Daily Vulnerability Scanning Service

Enables you to detect and address internet vulnerabilities early – like a security guard for your digital safety.

This professional service checks your company for vulnerabilities before attackers do and is NIS2 compliant.

Get Started Today

Effective Protection Summed Up

Critical vulnerabilities allow attackers full access to your systems. The industry-standard CVSS rates these vulnerabilities as critical. Various studies show that over 60% of attacks on companies and public assets are due to such vulnerabilities – despite the fact that solutions were available at the time of the attacks.


Our own editorial tests, conducted in collaboration with renowned news magazines NZZ, 20 Minuten and Inside-IT, confirm the urgent need for action. Critical vulnerabilities were found in numerous companies and public institutions.


Our daily vulnerability scanning service immediately reduces this risk. We scan all your internet-exposed systems daily, assess vulnerabilities using CVSS, and alert you immediately if critical vulnerabilities are detected.

NIS2-Compliant Vulnerability Scanning Service

From October 17, 2024, the EU's NIS2 Directive (Network and Information Security 2) will be in force across all EU member states. This directive, implemented through national laws, explicitly includes supply chains and partner companies. This has direct implications for Swiss companies operating in or with the EU. Non-compliance with the NIS2 Directive can lead to significant fines. Moreover, management is personally liable and can be held accountable for non-compliance with the directive.

To meet the NIS2 Directive requirements, organizations are required to conduct regular vulnerability scans (CHAPTER VI, Article 32). Our service offers you a fully NIS2-compliant solution. We continuously monitor your IT infrastructure, identify vulnerabilities, and report them in a timely manner. This helps you meet the strict security requirements of the directive and protect your systems.

Contact Us

Details

Using the market-leading vulnerability scanner, our professional managed service helps you identify vulnerabilities instantly. 365 days a year with automated alerting.

  • We scan all your publicly accessible assets on the internet daily for configuration errors and vulnerabilities, ensuring continuous security monitoring and compliance of your systems.
  • Both FQDNs and IP addresses can be scanned. All known services on these systems are checked, including web, mail, VPN, and cloud servers, firewalls, routers, load balancers, and many other components.
  • Receive comprehensive reports that provide you with clear insights into the identified vulnerabilities, including their severity (according to the CVSS industry standard) and potential impacts.
  • Thanks to our automatic alerting, you are immediately informed when relevant vulnerabilities are discovered. This allows you to act proactively before potential attackers can exploit them.

Our service can be used immediately without requiring adjustments to your IT. This not only saves valuable resources but also allows you to monitor your security daily.

  • Our reports include not only technical details but also contextual information to help you better understand the vulnerabilities and respond appropriately.
  • The reports are presented in a user-friendly format, making it easy for non-technical decision-makers to interpret the information.
  • Our service offers the flexibility to customize your scans and reports to meet your specific requirements and industry standards.
  • Our services adhere to common security standards (CVSS) and certifications to ensure your organization meets compliance requirements.

Certifications and Compliance Requirements

Our daily vulnerability scanning service plays a crucial role in meeting the requirements of various industry certifications and compliance standards. These scans help companies identify and remediate security gaps early, which is essential for compliance with standards like NIS2, TISAX, ISO/IEC 27001, PCI-DSS, and others. This sustainably strengthens overall IT security and effectively supports compliance with important certification requirements.

  • NIS2 (Network and Information Security Directive 2)

    Relevance: NIS2 obliges operators of essential services and digital service providers in the EU to improve their network security and actively manage cyber risks.

    Usefulness: Daily vulnerability scans are an essential part of risk mitigation required by NIS2. They help identify and remediate potential vulnerabilities before they can be exploited.

  • Relevance: TISAX is an audit and exchange mechanism used by the automotive industry to assess information security standards.

    Usefulness: Vulnerability scans support compliance with TISAX information security requirements. Continuous monitoring and remediation of vulnerabilities demonstrate a high level of security practices necessary for certification.

  • Relevance: ISO/IEC 27001 is a globally recognized standard for information security.

