Skip to main content
Solutions · Security professionals

Network monitoring & management built for MSP security specialists.

Every client network has a perimeter, a device inventory, and a remote-access story. Domotz gives security-focused MSPs continuous visibility and control over all three — across every site, governed by the same RBAC and audit trail your clients already expect.

Start for free Take a tour

No credit card. 14-day trial. 15 minutes to first network.

Domotz by the numbers

  • G2 4.8 ★

    Across 300+ reviews

  • 3,600+

    MSPs and IT teams

  • 40K+

    Networks monitored daily

  • SOC 2 + ISO 27001

    Domotz’s own certifications

Live demo

See Domotz in action.

A live walkthrough — discover, identify, and act on a real client network. No signup needed.

Domotz MCP server

Run a perimeter scan across every client. From one prompt.

The Domotz MCP server lets your team — and the AI agents they already use — operate every client network in operator language, on the same platform you already pay for. Twenty clicks become one prompt.

  • Agent-native, vendor-built.

    OAuth-scoped consent, RBAC-compliant, full audit log of every attempt.

  • Same $1.50 per device.

    No AI tier, no vendor markup on agent operations, no separate SKU.

  • Open standard, multi-AI.

    Works across Claude, ChatGPT, Gemini, and any major AI client — your security stack stays yours.

Learn more about the Domotz MCP server

Security-specialist value props

  • Every site, scanned continuously.

    Cloud-side perimeter scans run on a schedule against every client WAN — open TCP ports surface immediately, UPnP forwarding gets flagged from the inside.

  • Junior techs work safely.

    RBAC with stacked roles, group inheritance, and OAuth-scoped MCP consent — every action is governed by the same permissions you set in the web app.

  • Remote access without VPN sprawl.

    Encrypted overlay-network tunnels per device — HTTPS, RDP, SSH, Telnet, or any TCP service — terminated automatically after one hour, fully logged.

Security-specialist case studies

  • See how IdentyTech, a biometric access control provider serving government, healthcare, and corporate clients, eliminated 80% of support service calls by replacing reactive truck rolls with remote diagnosis and continuous monitoring across every deployed site.

    Read the case study

  • Learn how TRINUS Tech, a leading MSP, reduced costs by 66% and tightened security posture across every client site with Domotz when compared to their previous monitoring tool.

    Read the case study

  • See how CIO Solutions — supporting 350+ organizations across healthcare, banking, and manufacturing with high-stakes compliance needs — eliminated team silos and saved 4+ hours per client onboarding by replacing a complex, costly legacy tool with Domotz.

    Read the case study

Discover, Monitor, Manage, Diagnose

Discover

Instantly inventory every device, every site.

A security program starts with knowing what’s on the network. Domotz auto-discovers every IP-enabled device on every client network using Layer-2 MAC identification — no manual scans, no agents per endpoint. ONVIF IP cameras, smart PDUs, IoT sensors, switches, firewalls, servers, workstations — all classified with vendor, model, type, and serial number. New devices generate immediate alerts so a rogue endpoint never sits on a client network unnoticed.

View discovery features

“We had a customer running 10-year-old wireless gear, and we didn’t even know it. Domotz gave us the visibility to fix that — and get ahead of future risks.”

Eric Egolf · CEO, CIO Solutions
Monitor

Continuous perimeter scans on every WAN.

Open ports are the first thing an attacker tests and the first thing a compliance auditor asks about. Domotz runs scheduled TCP port scans from the cloud against the public IP of every client network, flags newly opened ports, and lets you mark each one safe or remediate. UPnP forwarding gets scanned from the inside — any device trying to punch a hole gets surfaced. Combined with new-device alerts and SNMP/TCP service monitoring, the perimeter becomes a continuous signal, not a quarterly audit.

View monitoring features

“Before Domotz, we wouldn’t know about an issue until the customer called us. Now, we’re able to call the customer first or have a ticket started and be investigating things before they even notice.”

Kevin White · CEO, TRINUS Tech
Manage

Secure remote access without a VPN per technician.

Distributing VPN profiles to a tech team creates credential sprawl. Domotz gives every site encrypted overlay-network tunnels — HTTPS, RDP, SSH, Telnet, or generic TCP — established on demand, scoped to a single device, and terminated automatically after one hour. RBAC controls who can launch a connection. The web-app session is HTTPS end-to-end; the device session rides an encrypted channel from the agent to the Domotz cloud. Even legacy plain-text protocols travel inside the tunnel.

View management features

“We don’t want the appearance of security — we want actual security. Domotz fit naturally into that mindset. It slipped right in, replaced what we had, and was easy to set up and start managing our networks.”

Danial Bulloch · Director of Technology, Network Essentials
Network diagnostics

Evidence-grade visibility for audits and incidents.

When an auditor asks which ports were open on a client’s edge last Tuesday, or which devices joined the network during a suspected incident window, Domotz has the answer. Continuous port scanning, device-discovery history, OS-monitoring via SSH and WinRM (including BitLocker disk-encryption status on Windows endpoints), and full activity logs make compliance evidence a query, not a project.

