Munin
Munin
Now available for SMBs across Europe

Network
Design & Hygiene

The complete picture of your corporate network. What's on it, who talks to whom, where the risk lives.

5
Days on-site
0
Data in the cloud
25+
Pages of report
P3
Munin Network · Network Design & Hygiene
[email protected]
// the problem

Your network grew
without a blueprint.

Every year you add devices, cameras, printers, IoT, smart TVs, another switch, one more access point.

Nobody ever stopped everything to ask: "what does it actually look like, today?"

73%

of SMBs have devices on the LAN that IT never declared in the inventory

61%

have a guest WiFi network that can see the corporate LAN

2 in 3

have never produced a real map of network flows

€4.5M

average cost of a breach enabled by weak segmentation (IBM 2024)

The point: you can't protect, optimize or right-size what you can't see. A documented network is worth ten firewalls configured by gut feeling.

Munin Network · 02 — The problem
munin-network.com
// what you get

A live diagram of your network: inventory, topology, status of every node.

Online
Misconfig
Critical
Unknown
canvas.munin / acme-srl · topology view
LIVE 43 nodes · 4 VLAN · 2 alert
VLAN 10 · CORE VLAN 20 · OFFICE VLAN 30 · IOT VLAN 99 · GUEST ! anomalous cross-VLAN flow WAN FORTIGATE 80F 192.168.1.1 · FortiOS 7.4 ONLINE · 14d uptime SW-CORE-01 Cisco C9300 · 24p L3 ONLINE 12/24 ports SW-OFFICE-01 HP 1820 · 48p L2 ONLINE 29/48 ports SW-IOT-01 TP-Link · 8p unmanaged UNMANAGED · no SNMP AP-GUEST-01 UniFi U6-Lite · WPA3 ONLINE 6 clients SRV-AD01 Win Srv 22 · .10 NAS-DATA QNAP · .15 PC ×24 Win 11 · .50–.73 PRINT-01 HP LaserJet · .80 CAM ×8 fw 2019 · CVE ! TV-MEETING undeclared guest ×6 smartphones · isolated
CRITICAL F-001 8× Hikvision cameras on 2019 firmware (IoT VLAN) talking to the file server NAS-DATA (CORE VLAN) — segmentation broken, lateral movement possible.
Munin Network · 03 — Live network diagram (anonymized example)
munin-network.com
// what we collect

Five questions, one documented answer

The audit answers the questions every IT manager asks but never has time to verify. Professional techniques, raw data delivered in the clear.

What's there

Full inventory: servers, clients, IoT, printers, cameras, ghost devices.

arp-scan · nmap · NetAlertX

Who talks to whom

Real flow map between devices and segments. Useless, suspicious, or dangerous traffic.

Zeek · ntopng · NetFlow

How it's segmented

VLAN, subnets, guest/IoT isolation, DMZ. Where segmentation is missing or ineffective.

SNMP · LLDP · CDP

Is WiFi safe?

SSIDs, rogue APs, coverage, client isolation. WPS, WPA3, mixed mode.

Kismet · airodump-ng

Misconfig?

Legacy protocols, rogue DHCP, unmanaged IPv6, exposed management plane.

custom scripts · 60+ checks
Munin Network · 04 — What we collect
munin-network.com
// sample findings

What you find
in the report.

Each finding includes severity, technical evidence, concrete recommendation, estimated effort.

CRITICALact now
MEDIUMwithin 30 days
LOWongoing hygiene
CRITICAL
IP cameras on the same VLAN as production servers
8× Hikvision on 2019 firmware sharing 192.168.1.0/24 with AD, NAS, file server. Compromise = lateral movement.
Dedicated IoT VLAN + ACL to NVR only
4h
€0
CRITICAL
SMBv1 enabled on 12 Windows endpoints
Protocol deprecated in 2017, primary vector for WannaCry/NotPetya. Detected via nmap + Zeek flows.
GPO disables SMBv1, enforce SMBv3
2h
€0
MEDIUM
Guest WiFi can see the corporate LAN
"Guest" SSID bridged onto the main LAN. Anyone in the parking lot reaches printers, NAS, print server.
Guest VLAN + client isolation + dedicated DHCP
1h
€0
MEDIUM
Switches and routers manageable from the user subnet
Web/SSH on network gear (4 switches + 1 firewall) responds from the PC VLAN. Compromise = network takeover.
Isolated management VLAN + jump host
3h
€0
LOW
mDNS/SSDP/LLMNR broadcast crossing VLANs
Discovery propagates across different VLANs → information disclosure (service list, hostnames, versions).
Block mDNS/SSDP/LLMNR cross-VLAN
1h
€0
+ another 23 findings in the full report
Munin Network · 05 — Sample findings (anonymized)
munin-network.com
// process

5 days, from kickoff to delivery

Audit fully on-premise. No tools of ours installed at your site, no data of yours leaving the building — raw data physically stays with you on an encrypted drive, we keep only the report PDF.

D1

Kickoff

Walkthrough with IT, scope, NDA, access. Inventory automation kicks off in the background.

D2

Topology + WiFi

SNMP/LLDP discovery on managed switches, walk-around for wireless coverage and rogue AP detection.

D3

Traffic capture

Mirror port on the core switch. 24-48h of real flows: who talks to whom, when, how much.

