Each plan is designed to cater to a different audience and those most suited to our Essential plan would be early-stage start-ups or SMEs with a limited internet footprint and those that rely mostly on open-source software and devices.
On the Essential plan, you’re entitled to one editable scheduled scan per month, an unlimited number of ad-hoc scans, two users and Smart Recon (which tells you exactly how many of your systems are active and require a license to scan them – after all, there’s no point in scanning targets that aren’t exposed to the internet).
This plan uses OpenVAS under the hood, boasting almost 17,000 checks, including these common Infrastructure weaknesses:
• Missing patches
• Encryption weaknesses
• Common mistakes & configuration weaknesses
• Attack surface reduction
• Application bugs
• Web-layer security problems (such as SQL injection and cross-site scripting)
Catering to a slightly different audience, this plan is suitable to those that host their own
servers; run enterprise solutions (Exchange, VPN endpoints etc); or have a need to cover internal systems that aren’t exposed to the internet.
This plan comes with a suite of additional features – most notably unlimited scheduled
and on-demand scanning; internal vulnerability scanning (via an agent) and various integrations including ticketing systems (for shipping vulnerabilities from Intruder to your preferred platform); collaboration tools (so you can be alerted via your favourite messaging app) and cloud environments (so you always know what’s going on with your cloud assets).
With the Pro plan, users benefit from ~140,000 checks for both internal and external vulnerabilities, courtesy of the underlying scanning engine powered by Tenable.
This plan is geared towards young companies scaling quickly, with a large attack surface or cloud infrastructure where there is a need for continuous monitoring and a desire for supplementary support.
In addition to all the Pro features, Premium users benefit from Continuous network scanning’, Priority Emerging Threat Scans and Rapid Response – which takes proactive scanning one step further. The latter means that before checks are even released, Intruder has scanned users’ networks and issued advisories with details and recommendations.
Preferential support can be supplemented with bolt-ons, which include bug hunting; weak credential checking (for Microsoft accounts using common or default passwords); and ‘ask a security expert’ credits which can be used for false positive checking, investigating an issue, extended remediation advice or further discussion of ETS or Rapid Response.
This plan is a hybrid vulnerability management solution with our continuous penetration testing capability.
It includes all the same checks you'd get with the Pro plan, but appeals to those that would benefit from a team of security professionals dedicated to proactively identifying weaknesses in their assets. Our highly skilled security professionals have a knack for discerning minor vulnerabilities in scan reports which in combination are greater than the sum of their parts. These include:
The chaining of vulnerabilities (where appropriate)
Investigation of false positives and their removal from scan results
Impact review: if the scanner flags something that looks interesting, the team will manually investigate further to see if it can be exploited
Contextualisation of issues as they relate to your business
Vanguard advisories (when applicable): emails that inform you of any additional weaknesses that the team have uncovered during their investigations
Option to add free-form bug hunting
For indicative pricing, or more details please reach out to a member of the team via our chatbot.
Users have the option to add Authentication licenses to any of the plans mentioned above. This feature expands the scanning capabilities and would be especially valuable to:
Anyone managing a web-app with a login page – the functionality available to authenticated users is often much more sensitive and would pose a greater risk if exploited by a malicious authenticated user.
Developers/managers that are seeking reassurance that any updates they’re releasing are free of vulnerabilities.
Anyone needing to satisfy a client or compliance requirement for authenticated web-app scanning.
For more information, have a read of our Authenticated Web app scanning article.
Manual penetration testing
Our manual pen-test service can include the automated checks mentioned above, but its value is owed to the professional conducting the test. Not only are they able to expose weaknesses that could go otherwise undetected by a machine, they are responsible for exploiting them as a way to gauge the threat they pose.
Some of the differences that a pen-test can provide:
Identification of publicly accessible files that may contain sensitive company information (only decipherable by the human eye)
Identification of multiple lower risk vulnerabilities that, in the context of the organisation, could be dangerous if combined
Exploitation of credentials (dictionary attacks; breached credential stuffing; authenticated scanning and brute-force)
The service also includes a re-test so that customers have the opportunity to execute any recommended remediation before they are issued a final bill of health.
Given that this assessment is bespoke, penetration tests are scoped on a case by case basis. If you would like further information or to enquire about pricing, then please reach out via the chatbot.
So what should I choose?
If you're still unsure as to what service you need then perhaps it would be worth hitting the button below. It will take you through to a blog post we wrote, outlining the differences between vulnerability scanning and penetration testing. Hopefully by the end of it, you'll have a clearer idea of what solution would work best for you and how Intruder can help you achieve your cyber security goals.
If you would like to discuss anything mentioned above, or have any further questions, please feel free to reach out to a member of the team via our chatbot.