We are excited to announce the release of Saner CVEM 6.6.1, which delivers new capabilities helping organizations with compliance readiness, track vulnerability and misconfiguration statuses, deploy patches to large-scale environments, and apply user security governance policies.
1. Cyber Essentials Plus Technical Assessment Report
The Cyber Essentials Plus Technical Assessment Report enables customers to assess their security posture against the five key technical control areas of the UK Cyber Essentials Plus scheme and prepare for assessment readiness activities.
Cyber Essentials is a UK government-backed scheme designed to help organizations protect themselves against common cyber threats. The scheme is built around five key technical control areas: Firewalls, Secure Configuration, Security Update Management, User Access Control, and Malware Protection.
With this release, customers can generate a structured technical assessment report directly from the Canned Reports section under Reports. The report provides an executive summary, overall compliance status, control-level compliance analysis, group-level and device family-level breakdowns, and detailed findings to help IT and security teams identify gaps and prioritize remediation.
For managed endpoints, customers can use Saner CVEM remediation workflows to address applicable gaps, such as missing security updates, insecure configurations, endpoint protection gaps, and other endpoint-related findings. External network assessment findings provide visibility into exposure across scanned assets, enabling infrastructure and network teams to review and take appropriate corrective action.
Key Capabilities
- Generate the Cyber Essentials Plus Technical Assessment Report with a single click
- Review an executive summary with overall compliance status and score
- Analyze findings mapped to Cyber Essentials Plus technical control areas
- Review group-level and device family-level compliance breakdowns
- Create focused custom reports for each of the five Cyber Essentials Plus technical control areas
- Remediate applicable endpoint findings using Saner CVEM remediation workflows
Benefit
This report reduces the manual effort required to prepare Cyber Essentials Plus technical assessment evidence and helps customers identify and remediate gaps before formal assessment activities.
2. PCI DSS External Vulnerability Scan Report
The PCI DSS External Vulnerability Scan Report helps customers assess internet-facing assets against PCI DSS external vulnerability scan expectations, covering 23 validation areas, and prepare for compliance readiness.
With this release, customers can create a Network Scan task using the new PCI DSS External Vulnerability Scan policy. Once the scan is completed, customers can download the standard Network Scan report or generate the PCI DSS External Vulnerability Scan Report for internal review, remediation planning, and readiness documentation.
The report helps security and compliance teams review external exposure, track scan findings, document exceptions, false positives, or compensating controls, and maintain evidence for PCI DSS External Vulnerability Scan readiness activities.
Key Capabilities
- Create a Network Scan task using the new PCI DSS External Vulnerability Scan policy
- Scan internet-facing systems and external IPs that are part of the PCI DSS scope
- Download the PCI DSS External Vulnerability Scan Report after scan completion
- Retain up to 24 prior PCI DSS External Vulnerability Scan reports
- Edit applicable report fields to document exceptions, false positives, compensating controls, and review comments
Benefit
This report reduces manual effort in preparing PCI DSS external vulnerability scan readiness documentation and helps customers review, track, and plan remediation for internet-facing assets.
Important Note
SecPod is currently undergoing PCI ASV certification and is not yet an Approved Scanning Vendor. The PCI DSS External Vulnerability Scan Report is intended for internal assessment and compliance readiness purposes only. It does not serve as an official ASV-certified attestation of PCI DSS compliance.
3. Vulnerability and Misconfiguration Status Tracking
The Vulnerability and Misconfiguration Status Tracking capability provides device-level visibility for vulnerabilities and misconfigurations throughout its lifecycle.
With this enhancement, each vulnerability and misconfiguration is tracked across defined statuses such as New, Active, Fixed, and Reopened. This helps customers understand if a finding is newly detected, still present, resolved, or has reappeared after being fixed.
Security and IT teams can now monitor remediation progress more effectively, identify recurring issues, track vulnerability aging at the device level, and improve reporting for operational and compliance reviews.
