Sandline — Risk Based Security
Services

Vulnerability Assessment

Continuous, contextual vulnerability management across your infrastructure, web estate and code — powered by our Centraleyezer platform.

How we work

Where penetration testing is point-in-time and adversarial, vulnerability assessment is continuous and structural. We help you stand up a Risk-Based Vulnerability Management (RBVM) programme that is owned by your team, runs against your scanners, integrates with your ticketing system, and produces evidence on demand. The programme is powered by Centraleyezer, the RBVM platform we build, which scores findings by your business context — not by raw CVSS.

Outcomes

  • A single backlog of findings across all scanners, deduplicated and contextualised
  • Risk-based prioritisation that lets engineers focus on the 5% of findings that actually threaten the business
  • SLA-backed remediation workflows with full audit trail
  • On-demand executive, CISO and technical reports

Deliverables

  • RBVM programme design document
  • Centraleyezer deployment (SaaS or self-hosted)
  • Scanner integrations (Nessus, Qualys, Tenable, Rapid7, AWS Inspector, OpenVAS, etc.)
  • Custom DOCX report templates per stakeholder
  • Quarterly programme review

Engagement Workspace · 90 days free

Included with this engagement: a Centraleyezer SaaS deployment for 90 days where you generate reports on demand. At day 90 it either closes (your DOCX/PDF reports and attestation letter stay with you) or extends as a paid SaaS subscription if you want to keep using it.

Frequently asked

How is this different from running Nessus or Tenable yourself?

A scanner is a finding generator. A vulnerability programme is the operating model around it: deduplication across scanners, contextual prioritisation by business risk, SLA-driven remediation, exception handling, and the audit evidence. We stand up that operating model — typically powered by Centraleyezer — and operate it with you for as long as you need.

Which scanners do you integrate?

Nessus Professional, Tenable.io / Tenable SC, Qualys VMDR, Rapid7 InsightVM, Burp Suite Enterprise, Acunetix, AWS Inspector, Trivy, Shodan, SSL Labs, Wazuh, Detectify, Harbor, AgentSec, HCL AppScan, Red Hat Satellite, Censys, Invicti, CIS-CAT Pro, OpenVAS / Greenbone — plus a REST API for custom sources.

Is Centraleyezer mandatory?

No. The vulnerability programme can run on top of your existing tooling — we have stood up programmes on Jira, ServiceNow and Wiz when that was the right fit. That said, every Sandline engagement (pentest, red team, vulnerability assessment, incident response) ships with the Engagement Workspace — a free 90-day Centraleyezer SaaS deployment from which you generate reports on demand. After 90 days you can extend it as a paid SaaS subscription if you want to keep using it; otherwise the deployment closes and the deliverables (DOCX/PDF reports, attestation letter) remain yours.

How is risk scored?

Six factors: DREAD, asset criticality, network exposure, exploitability in your environment, CTI signals, and a Human-AI feedback loop tuned to your team’s actual response patterns. CVSS, EPSS and CISA KEV are ingested for traceability but are not used as scoring inputs.

Book a 30-minute call

Tell us about the regulation you need to satisfy and the systems in scope. We will come back with a scoping note and a fixed-price proposal within three working days.

Book a consultation