    Usefulness: Vulnerability scans are part of the technical management of information security risks. Regular scans support the continuous improvement of security management and are a practical measure to comply with ISO 27001 controls.

  • Relevance: This standard focuses on the quality of IT service management.

    Usefulness: Regular vulnerability scans help ensure the availability and integrity of IT services, a critical criterion for ISO/IEC 20000.

  • Relevance: PCI-DSS is a security standard for organizations that work with credit card data.

    Usefulness: Vulnerability scans are a mandatory component of PCI-DSS compliance. Daily scans can help quickly identify and remediate potential compliance violations.

  • Relevance: Although GDPR primarily focuses on the protection of personal data, security measures to protect this data are essential.

    Usefulness: Identifying and remediating vulnerabilities allows your company to demonstrate that it is taking appropriate technical measures to protect personal data, a requirement of GDPR.

Number of newly discovered vulnerabilities from 2000 to present

New Vulnerabilities Every Day

The number of newly discovered vulnerabilities is continuously increasing. There are already over 200,000 vulnerabilities with ongoing growth. These vulnerabilities are rated using the Common Vulnerability Scoring System (CVSS), a standardized and objective rating system that determines the severity of security flaws (vulnerabilities).

Last year (2023), the newly occurred vulnerabilities were categorized as follows:

Critical 4562
High 10829
Medium 12732
Low 2790

(Critical and often highly rated vulnerabilities allow attackers to not only take over the entire system but, in many cases, also gain access to the entire company or institution.)

Checking your systems for vulnerabilities daily is essential. Worldwide, over 60% of all successful cyber-attacks occur directly through vulnerabilities for which solutions were available at the time of the attack.

Over 60% of all cyber-attacks could have been prevented by using free patches and updates. Yet, even years-old vulnerabilities are often exploited because they were overlooked. These open vulnerabilities provide attackers with easy and cost-effective access to companies.

Our scanning service alerts you immediately to critical vulnerabilities, allowing you to close them in time.

  • Companies and public institutions never patch about 30% of vulnerabilities

    Over 72% of public institutions and companies do not implement patches even 30 days after they are available.

    Even after 90 days, nearly 50% of companies have not closed the vulnerabilities. 30% never close them.

    Attackers often exploit vulnerabilities within days of their release.

  • Ransomware attacks have proven to be highly successful through multiple extortion tactics, and often entire companies and public institutions are affected after an intrusion via an open vulnerability. The consequences include:

    1. Encryption of files in the internal target network

    2. Exfiltration combined with the threat to publish stolen data

  • The cybercrime damages calculated by the Digital Association Bitkom in Germany amounted to 203 billion euros according to the 2022 Economic Protection Report and are about twice as high as in 2019.

    Damages have also increased in Switzerland. According to PwC, the average damage for a medium-sized company in Switzerland is around 6 million CHF.

  • It is estimated that a new cyberattack occurs worldwide every 39 seconds, equating to approximately 2,244 attacks per day. Companies and organizations must prepare for a continuous and growing threat from cyberattacks and take appropriate protective measures.

 

Benefits of Our Service

Our daily vulnerability scanning service offers industry-leading protection through the use of the market-leading vulnerability scanner, which has the highest detection rate of vulnerabilities and the lowest error rate (Six Sigma).

Unlike open-source or self-developed solutions from other providers, our scanner detects new vulnerabilities the fastest, enabling immediate action. We scan your public assets daily and offer this NIS2-compliant service at a highly competitive price to ensure you are always optimally protected.

Contact Us

Flyer download

Summary PDF flyer of the scan service for download

Deutsch

PDF Download

English

PDF Download

For SMEs and Public Institutions

As a reliable partner for SMEs and public institutions, we offer a first-class service to instantly detect and close potential security gaps. Whether you need to scan 1-2 or 1-2000 assets, we offer this NIS2-compliant service at a highly competitive price and check them all daily. Protect your data, strengthen your IT infrastructure, and rely on continuous security – daily, proactive, and reliable.

Contact Us

About innoSec

Founded in 2010 and based in Central Switzerland, innoSec GmbH stands for excellent cybersecurity consulting at the highest level. Its founder and CEO, Gunnar Porada, is a recognized expert in cybersecurity, enjoying an outstanding reputation far beyond the borders of Switzerland.

