Vulnerability Management with LOGINventory and Cyber Insight

Q: What’s the difference between CVE, CVSS, DARA Score, and CiEX?

The CVE ID is a unique identifier for a known vulnerability. The CVSS score rates its severity (scale 0–10). The DARA score and similar models add information about active threats and exploit likelihood. The CiEX score by Cyber Insight goes further: it uses machine learning and contextual data from your environment to predict whether a vulnerability is likely to be exploited, enabling more accurate prioritization and fewer false positives.

Vulnerability Management with LOGINventory – Automated. Accurate. Context-Based.

With the new integration of Cyber Insight and the ThreatFinder, LOGINventory becomes a complete solution for Vulnerability Management and Vulnerability Assessment.

Built on LOGINventory’s detailed IT Asset Inventory, the system automatically detects vulnerabilities across your IT landscape, evaluates them based on CVSS Score, exploitability, and real risk, and shows which remediation actions are available.

Why Vulnerability Management matters today

The number of known vulnerabilities increases every year – in 2023 alone, more than 29,000 new CVEs (Common Vulnerabilities and Exposures) were published. Many organizations respond with more scans, more tools, and more effort – yet the real problem remains: countless alerts, but no clear focus on the truly relevant risks.

A modern Vulnerability Management approach therefore combines three essential principles:

Transparency across all assets and software versions
Automated vulnerability analysis based on current CVE data
Risk-based prioritization according to actual exploitability and business context

LOGINventory and Cyber Insight combine exactly these three layers – for precise, context-driven risk management.

Effective Vulnerability Management in 4 Steps

1. Discover

LOGINventory automatically and agentlessly inventories all systems, applications, versions and dependencies. This complete, up-to-date data foundation enables precise vulnerability assessment.

2. Analyze

Cyber Insight correlates this data with known vulnerabilities (CVE databases, exploit feeds, threat intelligence). The CiEX model evaluates each vulnerability by CVSS score and real-world exploitability, producing a prioritized, contextual and current list of risks.

3. Act

In LOGINventory you see which vulnerabilities occur on which devices, how critical they are, and which remediation actions are recommended. This enables targeted responses – e.g., patching, temporary shutdowns, or other organizational measures.

LOGINventory documents the entire process transparently, from detection to response.

4. Automate

Recurring checks and notifications can be automated in LOGINventory. Define your own queries and trigger tasks or alerts, for example:

Notification when an exploitable vulnerability with CVSS > 5 is found on production servers.
Warning when a vulnerability with attack vector “Network” appears on systems in the DMZ.
Automatic reports on newly exploitable issues.

Security-relevant events are monitored automatically – without manual follow-ups.

Through the integration with Cyber Insight, all detected software versions are automatically correlated with known CVEs – including DARA score, attack vector, and recommended remediation actions.

Automated Vulnerability Analysis with Cyber Insight

With the integration of Cyber Insight, you can leverage your LOGINventory data for powerful, fully automated, and context-aware vulnerability analysis. LOGINventory identifies which installed software packages contain vulnerabilities and clearly visualizes where they occur across your devices.

Each detected vulnerability is dynamically evaluated based on global security intelligence and current attack trends – tailored to the specific context of your organization. The result: a prioritized, easy-to-understand overview that highlights which vulnerabilities are truly critical and should be remediated first.

Use this capability to proactively close security gaps and significantly reduce the effort of manual reviews. Manual cross-checking with CVE databases is no longer necessary — LOGINventory and Cyber Insight handle this automatically for you.

LOGINventory identifies which devices contain vulnerabilities in installed software packages and presents them in a clear, structured view.

Benefits of Our Integrated Vulnerability Management

Fully automated vulnerability analysis based on data from your network inventory
Evaluation by CVSS score combined with context-based relevance
Risk-based prioritization: focus on the most critical 10 % of vulnerabilities
Reduction of false positives by up to 80 %
Detailed remediation recommendations for each finding
Seamless integration into LOGINventory: no additional agent required
Compliance-ready: supports ISO 27001, BSI IT Baseline Protection, and NIS2 standards

Experience how simple and efficient modern Vulnerability Management can be.

With just a few clicks, you can inventory your entire IT landscape and automatically receive comprehensive security assessments — with no additional setup required.

Get started now

Technological Edge with the CiEX Model

The CiEX model by Cyber Insight uses machine learning to predict which vulnerabilities are most likely to be exploited.
Compared to traditional models (such as EPSS), CiEX delivers twice the efficiency at the same detection rate:

84 % coverage, 81 % efficiency
Early identification of relevant CVEs — in some cases, months before known exploits appear
Automatic prioritization based on the probability of exploitation

The result: Your security team can focus on the vulnerabilities that truly matter.

