Products
Vulnerability Scanning.
Managed, IP-based vulnerability scanning across external and internal estates. Scoped, scheduled, and tracked - so you get recurring CVE visibility without running a scanner yourself.
A dashboard with deduplicated findings, full history per finding, and reports your auditors and customers can use. One-off or monthly, transparent published pricing from £1.60 per IP.
What's covered
A managed scanning service, not just a tool licence.
We run the scanning, surface a deduplicated and prioritised list, and give you the dashboard, history, and reports your team and your auditors actually need.
Unauthenticated network-view coverage
Scans run unauthenticated - the same network view a real attacker has of your perimeter or your internal estate. For credentialled deep-testing of specific apps or hosts, that's a pen test; vulnerability scanning sits alongside, providing the recurring CVE visibility a project-based test can't.
CVE-mapped vulnerability coverage
CVE-mapped issues, missing patches, weak configurations, exposed services, and outdated software - backed by commercial vulnerability feeds, refreshed continuously.
A managed list, not a 400-page dump
Findings are deduplicated against prior cycles and known false positives are suppressed before they reach your dashboard. You get the manageable list of issues actually worth acting on - not the raw scanner output.
Reports your team and auditors can use
Severity-ranked findings with remediation notes for engineers, an executive summary for stakeholders, and a sanitised report you can share with auditors or customers.
Pricing calculator
Get an instant estimate.
Minimum 50. More than 1000?
Talk to us.
Estimated price
£80
/ month
How it works
From scoping call to first prioritised list, in days.
A predictable cycle that respects your change-control process and your engineers' time. No surprise charges, no surprise outages.
1. Scope
Agree IP ranges, scan windows, and an escalation contact. Scope is fixed in writing - no surprise charges if your estate grows mid-cycle.
2. Baseline scan
First run goes wide. Findings are deduplicated and prioritised by severity, and your first list lands within five working days of onboarding.
3. Recurring cadence
On subscription, scans run on a monthly cadence. Your dashboard surfaces total open findings, new this cycle, and reopened - so you see drift, not just snapshots.
4. Critical findings
When a high-risk issue lands, it's flagged at the top of your dashboard and sent to your nominated contacts by email. You don't have to be watching the dashboard to know a critical CVE just turned up in your estate.
Vulnerability Scanning vs CSAS
Two different questions, two different products.
Both run on a continuous cadence. They're not the same thing.
Vulnerability Scanning
“What's vulnerable?”
Identifies known vulnerabilities (CVE-mapped) across your IPs. Outputs a prioritised list of issues to fix. Cheaper, broader IP coverage. Good when you need recurring CVE visibility.
From £80/month at 50 IPs.
CSAS Visibility
“What's actually exploitable?”
Autonomous penetration testing - the platform attempts attacks, validates impact, and shows attack chains. Stronger evidence for auditors and customers. Same 50 IP minimum.
Deliverables
What you get every cycle.
The same outputs land every cycle - so you can build them into your patching, reporting, and audit cadence.
Scoped, scheduled scans
One-off or monthly cadence, with agreed scan windows that respect your change-control process.
Findings dashboard
Total open, new this cycle, and reopened - surfaced at the top. Every finding carries severity, status, first-seen date, and a full history, so you can prove what was fixed and when.
Engineer-ready remediation
Plain remediation guidance with reproduction context. Built so an engineer can act on it without translating CVSS into action.
Auditor friendly evidence
Sanitised report exports on demand for ISO 27001, Cyber Essentials Plus, customer assurance questionnaires, or internal audit.
Common questions
Frequently asked questions.
Is this the same as a penetration test?
No. Vulnerability scanning identifies known issues across a wide IP range. A penetration test is a manual, tester-led exercise that demonstrates impact on a smaller, scoped target. Most clients run scanning continuously and a pen test annually - the two complement each other.
Will scans disrupt our production environment?
We agree scan windows and rate limits at scoping. Scans are tuned to be safe against modern infrastructure, but if you have fragile legacy systems we adjust accordingly - or exclude them from active probing entirely.
How do you handle false positives?
Findings are deduplicated against previous cycles and known false positives are suppressed before they reach your dashboard. If a finding looks wrong on your end, flag it and we'll suppress it from future cycles.
Do you provide retests after we patch?
Yes. Retesting of remediated findings is included on subscription cycles. For one-off engagements, retesting can be added up front or as a follow-up.
Does this support compliance evidence?
Reports are exportable in a sanitised format suitable for ISO 27001 (A.8.8 - technical vulnerability management), Cyber Essentials Plus, and customer assurance questionnaires. We are not a PCI DSS Approved Scanning Vendor (ASV); for ASV-attested external scans you'll need a separate supplier alongside.
What happens with new IPs we add mid-cycle?
Add them at the next cycle, or contact us for a mid-cycle update. Scope changes are handled in writing so cost and coverage stay predictable.
Get started
Calculator above. Quote below.
Pick your IP count and billing preference. We'll send a written quote, an onboarding plan, and a first-cycle date - usually within two working days. Your first prioritised findings list lands inside the following week.