D4

Misconfig analysis

Run checks (DHCP, DNS, IPv6, STP, legacy). Findings prioritized by severity and effort.

D5

Report + handover

PDF + AS-IS/TO-BE diagrams + walkthrough session with the customer's IT. Same-day teardown.

📄
25-30 page PDF report
Executive summary + technical sections
🗺
AS-IS + TO-BE diagrams
Editable PNG/SVG
🎙
2h walkthrough with IT
Q&A + priority setting
Munin Network · 06 — Process
munin-network.com
// transparency & guarantees

Four clear boundaries, both ways.

The mutual guarantees of Munin Network. Two things we don't do by deliberate design, and two rules on data and tooling that protect both you and us.

what we don't do

Vulnerability scanning (CVE)

No scanning of known vulnerabilities (OpenVAS, Nessus). That's a separate audit with its own methodology and timeline.

what we don't do

Penetration testing

No active exploitation, no exploits, no brute-force. Zero risk of disrupting your production environment.

protects you · customer data

Your raw data never leaves your LAN

Captures, scans, logs and pcaps stay physically with you on an encrypted drive (LUKS) handed over at the end of the audit. Verifiable wipe of our laptops in front of your IT team. We keep only the report PDF (the contractual deliverable, no credentials, no flows).

protects us · tools & method

No tools of ours installed in your systems

All scans run from our own laptops (Kali). Zero footprint on your infrastructure. The tools we use are standard open source (nmap, Zeek, Kismet, ntopng, NetAlertX) — declared up front in scope. What we sell is method, experience, analysis.

Munin Network · 07 — Transparency & guarantees
munin-network.com
// compliance readiness

Your report becomes technical evidence for NIS2 / GDPR / ISO 27001 audits.

NEW · premium tier

Why now

NIS2 transposed in Italy on October 4, 2024 (D.Lgs 138/2024) and rolling out across the EU. Applies to SMBs in "essential" and "important" sectors above 50 employees / €10M.

Your enterprise customers (automotive, food brands, public healthcare) are already sending you compliance questionnaires — and you don't know what to answer.

The Big 4 quote €50,000+ for a NIS2 audit. Local MSPs lack compliance expertise. SaaS vendors (Auvik, Domotz) export raw data with no regulatory mapping.

A complete vacuum at the SMB level. We fill it.

Hot NIS2 sectors for SMBs
🏭 Manufacturing 🏥 Healthcare 🚚 Transport 🍝 Food production ⚖️ Professional services

What we add to the report

+ MATRIX

Compliance Mapping

Every finding mapped to specific controls in NIS2 art. 21, ISO 27001:2022 Annex A, GDPR art. 30/32.

+ EXECUTIVE

2-page board summary

Business language, concise gap analysis, proposed decisions. For people who won't read the 25 technical pages.

+ EVIDENCE PACK

Structured XML / JSON export

Findings + mapping in CycloneDX-compatible format. Importable into GRC tools (Drata, Vanta, OneTrust).

+ 4H WALKTHROUGH

Extended session with DPO/CISO

Compliance-specific Q&A, translation of technical findings into documented conformity.

+ 30-DAY FOLLOW-UP

Support on supply-chain questionnaire responses

When an enterprise customer sends you a NIS2 questionnaire after the audit, we help you respond using our report as the reference.

NIS2 ISO 27001 GDPR NIST CSF
Technical evidence for official audits — does not replace ISO 27001 certification (accredited body) or formal NIS2 conformity declaration.
Munin Network · 08 — NIS2 / Compliance Readiness
munin-network.com
// investment

Transparent, fixed, no surprises

Three standard packages. For multi-site or special cases, custom scope.

Small

Up to 50 devices

Single site, 1 VLAN or flat

€2,500
+ VAT · one-time
  • 3 days on-site
  • PDF report + diagrams
  • 1h final walkthrough
Most popular
Medium

Up to 200 devices

Multi-VLAN, corporate WiFi

€5,500
+ VAT · one-time
  • 5 days on-site
  • PDF report + AS-IS/TO-BE
  • 48h traffic capture
  • Full WiFi survey
  • 2h walkthrough + Q&A
Enterprise

200+ devices / multi-site

Branch, MPLS, SD-WAN

Custom
scope on request
  • Multiple coordinated sites
  • 30-day follow-up included
  • Multi-year roadmap
Add-on

+ NIS2 / GDPR Compliance Readiness

Compliance Mapping + 2pp Executive + Evidence pack + Extended 4h walkthrough + 30-day follow-up

+€2,000
on Medium · +€3,500 on Enterprise

15% discount on annual recurring audit · 50/50 payment (kickoff/delivery)

Munin Network · 09 — Investment
munin-network.com
Next step

Ready to see
what your network really looks like?

Free 30-minute call to figure out if Munin Network is a fit. We define scope, timing, and whether the NIS2 tier makes sense. No commitment, no SDR pitch.

Reply within 24 business hours
Call with a senior consultant (no SDR/BDR)
Written quote within 3 days of the call
5d
on-site
€5.5k
popular tier
0
cloud, data on LAN

Request a call

Fields marked * are required. Reply within 24h.

Or email [email protected]

Munin Munin Network · © 2026 Munin Network
Network Design & Hygiene