telecom.whisper.online · pricing

Security you pay more for the moment you're attacked is priced backwards.

Usage-metered tooling bills per API transaction, per signaling message, per analyst seat — so the invoice climbs as your core grows and spikes exactly during the incident, when you can least afford to ration a hunt across roaming and IPX. Against the economics of a fraud problem that ran to $38.95B in 2023 (CFCA), a meter is a number you cannot forecast.

We price the other way. Flat, per-NF, per year — not per transaction, per message, or per seat. Keyless verify is free forever, attribution is never metered. One line item you can forecast against core-network economics — and defend to your CFO.

whisper verify --trustless costs nothing and needs no account — our own API is not in the trust path.

$0 Keyless verify, resolve and back-trace any NF — free forever, no account
One flat per-NF/year figure — not per-transaction, per-message or per-seat
$38.95B telecom fraud in 2023 (CFCA) — the economics a meter refuses to make predictable
0 usage meters on attribution — never ration a hunt mid-incident across roaming / IPX
1 cross-operator revoke replaces a slow, bilateral de-peering
≤€10M / 2% the NIS2 fine exposure for an essential entity — a flat line hedges the variable-cost catastrophe

A meter that climbs with your core — and spikes when you're attacked — isn't a price. It's a risk.

Two curves. One rises with every NF you add, every SBI transaction, every query your analysts run chasing an operator across rotating IPX egress — and peaks precisely during the incident. The other is a flat line you set once and forecast for years.

annual cost → NF count · signaling volume · incident load → usage-metered per transaction · per message · per seat under attack ↓ billed most exactly when it hurts most Whisper · flat per-NF / year set once · forecast for years · attribution never metered the overage a flat price never charges
Flat means the number you sign this year is the number you defend in every budget after. The meter you don't pay is the whole point.

Per-NF, not per-transaction

Priced to the thing you actually govern — the network function — so a busy SBI or a noisy signaling incident never moves the invoice. Add a slice, light up a new roaming peering, weather an attack: the figure holds.

Attribution & lookups, never metered

Run identify, walk, history and Cypher — and op:lookups to see who's enumerating your NRF — as hard as an incident demands. No per-query tax means your SOC never rations a hunt while an operator keeps rotating egress.

Additive, not another bill

It sits on top of the signaling firewall, SEPP, SIEM and operator PKI you already own as a feed — no per-analyst-seat licence, no data-egress fee, no new console to staff, no second CA to run.

Start keyless. Prove it on a slice or a peering. Roll it across the core — flat the whole way.

POC → pilot → enterprise, exactly the path a core-security program buys on. Every tier speaks the same address-is-identity primitive; you're only widening how many NFs it covers, never re-platforming and never standing up a second PKI.

POC

Free to start

$0

Keyless verify, open to all. A handful of NF identities to provision.

The keyless lower half — trustless, anchored at the IANA root, our API never in the path — plus enough provisioned NF /128s to prove the control plane on your own bench:

  • whisper verify --trustless any NF, NRF or SEPP identity
  • Resolve and reverse-resolve a /128, read its RDAP; back-trace a suspicious peer, no key
  • A handful of NF /128 identities — derive one from the NF's existing key + its nfInstanceId
Pilot

Flat engagement

Fixed scope

One network slice, or one N32 roaming peering. Time-boxed, one flat price.

Everything in POC, keyed to a defined NF count so a core-security owner can prove value before the board:

  • Provision NF /128 identities across the slice or the peering — DANE-pin the SBA cert they already present
  • Full attribution graph — unmetered during the pilot
  • Egress governance per NF: policy · op:firewall · op:budget · one-call op:revoke
  • Splunk connector (signed JSON → CEF/ECS) · NIS2 Art.23 incident evidence · public transparency log
Enterprise

Flat per-NF / year

Core quote

One rate, quoted to your NF count. It doesn't move.

