Trusted by security teams in regulated industries
94%
Reduction in mean time to remediate critical risks
3ร
Faster audit evidence preparation vs. manual processes
60%
Less alert fatigue from risk-based triage
100%
Audit trail coverage across all finding lifecycle events
Everything you need to
manage risk at scale
A unified platform that connects vulnerability discovery, risk intelligence, compliance, and remediation โ so nothing falls through the cracks.
Risk-Based Prioritisation
Contextual risk scoring combines DREAD, asset criticality, network exposure, exploitability, CTI signals, and a Human-AI feedback loop tuned to your team's actual response patterns โ so you fix what matters, not what looks scary.
Compliance Evidence
Vulnerability data and audit trails mapped to NIS2 Article 21, DORA ICT risk, ISO 27001 Annex A, and PCI-DSS Req. 6 โ ready to hand to your auditor. Centraleyezer supports your compliance work; it does not generate the framework reports themselves.
MSSP Multi-Tenancy
Manage dozens of client environments from one console with full isolation. Purpose-built for Managed Security Service Providers.
Remediation Tracking
Action plans, SLA-driven workflows, risk acceptance, and a full audit trail from discovery to fix. REST API connects to your existing ticketing tools.
Asset Intelligence
Automatic discovery, classification, and criticality scoring across cloud, on-prem, and hybrid environments.
Executive Reporting
Board-ready risk dashboards that translate vulnerability data into business language. Trend analysis, KPIs, and SLA adherence at a glance.
From vulnerability noise
to clear action
Discover & Inventory
Connect your scanners and cloud providers. Centraleyezer ingests vulnerability data and automatically builds a prioritised asset inventory.
Score by Business Risk
Each vulnerability receives a contextual risk score based on asset criticality, exploitability, threat intel, and your business context.
Remediate with Confidence
Assign, track, and verify fixes with SLA-backed workflows. Every action is logged for compliance audits.
Built for the
regulatory reality
NIS2 Article 21 mandates vulnerability management. DORA requires ICT risk controls. ISO 27001 Annex A.8.8 demands it. PCI-DSS Requirement 6 enforces it. Centraleyezer addresses all of them in a single platform.
- Vulnerability findings and remediation evidence mapped to framework requirements
- Full audit trail built in โ every finding state change logged
- Board-ready vulnerability reports โ Executive, CISO, and Technical views
- CISO and Executive views show your VM posture, ready to feed into compliance assessments
NIS2
Article 21
โ Covered
DORA
ICT Risk
โ Covered
ISO 27001
A.8.8
โ Covered
PCI-DSS
Req. 6
โ Covered
UAE IAS
NESA T7.4.1
โ Covered
CBUAE
Cyber Risk Reg
โ Covered
Scale your MSSP
without the complexity
The Centraleyezer MSSP platform provisions a fully isolated deployment per client โ separate database, separate container, separate storage. Manage all deployments, licences, and backups from one admin console.
- Full client isolation โ dedicated container instance per tenant
- Per-client vulnerability reports, dashboards, and SLA tracking
- Reseller API for licence and deployment automation
- Pooled quota licensing โ users, assets, and findings
Frequently asked questions
What does Centraleyezer do?
Centraleyezer is a Risk-Based Vulnerability Management (RBVM) platform that prioritises vulnerabilities by actual business risk to your environment โ not by raw severity scores. It scores every finding using a six-factor contextual model (DREAD, asset criticality, network exposure, exploitability, CTI signals, and a Human-AI reaction loop), tracks remediation against SLAs, and produces the audit evidence that NIS2, DORA, ISO 27001, PCI-DSS, and CRA require.
Does Centraleyezer use CVSS, EPSS, or CISA KEV in its scoring?
No. CVSS, EPSS, and CISA KEV are ingested for traceability and shown in technical reports, but they are not used as scoring inputs because they describe vulnerabilities at internet scale rather than in your specific environment. The contextual six-factor model replaces them.
Is Centraleyezer self-hosted or SaaS?
Both. The SaaS tier is hosted in the European Economic Area and capped at 10 GB per deployment (database + uploaded files combined). Enterprise and MSSP tiers are self-hosted as a Docker container in your own cloud or on-prem environment, with optional air-gap operation.
Does Centraleyezer generate compliance reports?
Centraleyezer generates vulnerability reports (Executive, CISO, Technical) and the structured evidence and audit trail your team needs to produce framework-specific compliance reports for NIS2, DORA, ISO 27001, PCI-DSS, and CRA. The framework reports themselves remain owned by your team.
Which scanners can Centraleyezer ingest from?
Nessus Professional, Tenable.io and Tenable SC, Qualys VMDR, Rapid7 InsightVM, Burp Suite Enterprise, Acunetix, AWS Inspector, Trivy, Shodan, SSL Labs, Wazuh, Detectify, Harbor, AgentSec, HCL AppScan, Red Hat Satellite, Censys, Invicti, CIS-CAT Pro, OpenVAS / Greenbone โ plus a REST API for any custom source.
How does pricing work?
All tiers offer unlimited assets, findings, and user seats. SaaS is โฌ599/month billed annually with a 10 GB per-deployment cap. Enterprise and MSSP tiers are self-hosted with custom pricing tailored to your environment. A 30-day fully-licensed trial is available.