Security Stack Logo
Intruder logo

Vulnerability Management

Intruder

Continuous vulnerability scanning and ASM for external, cloud, and application exposures.

Risk-Based Vulnerability Management (RBVM)Attack Surface Management (ASM)

Intruder Overview

What it does

Intruder is a continuous vulnerability scanner and attack surface management platform monitoring internet-facing systems and cloud infrastructure to identify security weaknesses before exploitation. The platform automatically discovers new services exposed to the internet and scans for the latest vulnerabilities within hours of public disclosure, combining multiple scanning engines with proprietary intelligence to perform over 9,000 security checks across network infrastructure, web applications, and cloud environments (Amazon Web Services, Azure, Google Cloud).

How it works

Intruder integrates threat intelligence including CISA Known Exploited Vulnerabilities (KEV) list and Exploit Prediction Scoring System (EPSS) to prioritize vulnerabilities based on actual exploitation likelihood rather than generic severity scores. The platform filters false positives and provides detailed remediation guidance in concise, actionable formats without requiring deep security expertise, making enterprise-grade vulnerability scanning accessible to lean security teams.

Credentials and traction

Intruder is SOC 2 Type II certified. It ranked #38 on the 2023 Deloitte UK Technology Fast 50, the only cybersecurity company on that year's list of fastest-growing UK technology firms, and later earned a 2025 Cybersecurity Breakthrough Award and recognition as a 2025 Latio Cloud Security Innovator. More than 3,000 customers use the platform, including Drata, Virgin Active, Fujifilm, the NHS, and The Alan Turing Institute, spanning finance, healthcare, technology, higher education, and the public sector.

Key Capabilities

mapped to solution categories
Risk-Based Vulnerability Management (RBVM)

Assigns likelihood-of-exploitation scores using threat intelligence, vulnerability characteristics, and active exploit availability, independent of CVSS, which measures severity rather than exploitability.

Incorporates asset metadata (network exposure, business criticality, data classification) into vulnerability prioritization so that a critical CVE on an isolated internal test system ranks lower than a medium CVE on an internet-facing payment server.

Cross-references the vulnerability inventory against live threat feeds tracking CVEs under active exploitation in the wild, surfacing vulnerabilities with confirmed attacker activity.

Continuously discovers external-facing assets (domains, IPs, cloud services, APIs, certificates) including assets deployed outside the official inventory.

Creates tickets, assigns owners, and tracks remediation progress in ITSM platforms (ServiceNow, Jira), closing the loop between finding and fix rather than producing a static report.

Enforces remediation deadlines by severity, reports on SLA compliance, and escalates overdue findings through configured approval chains.

Recommends the minimum patch set that eliminates the highest-risk exposure (accounting for shared libraries and patch co-dependencies), rather than presenting a ranked CVE list.

Scans cloud resource configurations and container image CVEs alongside traditional OS and application vulnerabilities in a unified risk view.

Attack Surface Management (ASM)

Tracks SSL/TLS certificate expirations, newly registered lookalike domains, and subdomain takeover opportunities (dangling DNS records pointing to deprovisioned cloud services).

Continuously enumerates internet-exposed assets (domains, IPs, subdomains, certificates, cloud storage, APIs) using passive DNS, certificate transparency logs, and active probing, including assets outside the official inventory.

Ranks discovered exposures by combining exploitability signals, asset business context, and active threat intelligence to produce an actionable remediation queue.

Identifies cloud resources, SaaS applications, and exposed services deployed by business units without IT or security team visibility or approval.

Identifies software stacks, versions, and components running on discovered assets through passive banner analysis and active probing, mapping CVE exposure without authenticated scanning.

Compliance

certifications
SOC 2 Type II

Integrations

compatible tools
APIAWSAzureAzure DevOpsCloudflareDrataGitHubGitLabGoogle CloudJiraMicrosoft SentinelMicrosoft TeamsOktaPagerDutyServiceNowSlackSplunkVantaZapier

Implementation & support

Deployment model
SaaS
Pricing structure
Custom / EnterpriseFree TrialPer Endpoint
Support channels
Customer Success Manager (CSM)Email SupportKnowledge BaseLive Chat

Info last updated on May 27, 2026

Vendors

Is this your product?

Claim your profile to connect with the teams looking for your solutions.

Security Stack Logo

The curated research platform for enterprise cybersecurity solutions.

All product and company names, logos, and brands are property of their respective owners and are used on this website for identification purposes only. Security Stack does not endorse any vendor, product, or service listed, and makes no warranties, express or implied, as to the accuracy or completeness of this content, including any warranties of merchantability or fitness for a particular purpose.

© 2026 Security Stack. All rights reserved.