The whole core, all three planes, across every NF — the way a CISO buys defence-in-depth:

  • Identity, attribution graph and egress governance, core-wide
  • Unlimited attribution — no per-query meter, ever, across roaming and IPX
  • On-prem or your own tenant — NIS2 / data-residency by construction
  • Enterprise support and SLA; verifiable peer identity at every N32 border

Why a quote, not a sticker. A core price is one number, but the right number depends on NF count, on-prem vs your own tenant, and the standards evidence you need — so we quote it flat and in writing, and it holds for the term. No usage true-ups, no surprise line at renewal. Get a core quote →

The same platform, at three widths. Nothing behind the paywall is the verification itself.

The keyless verification a roaming partner, a regulator or a researcher needs to check an NF's identity is free at every tier — on principle, because our API isn't in the trust path. The keyed tiers widen coverage and feed your stack; they never gate the ability to verify.

CapabilityPOCPilotEnterprise
Trustless verify / resolve / RDAP (whisper verify --trustless)
Trace a /128 to the NF behind it (reverse-DNS + RDAP)
NF /128 identities (register /128, DANE-EE pin, op:revoke)a handfulslice / peeringcore-wide
Full attribution graph (identify, origins, walk, history, Cypher)unmeteredunlimited
Egress governance (policy · op:firewall · op:budget · op:lookups · op:revoke)slice / peeringcore-wide
Transparency log — public mint + revoke ledger, Bitcoin-anchoredread / verify
Splunk connector — signed JSON → CEF/ECS
NIS2 Art.23 incident evidence · GSMA FS.36 / EU 5G Toolbox mapping
On-prem / own tenant (NIS2 data-residency)
Enterprise support & SLA · verifiable peer identity at N32pilot support
Roadmap — STIX 2.1 / TAXII · first-class --nf-id argroadmaproadmaproadmap
Metered by usage (per transaction / message / seat)nevernevernever

The transparency log is append-only, Ed25519-signed and anchored to Bitcoin via OpenTimestamps — tamper-evident today; independent third-party witnessing is the next step (it already speaks the C2SP witness protocol, so any external witness can co-sign). STIX 2.1 over TAXII, and the first-class typed --nf-id argument are on the roadmap — everything else in this table is shipped & live.

The ROI isn't a promise — it's the costs the flat line takes off your books.

A predictable figure is only half the case. The other half is what it removes: analyst hours, de-peering delay, incident-reporting effort, audit repetition, and re-platform risk.

Analyst hours you stop burning

Correlating a rotating, meaningless last IP across IPX hubs, roaming partners and three clouds is manual, and it never converges. The graph collapses the rotation to one operator — infrastructure genealogy for the cloud hops, a JA4 client fingerprint for a proxy swarm — with a replayable evidence chain. The hours go back to your SOC, and the meter never punishes them for looking harder.

One revoke, not a bilateral de-peering

A compromised NF or interconnect identity is op:revoked worldwide at DNS-TTL speed — one signed record pulled, propagating at cache-TTL. No per-operator CRL you hope every partner fetched, no slow, commercial, bilateral de-peering. The blast radius is one /128, never a shared private root.

Faster NIS2 Art.23 reporting

When the clock runs a 24-hour early warning, a 72-hour notification and a one-month final report, an attribution you can replay — the operator behind a rotating IPX egress, named with a reproducible evidence chain — is the difference between a warning you can file and a blank one. The final report writes itself from the transparency log.

Audit effort you don't repeat

Findings arrive mapped to NIS2 Art.21/23, the EU 5G Toolbox and GSMA FS.36, and every mint and revoke is already in a public, Bitcoin-anchored ledger your regulator can replay. The compliance artefact is a byproduct of the tool, not a separate consulting line. Honest status: the log is tamper-evident today; independent witnessing is next.

Re-platform risk you avoid

This is real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers — anchored in the public DNSSEC root, not a private CA you'd one day have to migrate off. Longevity is the cheapest line in any TCO.

No shadow costs at renewal

No per-message true-up, no per-seat creep as your SOC grows, no data-egress fee, no second PKI to operate. What you forecast in year one is what you sign in year three — the number a CFO can actually plan around.

A pricing model can be an attack surface. Ours isn't.