View network diagnostics features

“With Domotz, we can identify failing hardware before it causes downtime. If a hard drive or power supply is showing signs of failure, we get alerted — and fix it before users even notice. That proactive insight is game-changing.”

Richard Connor · IT Operations Lead, TKAT
Pricing · United States

Discover everything. Monitor what matters.

Discovery is free, forever. Pay $1.50 only for the devices you actively manage.

Free visibility, unlimited

  • Automatic discovery across unlimited networks
  • Layer-2 device identification
  • Real-time online/offline state for every device
  • $0 per unmanaged device

$1.50 per managed device / month

  • You select which devices to manage
  • Topology, SNMP, alerting, remote access, integrations, power control, API, scripting included
  • 14-day free trial · no credit card
  • Topology
  • SNMP
  • Alerting
  • Integrations
  • Remote Access
  • Power
  • API
  • Scripting
See full pricing

Drop into the stack your security team already runs.

Push alerts into your PSA. Route tickets through your ITSM. Document inventory in your CMDB. Domotz integrates with the tools your security workflow already lives in.

Logos: Autotask / Datto, ConnectWise, HaloPSA, Syncro, ServiceNow, Microsoft Teams, Slack, Hudu.

Explore integrations

Ready to operate your network the modern way?

  • Get started fast

    15 minutes from agent install to a discovered network. 16 deployment options including Raspberry Pi, NAS appliances (Synology, NETGEAR, QNAP), Windows VM, and the Domotz Box. No agents per endpoint.

    Start free trial

  • Expert help

    Schedule a session with a Domotz network expert for deployment, RBAC design, or integration setup. Real engineers, no support-tier paywall.

    Meet with an expert

  • No AI markup

    Agent-native operations run on the same platform, same data, and same $1.50 per device. No premium AI tier. No per-seat add-on. No vendor markup on AI service consumption.

    See the MCP server
FAQ

Frequently asked questions

What MSP security specialists ask before deploying Domotz across their client base.

  • How does Domotz help with continuous perimeter security?
    Domotz performs scheduled TCP port scans from the cloud against the public IP of every monitored network and runs UPnP forwarding scans from the inside. Newly discovered open ports surface as alerts; each can be marked safe or remediated. The cloud-side scan runs at a deliberate cadence so most IDS systems treat it as normal traffic, and the WAN-side perimeter signal stays continuous rather than point-in-time.
  • Can junior technicians use Domotz without risking client networks?
    Yes. Domotz Role-Based Access Control assigns Users to Groups, and Groups inherit one or more Roles. Roles separate Access (which sites and dashboards) from Permissions (which actions). A junior tech can be granted read-only access to a specific client's collectors without ever touching another client's data. The same RBAC governs the web app and the MCP server, so AI-driven operations inherit the same boundaries.
  • How does Domotz handle remote access without giving every technician VPN credentials?
    Domotz creates an encrypted overlay-network channel between the client network and the Domotz cloud, with an HTTPS channel between the web app and the cloud. A technician launches a tunnel to a specific device — HTTPS, RDP, SSH, Telnet, or any TCP port — through the Domotz UI. Tunnels terminate automatically after one hour, are scoped to a single device, and run inside an encrypted channel even when the underlying protocol (Telnet, HTTP) is plain-text.
  • Does Domotz monitor IP cameras and physical security devices?
    Any ONVIF-compliant IP camera is auto-detected and integrated. Domotz exposes camera configuration, online/offline state, video-profile information, on-demand snapshots, and a one-minute test stream — useful for verifying a camera is working after a maintenance window, without storing footage in the cloud. ONVIF cameras are also discoverable across VLANs and routed subnets. Combined with smart PDU integrations, alarm panels reachable via TCP service monitoring, and full RBAC, physical-security devices live in the same governance model as the rest of the network.
  • Is Domotz itself secure enough for compliance-focused MSPs?
    Domotz holds SOC 2 Type II and ISO 27001 certifications. Authentication supports 2FA. RBAC enforces least-privilege access across Users, Groups, and Roles. The MCP server uses OAuth-scoped consent and inherits the same RBAC permissions as the web app. Every MCP attempt is logged — not just successes — so the audit trail covers what was tried, not only what completed. The full Trust Center is at trust.domotz.com.

New to network security terminology?

Perimeter scan, Layer-2 discovery, port forwarding, ONVIF, RBAC, OAuth-scoped consent — the language of network security work, defined in one place.

Ask AI about Domotz for MSP security specialists

Get an unbiased summary from any AI

ChatGPT (opens in new tab) Claude (opens in new tab) Perplexity (opens in new tab) Gemini (opens in new tab)

Ready to operate your network the modern way?

$1.50 per device. 14-day free trial. Under 15 minutes to deploy.

Start Free Trial Talk to Sales