Platform Architecture
Four disciplines. One architecture.
Audit, offense, hardening, and governance share one canonical data model. This is not integration theater. This is architecture.
The Problem
Why dashboards are not platforms
Most security platforms are just aggregation layers with API connectors. That is integration theater.
Connector fatigue
Every tool needs configuration. Every connector breaks. Every upgrade requires re-mapping. You spend more time maintaining integrations than using them.
Context collapse
The same vulnerability appears differently in three tools. Your team triages it three times. Remediation happens without knowing validation status.
Data silos persist
Aggregating data in a dashboard does not make it unified. Context is still lost. Evidence is still duplicated. Compliance still requires manual assembly.
The result: manual correlation, delayed validation, duplicated evidence, and security teams who spend more time managing tools than managing risk.
The Solution
A canonical data model
Serpentine does not aggregate external data. It generates its own findings from its own scanners, all normalized into one schema.
Assets
Single inventory across all security operations
Findings
Normalized vulnerabilities regardless of source
Validations
Exploit confirmation drives real prioritization
Remediations
Hardening actions become compliance evidence
Evidence
Every action produces audit-ready proof
Controls
Framework requirements flow to operations
Risks
Unified risk scoring across disciplines
Actions
Task management tied to security state
Owners
Accountability for every security object
Every entity is first-class. Every relationship is explicit. Every module reads and writes the same state.
The Loop
How data flows through the platform
Security becomes continuous when data flows naturally between disciplines.
Postava
hardens infrastructure
Odbrana
discovers vulnerabilities
Napad
validates exploitability
Regulativa
proves compliance
This is not a one-time assessment. The loop runs continuously, with every action updating the shared security graph.
What This Enables
What unified architecture unlocks
Capabilities that fragmented tools cannot provide.
Evidence reuse
A vulnerability scan satisfies SOC 2 CC7.1, ISO A.12.6.1, and GDPR Art. 32 simultaneously. Upload or generate evidence once, map it everywhere.
Example: One Odbrana finding maps to 4 frameworks without manual re-entry
Validated prioritization
Do not prioritize by CVSS alone. Prioritize by actual exploitability. Napad validation feeds directly into remediation queues.
Example: Critical finding downgraded after Napad confirms no exploit path
Continuous operating state
Security is not point-in-time. The platform maintains live state across assets, findings, validation, remediation, and evidence.
Example: Auditor queries current posture, not a 90-day-old report
Example
One vulnerability, four disciplines
See how a single finding moves through the entire platform.
Example Finding
Exposed Administrative Endpoint
Web scanner detects /admin/api endpoint responding without authentication
Offensive agent confirms endpoint returns user PII without credentials
Hardening policy applied: endpoint moved behind auth, rate limiting added
Finding and remediation linked to ISO A.9.4.1, SOC 2 CC6.1, GDPR Art. 32
Total time from discovery to audit-ready evidence: automated, continuous, traceable.
Products
Four interfaces, one platform
Each product provides a specialized interface for its discipline, all powered by the same data model.