Continuous external attack-surface management and internal authenticated scanning in one tool, at an SMB price — with every finding ranked by real-world exploit likelihood and auto-mapped to your compliance controls.
Free tier is genuinely useful: real engines, real EPSS + CISA KEV prioritization, no credit card.
Most scanners hand a non-expert a wall of 400 CVSS scores. Perimeter ranks by CVSS + EPSS (exploitation likelihood) + CISA KEV (confirmed in-the-wild) + your asset criticality — the prioritization layer Tenable and Qualys charge extra for, free here.
Discover domains, subdomains, IPs, certs and exposed services from the internet. Detect subdomain takeover and attack-surface drift week over week.
Authenticated network scans (OpenVAS), OS-package and container CVEs, IaC misconfig, and SBOM/dependency CVEs (Trivy) via the Lookout agent.
Every finding auto-maps to NIST CSF, SOC 2, PCI 11.3, ISO A.8.8 and CMMC RA.L2-3.11.x — a scan becomes audit evidence with a control reference and timestamp.
A new dev subdomain pointing at an unclaimed S3 bucket. A wildcard cert 22 days from expiry. A KEV-listed RCE on your VPN appliance. Perimeter watches continuously and tells you the moment something new appears — then tracks it to closed with owners, SLAs, and rescan-to-verify.
| Perimeter | Intruder | Detectify | Nessus Pro | |
|---|---|---|---|---|
| External ASM | Yes | Yes | Yes | Add-on |
| Internal authenticated VM | Free tier | $499 Pro | No | Yes |
| Container / SBOM scanning | Yes | No | No | No |
| EPSS + KEV prioritization | Free | Yes | Partial | No |
| Maps to compliance controls | Native | Thin | No | No |
| Starting price | $0 | $149/mo | ~€82/mo | $4,390/yr |
Pricing as published by each vendor; see our full comparison.