Essential and Pro

These plans use an automated vulnerability scanner, offering continuous monitoring of both your internal and external systems. The tool checks for thousands of known vulnerabilities, including:

  • Infrastructure weaknesses

  • Missing patches

  • Encryption weaknesses

  • Common mistakes & configuration weaknesses

  • Attack surface reduction

  • Application bugs

  • Web-layer security problems (such as SQL injection and cross-site scripting)

Whilst the checks are the same, the plans do differ in terms of their features – most notably, Essential users are entitled to one scheduled scan per month; whereas Pro users are permitted unlimited on-demand scanning; various integrations; and smart features such as Emerging Threat Scans, Smart Recon and Network view (to help you keep track of what's exposed to the internet). It's also worth noting that the Pro plan permits you unlimited users, whereas Essential is capped at two.

Learn more, or review pricing here.


This plan is more of a 'managed vulnerability scanning' service. Again, it is continuous and includes all the same checks mentioned above 👆, but appeals to those users that want their automated results to be checked and supplemented with a handful of manual penetration testing activities. These include:

  • The chaining of vulnerabilities (where appropriate)

  • Contextualisation of issues as they relate to your business

  • Investigation of false positives and their removal from scan results

  • Option to add free-form bug hunting

For indicative pricing, or more details please reach out to a member of the team via our chatbot.

Manual penetration testing

Our manual pen-test service can include the automated checks mentioned above, but its value is owed to the professional conducting the test. Not only are they able to expose weaknesses that could go otherwise undetected by a machine, they are responsible for exploiting them as a way to gauge the threat they pose.

Some of the differences that a pen-test can provide:

  • Identification of publicly accessible files that may contain sensitive company information (only decipherable by the human eye)

  • Identification of multiple lower risk vulnerabilities that, in the context of the organisation, could be dangerous if combined

  • Exploitation of credentials (dictionary attacks; breached credential stuffing; authenticated scanning and brute-force)

The service also includes a re-test so that customers have the opportunity to execute any recommended remediation before they are issued a final bill of health.

Given that this assessment is bespoke, penetration tests are scoped on a case by case basis. If you would like further information or to enquire about pricing, then please reach out via the chatbot.

So what should I choose?

If you're still unsure as to what service you need then perhaps it would be worth hitting the button below. It will take you through to a blog post we wrote, outlining the differences between vulnerability scanning and penetration testing. Hopefully by the end of it, you'll have a clearer idea of what solution would work best for you and how Intruder can help you achieve your cyber security goals.

If you would like to discuss anything mentioned above, or have any further questions, please feel free to reach out to a member of the team via our chatbot.

Did this answer your question?