If security is metered, an adversary can run up your bill, and a defender rations their own hunt. We priced those failure modes out.

"If attribution is metered, do my analysts have to ration lookups in the middle of an incident — across roaming and IPX?"

Never. The graph is unmetered on the keyed tiers — identify, walk, history and Cypher run as hard as the hunt demands, and so does op:lookups on who's enumerating your NRF. There is no per-query line for an attacker to inflate and none for a defender to fear.

"Does my bill spike when I'm under attack, or just when I add NFs, a slice, or a new roaming peering?"

Neither. The price is per-NF, set once, for the term. A signaling flood, an NRF-enumeration campaign, or lighting up a new N32 peering moves your risk — it doesn't move the invoice. The meter that would have peaked during the incident simply doesn't exist.

"Is the free tier a real capability or a trap that expires into a sales call?"

Real, and permanent. Keyless verify is anchored at the IANA root — our own API is not in the trust path, so we couldn't gate it if we wanted to. Verifying an NF's identity is a public check that a roaming partner or regulator can run against the DNSSEC root; charging for the truth would defeat the point.

Straight answers, before the call.

BILLING

What exactly is metered?

Nothing by usage. You pay a flat rate per NF, per year. No per-API-transaction charge, no per-signaling-message fee, no per-query graph fee, no per-analyst seat, no data-egress bill. The only variable is how many NFs the program covers.

ENTRY

Can I try it without procurement?

Yes — keyless verify is free and needs no account. Run whisper verify --trustless today — resolve, reverse-resolve and read RDAP for any /128, no key; a POC then hands you a handful of NF /128 identities to provision and prove the control plane on your bench.

GROWTH

What happens as I add NFs, slices or peerings?

The per-NF rate holds; the total scales linearly and predictably with NF count, quoted in writing for the term. No usage true-up, no renewal surprise, no penalty for a busy or attacked core.

STACK

Is this on top of my SIEM and firewall cost?

It's a feed into the signaling firewall, SEPP and SIEM you already run — the Splunk and Microsoft Sentinel connectors ship today — not a replacement and not a second console to staff. It makes the tools you already pay for sharper, and never replaces mTLS or OAuth2.

RESIDENCY

On-prem or hosted?

Either. The Enterprise tier runs on-prem or in your own tenant, so the graph and per-NF logs stay where your regulator needs them — NIS2 and data residency by construction, at no metered premium.

EXIT

What if I stop?

Identities are DNSSEC/DANE objects you can verify independently, every mint and revoke is in a public transparency log, and evidence exports are open formats (CEF, ECS; STIX and per-sector JSON on the roadmap). There's no proprietary lock on your own attestations or your compliance record.

Flat depth on top of the stack you already run — it doesn't replace a line, it de-risks the whole one.

You already pay for a signaling firewall, a SEPP at the N32 border, an operator PKI, and a SIEM — and you should keep every one; Whisper is additive to all of them and never replaces the mandatory mTLS + OAuth2 that binds an NF at the handshake. Where a per-message signaling cloud makes the bill unforecastable and a rigid carrier suite makes you buy modules you don't need, a flat per-NF line adds the layers no one else owns — a publicly verifiable NF identity (DNSSEC + DANE, no cross-certification), cross-operator attribution across rotating IPX and cloud egress, and revocation at DNS-TTL — without a meter and without a new silo.

Pricing modelForecastable?Meter spikes under attack?
Per-message / usage-metered signaling cloudhardyes
Rigid multi-module carrier suite (six-figure floor)partlyn/a — over-scoped
Whisper — flat per-NF / yearyesno

It makes the signaling firewall, SEPP and SIEM investments you already carry sharper, as a machine-readable feed — not a thing they compete with. It anchors at the IP / DNS / transport boundary, complements your private PKI and never sits inside the signaling plane. See the full comparison →

One flat number. Every NF, accounted for.

Keyless verify is free forever — start there, no account. When you're ready, a core quote is one flat per-NF/year figure you can forecast and defend against core-network economics. No meter, no surprise at renewal.

Or run whisper verify --trustless right now — it costs nothing.