Vulnerability Management as-a-Service from the cloud

Digital transformation brings great opportunities to your business, but at the same time increases the complexity and vulnerability of your IT. As the person responsible for IT security, you need an all-in-one solution for vulnerability management and compliance.

Cloud Cape centrally monitors all your IT assets from the cloud. We bring you to the most advanced cloud platform for IT security and compliance and put together an always-on security program to meet your security needs.

Overview of Services

Whether on-premise, endpoints or your workloads in the public cloud, we bring it all together for you in the Qualys Cloud Platform and give you complete visibility of your network. You always know what your IT security and compliance status are. In addition to Vulnerability Management, you can choose from a wide range of other services:

IT Security

Vulnerability Management

Continuous vulnerability scannning according to the principle "detect and remediate"

Continous Monitoring

Real-time notifications whenever unusual network activities occur

Patch management

Efficient import of security updates through automated reconciliation


Policy Compliance

Define compliance standards, determine non-compliance and eliminate it immediately

PCI DSS Compliance

Scans that guide you to compliance and reports that serve as evidence

Cloud & Web Apps

Cloud Inventory

We discover and inventory all your assets in the public cloud, whether AWS, Azure or GCP

Cloud Security Assesment

Monitoring for misconfigurations and non-standard deployments

Web Application Scanning

Leading vulnerability detection for web applications

Vulnerability Management

The core of our offer is comprehensive Vulnerability Management which we perform for you as a Managed Security Service. Our solution covers the entire cycle of professional vulnerability management.

We inventory all IT assets across the network and identify host details, including operating system and open services. We can capture assets from both the Internet and the inside of your network. We use a variety of technologies such as discovery scanners, agents and sensors to find both on-premise assets and assets in cloud environments. This phase is essential because you can only protect what you have in sight. So in this step we create a starting point for all further measures. We identify changes in your network according to a regular, automated schedule.

We categorize your assets into different asset groups, assign them to business units, and assign them a business value based on their critical importance to your business operations. This is where we take the time to gain a comprehensive understanding of your IT. The goal of this phase is to identify optimal targets for subsequent vulnerability scans.

The actual vulnerability scans take place in this phase. The data collected on the host assets during the scanning process is transferred securely and encrypted to the Qualys cloud platform. With the Qualys Security Operations Centre, you have access to the world’s leading and most up-to-date vulnerability knowledge database. This automatically includes compliance with industry standards such as CVE (Common Vulnerabilities
and Exposures) or the ICAT Metabase.

In this phase we process raw scan results for you. The aim is to cater to the most important interest groups according to their information needs. It is very important to us that you actually get into action with our reports. Only reports that are implemented are of value. Therefore, all our packages include a monthly service call with a Cloud Cape Security Consultant.

With our reports, you have an informative, prioritized guide to vulnerability remediation. An Open XML programming interface even allows integration with third-party patch management software.

In this step, we validate the remediation measures with a re-scan and determine whether the vulnerabilities have been effectively addressed.

Vulnerability management is a cyclic process. Your network is constantly changing. New assets are added, new vulnerabilities become known, new patches are available and so on. As a result, we repeat the process described to provide you with continuous security.


Proactive vulnerability management as an integral component of your IT security

Perfect Configuration

Our Vulnerability Scanning Team configures and operates leading scanning tools according to your security needs

Patch management

Efficient import of security updates through automated reconciliation

No Training required

We perform the scans periodically for you. Your team does not need any training and can focus on strategic issues.

Cost Benefits

No need to deploy your own vulnerability management resources or to worry about hardware and software upgrades


We handle target group-oriented reporting for you and create a remediation plan for your team

Cloud Expertise

You get transparency of your workloads in the cloud. Cross-platform with all major providers.

PCI DSS Compliance

Our Managed Vulnerability Scanning Service fully complies with PCI DSS requirements

Packages & Prices

Our Vulnerability Management as-a-Service (VMaaS) tailored to your requirements


Our vulnerability scanning service from the cloud for smaller businesses
from 875 €* per month
  • Scanning of 50 internal IP addresses
  • Scanning of 16 external IP addresses
  • Monthly reporting + 1h service call
  • Web Application Scanning
  • Cloud integration (AWS, Azure, GCP)
  • Policy compliance
  • PCI DSS Reports


Our vulnerability scanning service from the cloud for medium-sized businesses
from 1850 €* per month
  • Scaning of 100 internal IP addresses
  • Scaning of 32 external IP addresses
  • Monthly reporting + 1h service call
  • Web Application Scanning
  • Cloud integration (AWS, Azure, GCP)
  • Policy compliance
  • PCI DSS Reports


Our vulnerability scanning service from the cloud for large businesses
from 2850 €* per month
  • Scanning of up to 200 internal IPs
  • Scanning of up to 32 external IPs
  • Monthly reporting + 2h service call
  • Web Application Scanning
  • Cloud integration (AWS, Azure, GCP)
  • Policy compliance
  • PCI DSS Reports

Request sample reports

Get sample copies of our scan reports directly into your e-mail inbox. This will give you a good first impression of our Vulnerability Management as-a-Service offer. We create individual reports according to target group and information needs. This includes the following reports:


Do you have any questions about our Vulnerability Management as-a-Service offer?

Our Vulnerability Management as-a-Service offering is proactive, unlike most traditional IT security solutions. The time window in which unresolved vulnerabilities are actually exploited is getting smaller from year to year. We therefore recommend continuous vulnerability management as a valuable addition to your existing security program.

Vulnerability Management as-a-Service is suitable for security-conscious companies of various sizes and industries. While large corporations often have the technical and financial resources to operate professional vulnerability management in-house, our offer is the much more practical alternative for smaller and medium-sized companies. Thanks to state-of-the-art cloud technologies, we provide small and medium-sized enterprises with a level of security that can be compared to the enterprise level.  

We offer you short contract terms and our scanning service adapts flexibly to your needs. You can switch between our packages at any time and have a dedicated account manager.  In addition to vulnerability management, you can choose from a variety of other services.

Penetration tests provide you with a comprehensive assessment of your IT security measures. However, this is always just a snapshot. Within one year there are countless changes in your IT landscape. Both services in combination guarantee that you are permanently able to maintain a adequate level of security.

The IT security experts at Cloud Cape configure all vulnerability scans so that no disruptions are to be expected. Especially for initial scans, we choose low intensity scanning, measure the impact and then increase the intensity if necessary.

No. You do not need to purchase any hardware or software. Even for the scans of internal IP addresses physical scanners are not required. Instead, you can quickly add a virtual vulnerability scanner to your network.

Inquiry - VM as-a-Service