B BROCENT

Vulnerability scanning & assessment — transparent pricing

A vulnerability scan tells you what an attacker can see and reach before they act on it. Brocent runs external, internal, authenticated and web-application scans, then hands you a prioritised, remediation-ready report your auditors and cyber-insurer will accept — not a raw tool dump. Buy it as a one-time assessment or as a managed, always-on service.

Three ways to scope a scan

Every tier includes a human-written executive summary, a prioritised technical findings report (CVSS-scored) and a remediation call. No black-box scores.

Essential

Up to ~20 assets

External perimeter scan for lean teams and first-time buyers.

One-time assessment

From US$1,200

Managed (recurring)

From US$150 / mo

  • External / internet-facing asset discovery
  • Unauthenticated network + port scan
  • CVSS-scored, prioritised findings report
  • Executive summary + remediation call
  • Re-scan to confirm fixes (one-time: 1 included)
  • Managed: monthly scan + emerging-threat alerts

Professional

Up to ~100 assets
Most popular

External + internal + authenticated + web-app — the audit-grade tier.

One-time assessment

US$3,500–6,000

Managed (recurring)

US$400–700 / mo

  • Everything in Essential
  • Internal network & authenticated scanning
  • Web-application / API scan (OWASP Top 10)
  • Cloud posture check (Azure / AWS / M365)
  • Unlimited re-scans + prioritised remediation roadmap
  • Managed: continuous scanning + quarterly review

Enterprise / Compliance

Unlimited assets · multi-site

Full-scope programme aligned to PCI-DSS, ISO 27001 and China MLPS (等保).

One-time assessment

US$8,000–15,000

Managed (recurring)

From US$1,200 / mo

  • Everything in Professional
  • Multi-site / multi-entity coverage
  • Compliance mapping: PCI-DSS, ISO 27001, MLPS 等保
  • Executive + board-ready technical reporting
  • Dedicated security engineer + named contact
  • Managed: continuous VM programme + monthly review

All prices in USD, indicative starting points, tax exclusive. Invoiced in HKD, SGD, CNY, JPY or EUR on request. Regional pricing (APAC / EU-UK / Middle East) available — final quote depends on scope, asset count and location.

How Brocent compares to the market

Global self-serve tools charge per asset and leave you to run, read and remediate them. Brocent delivers the outcome — a report and a fix plan — often below the cost of the tool licence alone.

Vendor / tool What you get Typical price
Tenable Nessus Pro Scanner licence (self-run) US$4,790 / yr
Qualys VMDR Per-asset platform (self-run) ~US$199–250 / asset / yr
Rapid7 InsightVM Per-asset platform (self-run) ~US$23 / asset / yr (512 min)
Intruder.io SaaS scanner subscription ~US$99–240 / mo
Consultancy pen-test One-time manual engagement US$5,000–20,000
Brocent Essential Managed scan + report + fix plan From US$150 / mo

Third-party list prices as of July 2026; vendor pricing changes and enterprise tiers are quote-only. Brocent runs industry-standard engines under the hood — you pay for the assessment, prioritisation and remediation, not another licence to manage.

Vulnerability scanning — pricing questions

Is a scan the same as a penetration test?

No. A vulnerability scan is automated, broad and repeatable — it finds known weaknesses across many assets. A penetration test adds manual exploitation to prove impact. Scans start from US$1,200; full manual pen-tests are scoped separately (from US$3,500). Many clients scan monthly and pen-test annually.

How is the one-time price decided?

By scope: number of live assets / IPs, whether internal and authenticated scanning is included, and how many web apps or cloud accounts are in range. The tiers above are indicative starting points — send us an asset count and we'll return a fixed quote within one business day.

What do I actually receive?

A human-written executive summary, a CVSS-scored technical findings report ranked by real-world risk, and a remediation call. Managed tiers add a tracked remediation roadmap and re-scan confirmation. We never hand over a raw tool export and call it a report.

Do you cover PCI, ISO 27001 or China 等保?

Yes. The Enterprise / Compliance tier maps findings to PCI-DSS, ISO 27001 and China's MLPS (等保) so the report drops straight into your audit evidence. We support quarterly external scans where PCI or CE+ requires them.

Which regions do you serve?

Hong Kong, China, Japan, Singapore and across APAC as standard, with EU/UK and Middle East delivery on request. Pricing is USD headline; we invoice locally and adjust for regional scope.

Get your vulnerability scan scoped

Send us an asset count and your compliance target — we'll return a fixed-fee quote and a sample report within one business day. No obligation.