Services Compliance About Us Customers Contact Us
SK|EN
Back to Services
06 — Vulnerability Scanning

Vulnerability Scanning

You don't know what you don't know. A vulnerability scan reveals critical security gaps in your infrastructure before attackers find them — and for organisations under the Cybersecurity Act it is mandatory.

ZKB Mandate
Statutory requirement for ZKB entities
Hardware Probe
Physical device for internal network
CVE & CVSS
Prioritised by severity
What's Included

Complete Scan and Remediation Cycle

From probe delivery to a verification scan after remediation — we cover the entire process of identifying, prioritising and reporting vulnerabilities in your infrastructure.

Scanning Probe Delivery
Physical or virtual device deployed into your internal network for authenticated scanning independent of the perimeter.
Initial Comprehensive Scan
Full first scan of the entire IP infrastructure — servers, network devices, workstations, OT/IoT devices.
CVE Identification with CVSS Score
Every vulnerability found is mapped to a CVE entry with a CVSS v3 score — an objective severity measure per NIST standard.
Regular Repeat Scans
Monthly or quarterly scans per ZKB/NIS2 requirements — continuous monitoring of new vulnerabilities in the environment.
Differential Analysis
Comparison of results between scans — overview of new, resolved and persistent vulnerabilities for a given period.
Vulnerability Prioritisation
Vulnerabilities ranked by CVSS score, active exploitation (CISA KEV) and infrastructure context for efficient remediation.
Executive Report
Clear management report with visualised security score, trend and recommendations — no technical jargon.
Technical Report
Detailed technical output for the IT team — each vulnerability with CVE, description, impact, affected systems and remediation steps.
Verification Scan
Confirmation scan after remediation — verifying vulnerability removal and issuing a verification certificate.
Vulnerability Register
Maintaining a central vulnerability register with history, remediation status and responsible parties for audit trails.
ZKB/NIS2 Compliance Reports
Reports directly addressing requirements of Decree 362/2018 and NIS2 — ready for submission to the regulator or auditor.
Remediation Consultation
Technical consultation on prioritising and remediating critical vulnerabilities — including patch management recommendations.
Who It's For

Who Needs Vulnerability Scanning

  • Organisations subject to the Cybersecurity Act (Act No. 69/2018) — scanning is an explicit statutory requirement
  • NIS2 essential and important entities required to implement risk assessments
  • Financial institutions under DORA with ICT risk management requirements
  • Companies seeking ISO 27001 certification with a mandatory risk assessment process
  • Organisations with complex IT infrastructure lacking systematic vulnerability management
  • Companies after a security incident seeking attack entry points
Problems We Solve

What Happens Without Scanning

  • Critical CVE vulnerabilities in production undetected for months — ideal ransomware entry point
  • ZKB or NIS2 audit reveals absence of vulnerability records and scan history
  • Outdated software with publicly available exploits actively used by attackers
  • ISO 27001 certification audit fails in the first phase without a basic risk assessment process
  • Post-incident response reveals a vulnerability that scanning would have detected months earlier
  • Regulator imposes a fine for failure to comply with the security risk assessment obligation
Regulatory Requirements

Vulnerability Scanning as a Statutory Obligation

For entities under the Cybersecurity Act, regular vulnerability assessment is explicitly required by decree. For NIS2 and ISO 27001 it is part of the mandatory risk management process.

ZKB
Act No. 69/2018 + Decree 362/2018
NBÚ Decree No. 362/2018 requires essential services to implement vulnerability assessment of networks and information systems, including regular scanning.
NIS2
Directive (EU) 2022/2555
NIS2 requires essential and important entities to conduct risk and vulnerability assessments as part of technical measures under Article 21 — regularly and with documentation.
ISO 27001
Risk Assessment — Annex A.8
ISO/IEC 27001:2022 requires identification, analysis and evaluation of information security risks, including systematic vulnerability scanning as an input process.

Find Out What Attackers Know About Your Network

Contact us for a free consultation. We will design a scanning plan tailored to your infrastructure and regulatory requirements.

Contact Us