cyberscan.io®:
The next generation
IT security tool

Cyber security is essential for companies to optimally position themselves for the future and to benefit from global digitalization. But where exactly are the vulnerabilities in IT infrastructures and software systems that serve as gateways for cyber criminals?

Our IT security tool cyberscan.io® provides you with this information – up-to-date and based on a variety of renowned sources. This allows you to continuously monitor your system landscapes and quickly close security gaps.

Added values of cyberscan.io® at a glance

Identify
current cyber risks

Use the more than 130 cyberscan.io® integrated sources from diverse security tools to identify your own cyber risks. Our self-learning database (Big Data Repository) already contains over seven million bulletins, which will be matched with your data at the push of a button.

Minimize the impact of IT vulnerabilities

Accelerate your responsiveness with automated scans of your internal and external IT infrastructure – and minimize the impact of vulnerabilities. Depending on the demands, cyberscan.io® repeats the security tests daily, weekly or even monthly.

Constantly keep an eye on systems and vulnerabilities

Whether on local servers or in the cloud: Centralize your security data and infrastructure with the help of cyberscan.io® to always be informed about the current system status and to be able to effectively protect your own IT landscape against hackers and other cyber criminals.

Use cyberscan.io®
flexibly as a service

Relieve your IT team and use our powerful vulnerability and port scanner as a service. Without infrastructure costs and maintenance effort. We provide continuous updates so that your company is also protected against upcoming threats and you can focus on your core business.

How the IT Security Tool works

cyberscan.io® is a portal designed for security measures, combining functions of vulnerability scanner, penetration tool and open source intelligence tool. In just a few steps you get a comprehensive vulnerability view of your systems.

All IP addresses and sub-domains of a domain are identified and searched for vulnerabilities. After scanning your information, it is compared with a variety of reputable sources for threat analysis. The results, including risk classification, are clearly displayed in our dashboard and can be archived as a report for further processing.

cyberscan.io® is a business solution for the IT sector and was specially developed by our security experts in Germany. The IT security tool empowers professionals to efficiently perform key tasks such as alert management, vulnerability scanning, analysis and reporting.

Features at a glance

Incident Alert Engine

Automated notification of new vulnerabilities and security risks.

Management Portal

A clear all-in-one dashboard that allows to keep an eye on all your domains and IP addresses.

Automated Reporting

Automated and clear documentation of all key figures from cyberscan.io®.

Data Leak Monitoring

More than 15 million data leaks/data breaches in an integrated database for checking your own company email accounts.

Real Time Internet Montoring

Continuous scanning and consolidation of more than 130 internet sources (including Shodan).

Netzwerke & Organisation

Overview of the number of vulnerabilities within the networks to which your server belongs.

Big Data Respository

More than 7 million bulletins in our self-learning database – including 160.000 vulnerabilities included in the Public Vulnerabilities and Exposures (CVE) list.

Artificial Intelligence

AI-based vulnerability analysis and mapping in our database.

The most important questions & answers

What does cyberscan.io® do?

We are a company that pursues the goal of managing the risks of the digital transformation of companies. For this purpose, among other things, we regularly scan the domains of companies and government institutions for vulnerabilities in IT security with our self-developed external vulnerability scanner cyberscan.io® and create a vulnerability overview. The outer areas of the systems are checked via “portscan”, i.e. by scanning these systems for open ports. These ports are analyzed and the results are documented – but not used to penetrate the systems. There is no outflow, access or even modification of data.

With the help of the vulnerability overview, companies, authorities and courts can react better to dangers that arise from incomplete cyber security and thus protect themselves, their secrets and their own company data as well as the (personal) data of their customers, employees, users, members, etc. from hacker attacks.

Why am I being scanned?

This could be due to a number of factors, as vulnerability scanning is becoming more common in organizations for a variety of reasons. We have compiled the most common reasons for you:

Self-interest – Often security-conscious companies, such as our customers, initiate the scans themselves and repeat them at regular intervals. Are you already a customer? Then you can check your contract to see at what intervals your domain will be scanned. It could also be, for example, that one of your employees has registered on cyberscan.io® and activated the free trial package.

Shared servers – Often several domains are located on one and the same server. So it could well be that another customer of your hoster, whose domain is on the same server and thus has the same I.P. address, has initiated a scan.

Business partner monitoring – Due to the ever-increasing cyberattacks on supply chains, security-conscious companies not only monitor their own IT infrastructure, but also that of their business partners. So, as part of supply chain monitoring, one of your business partners may scan and check your domain for IT security.

