use
category by category

We didn't invent these 13 categories: they follow the technical measures that ISO27001 (Annex A) and NIS2 require from organisations — from identities and access to logging, backup and awareness. Every requirement is mapped to a specific tool.

Just as important: we replace nothing that already works well for you. Proven tools stay, we just fill the gaps instead of selling you expensive licences.

Identities and access10 building blocks
Single sign-on (SSO)Authentik · ITAT
Multi-factor authentication (MFA)Authentik
Identity federation / external identitiesAuthentik · ITAT
Session managementAuthentik · ITAT
Zero-trust accessNetBird
Identity lifecycle / provisioningAuthentik · midPoint · ITAT
Privileged access management (PAM)Teleport · ITAT
Access-rights recertificationmidPoint
Network access control (NAC)PacketFence
Source-code access controlGitLab · ITAT
Cryptography and secure communication4 building blocks
TLS termination / transport encryptionnginx · Traefik · ITAT
Key and secrets management (KMS)HashiCorp Vault · ITAT
PKI / certificate managementstep-ca · Vault PKI · ITAT
E2E / emergency communication (voice, video, text)Matrix · Element
Physical security3 building blocks
Data-centre video surveillanceZoneMinder
Environmental / availability sensorsRedfish BMC · SNMP · Zabbix · ITAT
Secure media erasurenwipe
Operational security8 building blocks
Malware protectionMicrosoft Defender · Wazuh
Software inventory / installed softwareGLPI · Wazuh · ITAT
Change / release tooling (ITSM)GLPI · ITAT
Patch and vulnerability managementWazuh · Greenbone · ITAT
Windows patch deploymentChocolatey · Ansible · ITAT
System hardening / baseline checksWazuh SCA · OpenSCAP · ITAT
Configuration managementAnsible · ITAT
Capacity managementPrometheus · Grafana · ITAT
Network security5 building blocks
VPN / remote accessNetBird · ITAT
Firewall / IDS / IPSOPNsense (HA) · Suricata · MikroTik · ITAT
Network segmentation / micro-segmentationOPNsense · MikroTik · NetBird · ITAT
Network security monitoringntopng
Web filteringOPNsense (DNS blocklisting) · ITAT
Secure development5 building blocks
Static code analysis (SAST)SonarQube
Dynamic testing (DAST)OWASP ZAP
Dependency / container scanningTrivy
CI/CD with environment separation (dev/test/prod)GitLab CI
Vulnerability tracking / triageDefectDojo
Vulnerability and threat management3 building blocks
Vulnerability scanningGreenbone / OpenVAS
Penetration-testing toolingMetasploit Framework
Threat-intelligence platformMISP
Logging, monitoring and detection6 building blocks
Central logging / SIEMWazuh · ITAT
Log integrity / audit trails (FIM, auditd)Wazuh · ITAT
Anomaly / intrusion detection (host-based)Wazuh
Infrastructure monitoring and alertingPrometheus · Alertmanager · Grafana · ITAT
Availability / uptime monitoringUptime Kuma · ITAT
SOAR / use-case playbooksShuffle · Ansible · ITAT
Incident response and forensics2 building blocks
Incident case managementTheHive
Forensics / evidence preservationVelociraptor · ITAT
Backup and recovery3 building blocks
Backups (full / incremental)Proxmox Backup Server · ITAT
Redundancy / replicationProxmox · Ceph · ZFS
Immutable / offline storagePBS · MinIO (Object Lock) · ITAT
Asset, ITSM and GRC tooling5 building blocks
Asset inventoryGLPI · ITAT
Endpoint / device managementMicrosoft Defender · Wazuh · ITAT
Document management and versioningBookStack
GRC / ISMS / risk register / evidenceEramba · ITAT
Cloud security postureProwler
Data protection (technical)2 building blocks
Data leakage prevention (DLP)Wazuh · OpenDLP
Data masking / anonymisationPostgreSQL Anonymizer
Awareness2 building blocks
Phishing simulationGophish
Training platform (LMS)Moodle

Where ITAT is listed, we have built open-source components that make integration easier and extend functionality.

Why we build it this way

Three sentences that apply to us

We walk you through the stack

Because it's open. With a closed system that wouldn't be possible. That thoroughness lands directly with you.

No licence cost for you

What we save on licences goes into the price, not into the margin.

No vendor lock-in

No vendor lock, no commissions. Our recommendations fit you, not our sales partner.

Build less, use it better

Technology with direction
not more but the right fit

You don't have to rebuild everything for things to get better. We look at your existing stack with you, sort the options and say clearly which solution makes sense, what it costs and what effort is involved.

WhatsApp E-mail Signal