Seamless Integration into Existing Processes

The integration of Cyber Insight into LOGINventory is API-based and typically completed within minutes. All analyses are performed exclusively in data centers located in Germany – fully GDPR-compliant and secure.

LOGINventory remains your central platform for:

A complete overview of all systems and software versions
Direct linking of vulnerabilities to assets
Reporting functions for audits, compliance, and management

Real-World Example: Drastically Reduced Effort Through Automation

A customer with approximately 8,500 devices reduced their weekly analysis workload from 30 hours to just 2 hours by using the ThreatFinder module. At the same time, the number of relevant vulnerabilities decreased from 12,000 to 8,500 – without compromising security.

80 % less effort — 100 % visibility.

Category	Before	Now
Devices	8.576	8.576
Vulnerabilities	~12.000	~8.500
Analysis Effort	30 h / week*	2 h / week*

*Time required for analysis and prioritization of existing vulnerabilities

Discover how precise automated Vulnerability Management can be.

Analyze your IT environment within minutes — with clearly prioritized security insights and no complex setup required.

Try it now

Vulnerability Management: Pricing and Data Protection

To use the vulnerability analysis feature in LOGINventory, a Cyber Insight account is required. Billing is handled directly between you and Cyber Insight. Costs depend on the number of devices whose software data is analyzed. Detailed pricing information can be obtained directly from Cyber Insight.

Data Transmitted

Only the following information is transmitted to Cyber Insight:

Device name
Inventory number
Installed software packages (name, version, manufacturer)

LOGINventory itself does not transmit any personal data or additional system information.

Activation and Control of Data Transfer

Data transfer is not automatic – it must be explicitly enabled by an administrator. To do this, an account with Cyber Insight is required, where an API key is generated. This API key is then stored in LOGINventory to establish the connection.

Using the included “Vulnerability Export” query, you can precisely define which systems should be transmitted to Cyber Insight – for example, only servers, production systems, or specific organizational units.

This ensures that you retain full control over all transmitted data at all times.

Data Processing and Analysis

At Cyber Insight, the transmitted software information is analyzed by the DARA engine. DARA maps known vulnerabilities (CVEs) to the affected devices and applications and evaluates their relevance within the context of your IT environment. LOGINventory provides the structural information to refine this mapping and prioritization.

Server Location and Access Security

Cyber Insight’s servers are located exclusively in Germany. Access to these systems is strictly regulated and limited to authorized Cyber Insight personnel. This ensures that all data processing complies with the highest security and data protection standards – fully GDPR-compliant and secure.

The vulnerability catalog provides a complete overview of all detected security issues within your IT landscape — including affected devices, scores, and prioritization. This allows you to identify trends, critical areas, and the impact of your remediation efforts at a glance.

Frequently Asked Questions about Vulnerability Management in LOGINventory

How are vulnerabilities detected?

LOGINventory automatically collects all installed applications and versions. Cyber Insight compares this data with CVE databases, exploit information, and threat intelligence sources.

How are risks evaluated?

The system uses the CVSS score and the context-based CiEX algorithm to predict the real exploitability of a vulnerability.

How is this different from traditional vulnerability scanners?

Traditional scanners typically list all theoretical vulnerabilities. LOGINventory combines this information with real contextual data from your environment — drastically reducing false positives.

Can the system be integrated into existing IT processes?

Yes. Through APIs, the analysis can be integrated into existing workflows — for example, ITSM systems or patch management solutions.

How secure is the data processing?

All data is encrypted during transmission and processed exclusively in Germany — fully GDPR-compliant and following the highest security standards.

What’s the difference between CVE, CVSS, DARA Score, and CiEX?

The CVE ID is a unique identifier for a known vulnerability — it simply states that a security issue exists.
The CVSS score rates the severity of that vulnerability (scale 0–10).
The DARA score and similar models add information about active threats and exploit likelihood.
The CiEX score by Cyber Insight goes even further: it uses machine learning and contextual data from your environment to predict whether a vulnerability is likely to be exploited. This enables more accurate prioritization and significantly reduces false positives.

Intelligent Vulnerability Management with LOGINventory

With the integration of Cyber Insight, LOGINventory expands its capabilities with a powerful, automated Vulnerability Management solution. Based on precise inventory data and intelligent analysis models, you can detect vulnerabilities faster, assess them more accurately, and remediate them more effectively.

The result: fewer false positives, less manual effort, and measurably stronger IT security.

LOGINventory × Cyber Insight – the next level of Vulnerability Management.

Vulnerability Management Software