Research – IT security companies and federal authorities (for example, the BSI) continuously investigate the IT security situation in Germany to produce studies and statistics. The DGC also uses spare capacity to generate valuable knowledge about the current threat situation.

How long does a scan take?

The duration of the scan of an IP depends on the services found, since each service found is scanned for vulnerabilities. As a consequence, many services lead to a longer scan duration. Another parameter is the number of IPs belonging to a domain. The interaction between the number of IPs and the number of services found can mean a scan duration of a few hours up to several days.

The actual scan time is influenced by the size of the system and the running services. First the port scan is performed and then the further queries for discovered open ports. This can take a few minutes, but also a few days.

Who can see the scan results?

Only a registered, authenticated and verified user can view detailed scan results. If a demo user requests scan results, only vulnerability totals are displayed. These vulnerability totals do not allow any conclusions to be drawn about the structure of the IT infrastructure or the cyber security status of a scanned domain owner. Only a user who has registered with the DGC, whose identity has been confirmed and whose right of access has been proven beyond doubt, is given the opportunity to view detailed scan results. For this purpose, we maintain a complex process that establishes the identity of the person requesting access to the scan results.

What does the DGC use this content for?

The scan results of an individual domain owner are not used by the DGC outside of a customer relationship. Due to the large number of generated scan results, we are able to map the current state of cyber security within the address ranges scanned by the DGC. With the help of the results generated by the DGC’s vulnerability scanner, the DGC has succeeded in the past in uncovering widespread, critical vulnerabilities and saving the affected companies from significant damage free of charge by means of information campaigns in the media or social networks set up at their own expense. Vulnerabilities discovered in the past include, for example:

Data Leak – Huge Data Scandal discovered in Germany
Open Git Directories compromise over 40,000 Websites in Germany

Do institutions other than the DGC have access to detailed scan results?

No, we do not grant other institutions access to detailed scan results.

Is it possible for scans to burden my IT infrastructure?

An infrastructure that is equipped with the latest updates and has been configured correctly from a technical point of view is not significantly burdened by the scans. Nevertheless, it may happen that the configuration of the monitoring solution on the web server triggers computationally intensive processes as soon as several requests are classified as failed. You can submit a request at the email address support@cyberscan.io to have your IP ranges excluded from our scans in the future.

What can I do myself if vulnerability scans cause problems for my infrastructure?

Use the configuration options provided by the web server, firewall or other devices you use. Depending on the manufacturer and provider, it can be configured to block or ignore requests that meet certain parameters. Limit incorrect login attempts. These configurations also contribute to the increased security of your business. For in-depth advice, feel free to contact us via email.

How can I access the results of my scan?

The scan results are only viewable by the DGC or the user account registered with the DGC. First register on cyberscan.io® and go through the verification and authentication process to view your detailed scan results. The results will remain visible for 14 days in the trial version. You have the option to purchase an account for 12 months with a Partnership Light, in which you can view the results for your domain with monthly, weekly or daily updates.

Do the scan results remain in Germany?

Yes, we keep the data in Germany. The servers hosting cyberscan.io® are located in a data center in Frankfurt am Main, Germany. The data center has obtained the following certifications and compliance standards and has them independently audited on a regular basis.

Certifications: BSI C:5, ISO 27001 family, SOC, PCI DSS, FedRAMP.
Compliance standards: HIPAA, DSGVO, CCPA

How can I prevent being scanned again?

By sending a support request to support@cyberscan.io, domains and IP addresses that have already been scanned can be excluded from being rescanned. Blocking a domain also includes blocking the display of that domain.

Where can I get advice on my security risks and vulnerabilities?

We offer prospects and customers to guide them through the vulnerabilities found and explain them in an understandable way. In addition, you will also receive suggestions for prioritization in the elimination of the vulnerabilities. Contact us now.

Am I being hacked right now? Is malicious code being transmitted/infiltrated?

No, you will not be hacked or attacked. We do not run malicious code or download data from you at any time.

Is scanning legal?

The use of the vulnerability scanner is compliant with the applicable law.

cyberscan.io®:
The backbone of holistic Cyber Security

cyberscan.io® constitutes the technical backbone of our holistic cyber security approach and is therefore included in every version of our Cyber Security Partnerships. Our services are cloud-based and do not require any special system requirements.

Regardless of the type of use, the security tool offers maximum flexibility: If your organization grows or changes in the course of digital transformation, cyberscan.io – like other DGC solutions – can be easily expanded. Without disturbing the ongoing operation.

Would you like to learn more about the benefits of cyberscan.io® for your vulnerability analysis?

We look forward to hearing from you and will be happy to advise you.

Gender*
Consent*
This field is for validation purposes and should be left unchanged.