It can be difficult to know if a vulnerability scanner is any good, especially if you're testing it against your own systems, which at this point in time, may not have any security problems!

We think this is why most vulnerability scanners go out of their way to tell you there's something wrong, or at least flood you with information about things they've noticed about your infrastructure, such as the fact there's a web server running, or what type of encryption it offers. This might look impressive to begin with, but it doesn't help later on when you're flooded with information, and you're missing genuine security issues because there's too much noise.

At Intruder, we like to be a little different. If we don't think there's anything wrong with your security, we'll say so. Of course where we see small opportunities for improvement, we'll mention them - but we don't throw purely "informational" issues at you which don't need any action, we know you're too busy for that.

That doesn't mean you're losing out on anything important though, under the hood we use an enterprise-grade scanning engine, and if you haven't already, check out our article "What's the benefit of perimeter-specific results?" to see how we prioritise issues that most vulnerability scanners call "informational" that do actually matter in the context of your perimeter. 

Did this answer your question?