Show clients what they expose to the internet — before someone else does

A practical kit for MSPs on ConnectWise, N-able, and similar stacks: run a monthly outside-in exposure review, explain it to clients in one page, and package it as a recurring service.

Send this kit to your inbox

Don't have time to copy-paste? We'll send you the neatly formatted PDF template, email scripts, and checklist in one package.

No spam, just the kit. Unsubscribe anytime.

Why MSPs Use This

The exact reasons why top MSPs are turning external exposure into a service.

1

Forgotten exposure is normal

Vendor RDP from 2022, "temporary" cloud VMs, router changes that re-open old rules — every fleet accumulates them.

2

Scans miss what's off-list

Quarterly scans cover agreed ranges. The risky stuff is usually outside them.

3

It becomes revenue

One page a month per client: what's exposed, what changed, what you fixed. Clients renew what they can see.

Monthly External Exposure Report

Copy and customize this template for each client review. Placeholder fields are marked for easy editing.

Client

[Client Name]

Reporting Period

[Month / Date Range]

Prepared By

[MSP Name]

Executive Summary

This month we reviewed the client's externally visible attack surface: internet-facing services, dangerous ports, abuse-report signals, geo changes, listed CVE/context data where available, and notable asset changes.

Overall status: [Stable / Needs Attention / High Priority]

Top findings:

  1. [Finding 1]
  2. [Finding 2]
  3. [Finding 3]

Recommended priority: [Immediate / This Week / This Month / Monitor]

Asset & Exposure Overview

AssetClientPublic IPCountryServicePortRiskNotes
[Asset][Client][IP][Country][Service][Port]Medium[Notes]

Dangerous Services Detected

ServicePortWhy It MattersRecommended Action
RDP3389Common remote-access targetRestrict access / VPN / allowlist / MFA
SSH22Brute-force and credential attack targetLimit source IPs / key auth / monitoring
SMB445Should rarely be internet-facingRemove exposure immediately

Signals to Review

SignalAsset / IPSeverityRecommended Action
Abuse report history[IP]Medium[Action]
Listed CVE/context signal[Service]HighValidate version and patch/exposure status
Unexpected geo change[Asset]MediumInvestigate / monitor / accept
New exposed service[Asset]HighConfirm whether expected

Top 5 Remediation Priorities

1[Priority 1] [Owner] [Due Date]
2[Priority 2] [Owner] [Due Date]
3[Priority 3] [Owner] [Due Date]
4[Priority 4] [Owner] [Due Date]
5[Priority 5] [Owner] [Due Date]

Dangerous Ports Checklist

High-priority externally exposed ports to review for every client.

3389

RDP

critical

22

SSH

high

23

Telnet

critical

445

SMB

critical

139

NetBIOS

high

3306

MySQL

high

5432

PostgreSQL

high

1433

MSSQL

high

6379

Redis

critical

9200

Elastic

high

5601

Kibana

high

5900

VNC

critical

8080

Admin

medium

21

FTP

high

For Each Exposure, Ask

Which client owns it?
Which asset/device owns it?
Was it expected?
Did it appear recently?
Is there abuse-report history?
Is there listed CVE/context information?
Is there an unexpected country/geo change?
Who owns remediation?

10-Minute AISMOND Workflow

Run a fast outside-in exposure review for one client.

Min 0–2

Select client

Open AISMOND and select the client/company you want to review.

Min 2–4

Review exposed services

Look for RDP, SSH, SMB, databases, web admin panels, and remote access services.

Min 4–6

Review risk signals

Check abuse-report signals, listed CVE/context data, dangerous ports, geo changes, and new exposures.

Min 6–8

Prioritize actions

Pick the top 3 issues based on exposure severity, client importance, and abuse signals.

Min 8–10

Export and communicate

Export the report and send the client a short summary: what changed, what matters, and what to review first.

Client Email Script

Ready-to-send monthly email — just fill in the placeholders.

New Message

Subject: Monthly external exposure review

Hi [Client Name],

As part of your security monitoring, we reviewed what your organization currently exposes to the internet.

This month we checked:

  • Internet-facing services
  • Remote-access exposure
  • High-risk ports
  • Abuse-report signals
  • Listed CVE/context information where available
  • New or changed assets
  • Geographic changes

The main items worth reviewing are:

  1. [Priority 1]
  2. [Priority 2]
  3. [Priority 3]

We recommend addressing these in priority order because they are externally visible and may increase business risk if left unmanaged.

Thanks,

[MSP Name]

MSP Service Packaging

Position this as 'External Exposure Monitoring' — a monthly add-on or security package.

Monthly Deliverables

What your client receives each month

Client external exposure report
Dangerous services review
Abuse-report signal review
Geo tracking change review
Listed CVE/context review
Email alert review
Remediation priority list

Suggested MSP Pricing

Small Client

$199–$299

/month

Ideal for clients with a handful of public IPs and basic exposure monitoring needs.

Most Common

Mid-Size Client

$399–$799

/month

For clients with multiple sites, more public-facing assets, and compliance requirements.

Larger Client

$999+

/month

Enterprise accounts with broad attack surfaces, multiple subsidiaries, and advanced reporting.

Every month, you review what your client exposes to the internet, identify risky services and external signals, export a clear report, and prioritize what should be reviewed first.

Want the packaged version?

Get the beautifully formatted PDF report template, the dangerous ports checklist, and the client email script sent directly to your inbox.

One email. No spam. Unsubscribe anytime.

Start Your First Exposure Review

Sign up free and run your first external exposure check in minutes. No credit card required.