With over 25 years of experience in the cybersecurity industry, Gunnar Porada has successfully advised numerous large clients – including central banks, tech giants, and governments worldwide – and is considered one of the leading minds in this field. His expertise is regularly recognized by renowned media. Overall, he has been cited more than 10 times on television and over 100 times in reputable editorial publications. Below you will find the links to these, where available online – divided into TV and print.

Gunnar Porada is also active academically. He was Co-Director of the Cyber Security Competence Center at the University of Liechtenstein and has been lecturing at the renowned University of St. Gallen (HSG) for over a decade. He also captivates audiences at numerous live hacking presentations at major companies, trade shows, and international events around the world.

This unique combination of deep expertise, years of experience, and practical teaching makes innoSec GmbH an indispensable partner for those striving for the highest security standards in today's digital world. Gunnar Porada has also been active in the field of vulnerability management since 2000 and has built in-house solutions for various leading companies. He now offers this service to other companies at a lower cost than an in-house solution, but with the same top quality.

  • All
  • TV
  • Print
SRF ECO Cybercrime

SRF

ECO Cybercrime

Companies invest too little in security

ARD/BR/TAGESSCHAU24

ARD, BR, Tagesschau24, Phoenix

Documentary: Passports for Criminals

Dangers of biometric data. (DE/EN/ES)

BR

BR

Kontrovers Credit Card Fraud

Pickpockets with a phone and antenna

ServusTV

ServusTV

Talk in Hangar-7

Have we lost all control?

ARD

ARD

report München

Cybercrime is spreading

ZDF

ZDF

WISO

Dangers of Online Banking

ZDF

ZDF

heute journal

PRISM: How Does XKeyscore Work?

ARD

ARD

Money Guide

Online Banking: How criminals empty accounts

ARD

ARD

Plusminus

Internet: Dangerous data leaks

ARD

ZDF

WISO

Fingerprint scanners in registry offices vulnerable

inside-IT

9 critical Apache vulnerabilities at Swiss industry association

20minuten

IT staff do not admit mistakes and bosses cannot control them

NZZ

How secure are companies against cyberattacks? Not very much, as our test shows.

Tages-Anzeiger

E-Voting: Votes can be bought on a large scale

BR24

Codes and passports: How secure is biometric data?

zentralplus

Live Hack: How easy it is to gain control of someone else's bank account

St.Galler Tagblatt

Everyone is vulnerable

digital-liechtenstein

An urgent rethink is needed in the executive suites

Schweizerzeit

E-Voting: A doomed-to-fail prestige project

Wirtschaftszeit

University of Liechtenstein gains Gunnar Porada as expert

Luzerner Zeitung

Switzerland goes digital

Volksblatt Liechtenstein

Liechtenstein is also preparing for the "cyber war"

Swissinfo

Digital democracy in the political arena

SonntagsZeitung

E-Voting: Unsafe system and gag for critics

NZZ

Holes in the digital firewall

Inside Paradeplatz

The CEOs of our banks do not take cybercrime seriously

Tagesanzeiger

The federal government's cyber officials confuse

Beobachter

E-Voting is the best way to abolish democracy

NZZ

This cyber attack is just the beginning

Heise iX

Password myths and security theater: The sense of regular changes

Computerwelt

The EU Data Protection Regulation is coming! What now?

Federal Ministry of Defense and Sport

AVISO: Cyber threats and future challenges

Anzeiger D’REGION

Live Hacking and Cybercrime

Das Investment

This is how cybercriminals use the grandchild trick on companies

NZZ

Unencrypted credit card data - SIX Group sees no security risk

zentral+

Either you are hacked or you do not know it yet

Blick

IT experts warn after hack at Basel school

Baseler Zeitung

Twelve economics high school students hack the teacher's computer

Book: H@cked

An agent reports by Michael George, BayLfV

NZZ

Risky poker around the federal government's data network

NZZ

Not only Apple can read iMessages

Focus Online

Is Photo-TAN really secure?

