Why Use Host Authentication?

Using host authentication (trusted scanning) allows our service to log in to each target system during scanning. For this reason we can perform in depth security assessment and get better visibility into each system's security posture. Running authenticated scans gives you the most accurate results with fewer false positives.

Good to Know

Do I have to use authentication?
For vulnerability scans, authentication is optional but recommended. For compliance scans, authentication is required.

Are my credentials safe?
Yes, credentials are exclusively used for READ access to your system. Credentials are securely handled by the service and are only used for the duration of the scan.

In most cases, we do not modify or write to the device ...
unless the user enables optional scan features Dissolvable Agent and Agentless Tracking and accepts the agreement regarding terms of use. In some cases on Unix, there may be temporary data written during a scan. Learn more

Supported technologies

Apache Web Server | Cisco | Cisco CUCM | Checkpoint Firewall | Docker | HTTP | IBM DB2 | IBM WebSphere App Server | MongoDB | MS IIS | MS SQL | MySQL | Oracle | Oracle Listener | Oracle WebLogic Server | Palo Alto Networks Firewall | PostgreSQL | SNMP | Sybase | Tomcat Server | Unix | VMware | Windows

Password vaults

BeyondTrust PBPS | CA Access Control | CyberArk AIM | CyberArk PIM Suite | Hitachi ID PAM | Lieberman ERPM | Quest Vault | Thycotic Secret Server | Wallix AdminBastion (WAB)

How to use vaults | Vault support matrix