Eight reasons teams pick Centraleyezer
over a CVSS-only queue.
Most vulnerability stacks score every CVE the same way on every host, then push the queue to a security team that already has 10× more "critical" findings than it can fix. Centraleyezer scores risk differently — and packages the evidence the EU and UAE regulators are now asking for.
Contextual six-factor risk scoring — not CVSS+EPSS+KEV
Every finding is scored using DREAD, asset criticality, network exposure, environment-specific exploitability, CTI signals, and a Human-AI reaction loop tuned to your team's actual response patterns. The same CVE produces different priorities on different assets — because that is operationally true. CVSS, EPSS, and CISA KEV are ingested for traceability but deliberately not used as scoring inputs (they describe vulnerabilities at internet scale, not in your environment).
Human-AI reaction loop
The factor no internet-wide signal captures: how your team actually responds. Slow-remediating teams raise the operational risk of their assets; fast teams lower it. Same finding, different score, calibrated to reality.
MSSP-native multi-tenancy
Per-client database, per-client container, per-client storage volume — zero shared multi-tenancy that could leak across clients. Reseller API for licence and deployment automation. Pooled licence quotas. White-label reporting. Designed for managed service providers from day one, not retrofitted.
EU + UAE compliance evidence
Findings, audit trails, and remediation timelines mapped to NIS2 Article 21, DORA Articles 8 / 9 / 10 / 25, ISO 27001 Annex A.8.8, PCI-DSS Requirement 6, the EU Cyber Resilience Act, UAE IAS T7.5, and CBUAE Cyber Risk Regulation. Your team produces the framework reports — Centraleyezer hands them the evidence.
16+ scanner integrations — keep your stack
Nessus Professional, Tenable.io / Tenable.sc, Qualys VMDR, Rapid7 InsightVM, Burp Suite, Acunetix, AWS Inspector, Trivy, Wazuh, OpenVAS / Greenbone, HCL AppScan, Censys, Shodan, SSL Labs, Detectify, Harbor and more. Plus a REST API for any custom source. You don't replace your scanner — you layer Centraleyezer above it.
Unlimited assets, findings, and users
Quota-based licensing, not per-seat. Bring every team — security, ops, dev, legal, audit — into the same view without per-seat surprises. SaaS from €599/month (10 GB cap); Enterprise and MSSP at custom pricing on your own infrastructure.
Self-hosted or EU SaaS — your choice
Self-hosted Enterprise and MSSP run as a Docker container in your cloud or on-prem, with full air-gap support and no call-home telemetry. Or use the SaaS tier hosted in the European Economic Area only — no transatlantic transfers, no Schrems II adequacy ambiguity. Your data never leaves the region you choose.
Built by a European team for European reality
Operated by Sandline SRL (Romania). The product is shaped by EU regulatory pressure (NIS2, DORA, CRA, GDPR, ePrivacy) and UAE banking and CII pressure (CBUAE, IAS, PDPL) — not retrofitted from a US-only baseline.
Frequently asked questions
Is Centraleyezer a scanner?+
No. Centraleyezer is an RBVM (Risk-Based Vulnerability Management) platform that sits above scanners. It ingests output from 16+ existing scanners — Nessus, Tenable, Qualys, Rapid7, Burp, Acunetix, AWS Inspector, Trivy, Wazuh, OpenVAS and others — and applies contextual six-factor risk scoring on top.
How is it different from Tenable, Qualys, or Rapid7?+
Those vendors mix scanning, scoring, and reporting into a single SaaS — and their "risk" scores remain scanner-internal, based on the asset and CVE attributes they collect. Centraleyezer is positioned above the scanner layer: it ingests Tenable / Qualys / Rapid7 output (and others) and re-scores findings using DREAD, asset criticality, network exposure, exploitability, CTI, and a Human-AI reaction loop calibrated to your team.
Where is data stored?+
The SaaS tier is hosted in the European Economic Area only. Self-hosted Enterprise and MSSP run wherever the customer places the Docker container, with no call-home and full air-gap support. Customer vulnerability data never leaves the customer's chosen region.
Does Centraleyezer generate compliance reports?+
No — and that distinction matters. Centraleyezer generates vulnerability reports (Executive, CISO, Technical) and provides the structured evidence and audit trail your team uses to produce framework-specific reports for NIS2, DORA, ISO 27001, PCI-DSS, CRA, UAE IAS, and CBUAE. The framework reports remain your team's output.
Is there a free trial?+
Yes — a 30-day fully-licensed trial. The Centraleyezer team provisions the trial directly into the customer's chosen environment, typically on the same business day the trial is requested. The trial converts to a paid licence with no data migration.