Linux Magazin

Google's smartphone Linux is an easy target for attackers

PROTECTOR & WIK

Protecting financial institutions - unlocking synergies

Tagesspiegel

Off to the cloud

Süddeutsche

Every bank account is vulnerable

WELT

A hacker gives a lesson

Computerwoche

The dangers of the new identity card

Computerwoche

Malware everywhere

Computerwoche

This is how the web mafia recruits hackers

Heise Security

Insecure processing of fingerprints in registry offices

CIO

This is how the web mafia recruits hackers

Book: Pause Bitte

Gunnar Porada describes the change of sides as a hacker in his youth

Heise Telepolis

Hands off the fingerprints!

eGovernment Computing

Scanner is a weak point in the registry office

Spiegel online

Mass attack by the virus mafia: Nepper, Trafficker, Computer Catcher

Pricing

Our service includes vulnerability scans for companies and public institutions of all sizes. Billing is based on the number of monitored assets, be it IP addresses or FQDN (fully qualified domain name) and per year. We offer cost-effective entry-level conditions, especially for companies with a small number of assets. Furthermore, we also offer attractive prices on request for large companies, which are significantly cheaper than an in-house solution.

1-3 Assets

CHF 1'999per year

  • Daily scans
  • Immediate alerting
  • Monthly overall report
  • Support with vulnerabilities
  • Assistance with validations
  • Updating the scope
  • Management Summary
Inquire

4-10 Assets

CHF 5'000per year

  • Daily scans
  • Immediate alerting
  • Monthly overall report
  • Support with vulnerabilities
  • Assistance with validations
  • Updating the scope
  • Management Summary
Inquire

More Assets

on requestper year

  • Daily scans
  • Immediate alerting
  • Monthly overall report
  • Support with vulnerabilities
  • Assistance with validations
  • Updating the scope
  • Management Summary
Inquire

Questions and Answers (FAQ)

If your question is not listed, please contact us so we can answer it.

  • How does the innoSec daily vulnerability scanning service work?

    innoSec scans all your publicly available assets on the Internet daily for vulnerabilities using the market-leading vulnerability scanner as a service.

  • Each IP address or fully qualified domain name (FQDN) counts as one asset. Thus, sub-domain names are each an asset.

  • innoSec has developed its own tools to be able to use and offer the market-leading vulnerability scanner as a service. However, the actual scan is performed by the commercial scanner of the market leader.

  • Generally, you will not notice the scanning, as the scanner automatically checks the bandwidth of your internet connections and only uses a small portion of your capacity. The requests per scan amount to just a few kilobytes to your systems.

  • The daily vulnerability scanning service can be started immediately. You do not need to make any changes to your systems, as this scanning service works without access data.

  • In the daily vulnerability scan, all your public systems on the Internet are checked, such as cloud solutions, firewalls and proxies, web and mail servers, VPN, DNS, SIP, IoT devices, home office systems, and more. The market-leading industry-standard vulnerability scanner detects configuration errors, insufficient patch levels, insecure services, and other vulnerabilities. These are classified, evaluated, and described in detail.

  • If one or more vulnerabilities are detected during the daily scan, you will automatically receive an alert email notification with information on which assets are affected, the severity of the vulnerability(s), and recommendations for fixing the vulnerabilities.

  • The alert contains detailed information about the detected vulnerabilities, including the CVSS score to assess the risk, the affected assets, the potential impact, and the severity of the vulnerability, as well as specific recommendations for remediation and further references to additional sources and solutions. This information enables you to respond quickly and effectively to security threats and improve the security of your systems.

  • If a vulnerability is not fixed, your system remains vulnerable to attacks that can exploit that vulnerability. It is important to follow the recommendations from the scan reports and fix vulnerabilities as quickly as possible to minimize the risk of a security incident.

  • Vulnerabilities are rated based on their criticality. The evaluation is not based on discretion but is neutrally based on the industry-standard CVSS (Common Vulnerability Scoring System).

Contact

Your inquiry will of course be treated confidentially and is subject to our privacy policy.

Loading
Your message has been sent.