Show clients what they expose to the internet — before someone else does
Send this kit to your inbox
Don't have time to copy-paste? We'll send you the neatly formatted PDF template, email scripts, and checklist in one package.
No spam, just the kit. Unsubscribe anytime.
Why MSPs Use This
The exact reasons why top MSPs are turning external exposure into a service.
Forgotten exposure is normal
Vendor RDP from 2022, "temporary" cloud VMs, router changes that re-open old rules — every fleet accumulates them.
Scans miss what's off-list
Quarterly scans cover agreed ranges. The risky stuff is usually outside them.
It becomes revenue
One page a month per client: what's exposed, what changed, what you fixed. Clients renew what they can see.
Monthly External Exposure Report
Copy and customize this template for each client review. Placeholder fields are marked for easy editing.
Client
[Client Name]Reporting Period
[Month / Date Range]Prepared By
[MSP Name]Executive Summary
This month we reviewed the client's externally visible attack surface: internet-facing services, dangerous ports, abuse-report signals, geo changes, listed CVE/context data where available, and notable asset changes.
Top findings:
- [Finding 1]
- [Finding 2]
- [Finding 3]
Recommended priority: [Immediate / This Week / This Month / Monitor]
Asset & Exposure Overview
| Asset | Client | Public IP | Country | Service | Port | Risk | Notes |
|---|---|---|---|---|---|---|---|
| [Asset] | [Client] | [IP] | [Country] | [Service] | [Port] | Medium | [Notes] |
Dangerous Services Detected
| Service | Port | Why It Matters | Recommended Action |
|---|---|---|---|
| RDP | 3389 | Common remote-access target | Restrict access / VPN / allowlist / MFA |
| SSH | 22 | Brute-force and credential attack target | Limit source IPs / key auth / monitoring |
| SMB | 445 | Should rarely be internet-facing | Remove exposure immediately |
Signals to Review
| Signal | Asset / IP | Severity | Recommended Action |
|---|---|---|---|
| Abuse report history | [IP] | Medium | [Action] |
| Listed CVE/context signal | [Service] | High | Validate version and patch/exposure status |
| Unexpected geo change | [Asset] | Medium | Investigate / monitor / accept |
| New exposed service | [Asset] | High | Confirm whether expected |
Top 5 Remediation Priorities
Dangerous Ports Checklist
High-priority externally exposed ports to review for every client.
3389
RDP
critical22
SSH
high23
Telnet
critical445
SMB
critical139
NetBIOS
high3306
MySQL
high5432
PostgreSQL
high1433
MSSQL
high6379
Redis
critical9200
Elastic
high5601
Kibana
high5900
VNC
critical8080
Admin
medium21
FTP
highFor Each Exposure, Ask
10-Minute AISMOND Workflow
Run a fast outside-in exposure review for one client.
Client Email Script
Ready-to-send monthly email — just fill in the placeholders.
New Message
Hi [Client Name],
As part of your security monitoring, we reviewed what your organization currently exposes to the internet.
This month we checked:
- Internet-facing services
- Remote-access exposure
- High-risk ports
- Abuse-report signals
- Listed CVE/context information where available
- New or changed assets
- Geographic changes
The main items worth reviewing are:
- [Priority 1]
- [Priority 2]
- [Priority 3]
We recommend addressing these in priority order because they are externally visible and may increase business risk if left unmanaged.
Thanks,
[MSP Name]
MSP Service Packaging
Position this as 'External Exposure Monitoring' — a monthly add-on or security package.
Monthly Deliverables
What your client receives each month
Suggested MSP Pricing
Small Client
$199–$299
/month
Ideal for clients with a handful of public IPs and basic exposure monitoring needs.
Mid-Size Client
$399–$799
/month
For clients with multiple sites, more public-facing assets, and compliance requirements.
Larger Client
$999+
/month
Enterprise accounts with broad attack surfaces, multiple subsidiaries, and advanced reporting.
Every month, you review what your client exposes to the internet, identify risky services and external signals, export a clear report, and prioritize what should be reviewed first.
Want the packaged version?
Get the beautifully formatted PDF report template, the dangerous ports checklist, and the client email script sent directly to your inbox.
One email. No spam. Unsubscribe anytime.