Perimeter scans your internet-facing assets for CVEs, exposures and misconfigurations with Nuclei — then ranks every finding by EPSS (exploit likelihood) and the CISA KEV catalog so you fix the four that matter, not the four hundred that don't. Cloud-based, no appliance, free to start.
A traditional scanner hands a non-expert a flat list of a few hundred CVSS scores and walks away. Without a security team, you can't tell which ones an attacker will actually use. Perimeter fixes that with a transparent, tunable risk score:
risk = 0.40·CVSS + 0.30·EPSS + 0.20·KEV + 0.10·asset-criticality → 0–100
A KEV-listed RCE on your VPN appliance shoots to the top; an unauthenticated low on a dev box sinks. No proprietary black box like VPR or TruRisk — you can see and adjust the weights.
Nuclei's curated CVE templates against your live web apps, APIs, mail, VPN and edge services — enriched daily with EPSS and KEV.
Open databases, exposed admin panels, default credentials, directory listings, leaked secrets, security-header gaps.
Expiring or mismatched certs, weak ciphers, deprecated TLS — mapped to the crypto controls auditors ask about.
A scan result on its own is just a CSV. Perimeter turns each finding into audit evidence — auto-mapped to PCI DSS 11.3, SOC 2 CC7.1, ISO 27001 A.8.8 and CMMC RA.L2-3.11.x with a timestamp — and tracks it to closed with owners, SLA dates (KEV findings inherit CISA's due date) and rescan-to-verify.
PCI 11.3, HIPAA 2026 and CMMC all require internal and external scanning. Perimeter pairs this external scanner with internal authenticated scanning (OpenVAS) and container/SBOM scanning (Trivy) via the Lookout agent — and it all rolls up into one attack-surface and continuous-scanning view.
No. External scans run from a hosted cloud runner — nothing to rack. Internal scans run on the lightweight Lookout agent on a box you already have, so you skip the $8–9k/yr appliance fees Qualys charges.
PCI 11.3 requires both internal and external scans. Perimeter does both and tags findings 11.3.1/11.3.2 — see compliance.