Finding statuses include:
- New: The vulnerability or misconfiguration is detected for the first time on a device
- Active: The vulnerability or misconfiguration continues to be detected in subsequent scans
- Fixed: The vulnerability or misconfiguration is no longer detected after remediation
- Reopened: A previously fixed vulnerability or misconfiguration is detected again
Key Capabilities
- Track vulnerability and misconfiguration status at the device level
- View the current status of each vulnerability or misconfiguration, including New, Active, Fixed, and Reopened
- Review lifecycle dates such as First Detected, Last Detected, Last Resolved, and Last Reopened
- View vulnerability and misconfiguration status directly from the Individual Device page
- Use new and enhanced reports to analyze status distribution and remediation progress across accounts/sites and organizations
- Track reopened findings to identify recurring vulnerabilities or misconfigurations that may require deeper investigation
Benefit
This enhancement improves remediation tracking by helping customers distinguish between newly detected, persistent, fixed, and reopened findings, while supporting compliance and audit reporting with lifecycle dates and status-based summaries.
4. Batch-Based Patch Deployment
The Batch-Based Patch Deployment capability helps administrators control patch rollout across large-scale environments by distributing patch execution in smaller, optimized batches instead of triggering all endpoints at once.
In large environments, simultaneous patch execution across thousands of endpoints can result in high bandwidth consumption during patch downloads, download failures, retries, and impact on network performance. With batch-based deployment, Saner CVEM sends patching jobs in controlled batches, helping organizations reduce network congestion and improve patch deployment reliability.
Batching is optional and can be enabled while creating patching tasks or automation rules. Existing jobs and rules continue to work as before when batching is not enabled.
When batching is enabled, Saner CVEM evaluates the selected devices, number of patches, patch volume, available network bandwidth, device status, task start window, and end time to calculate an optimized batch distribution.
Devices within a batch proceed in parallel and start patch download, while batches are processed sequentially. This helps ensure that patch downloads stay within the configured network bandwidth and that deployments are spread across the available maintenance window. If a batch is completed earlier than the estimated time, the next batch starts without waiting for the estimated batch duration to complete.
Saner CVEM automatically calculates the batch distribution by default. Administrators can optionally customize the deployment by defining the available Network Bandwidth or specifying the batch size manually. If the bandwidth value or batch size is updated, the batch distribution is
re-calculated accordingly.
Key Capabilities
- Enable batch-based deployment for patching tasks and automation rules
- Automatically calculate optimized delivery batches by default based on selected devices, number of patches, patch size, device status, network bandwidth, task start window, and end time, with optional customization for available network bandwidth or manual batch size when administrators need more control
- Distribute patching jobs across batches instead of triggering all endpoints at once
- Process devices within each batch in parallel while maintaining controlled sequential batch execution
- Detect feasibility upfront when the deployment cannot be completed within the configured task window
- View batch execution progress from the job status page and monitor processed batches against the total number of batches
- Supported for both Jobs and Rules across Patch Management and Compliance Management
Benefit
This capability helps large enterprises reduce network congestion during patch downloads, improve deployment reliability, and roll out patches in a controlled and predictable manner without manually creating multiple staggered jobs.
5. User Security Policy
The User Security Policy feature enables administrators to define and enforce account security controls for users across the Saner platform.
With this release, every user is associated with a security policy by default. Administrators can use the default security policy or create custom policies to align user account controls with their organization’s security requirements.
Security policies help organizations strengthen authentication, enforce password standards, reduce brute-force attack risk, and automatically manage inactive accounts.
Key Capabilities
- Associate every user with a security policy by default
- Create custom security policies based on organizational requirements
- Configure password requirements, password expiry, account lockout duration, and inactivity-based account disablement
- Enforce built-in safeguards such as restriction on reusing the last 3 passwords and account lockout after 3 consecutive failed login attempts
- Control security policy management based on user roles, where Super Admins and Admins can create, modify, and delete policies, while Organizational Managers and Account Managers can assign existing policies to users
- Enable or disable user accounts directly from the Users page
- Display CAPTCHA automatically after the first failed login attempt to add an additional layer of protection against brute force attempts
Benefit
This feature strengthens user account security across the Saner platform by helping organizations enforce password, lockout, inactivity, and CAPTCHA-based protections from a centralized security policy.
6. Active Directory Sync Enhancements
Active Directory Sync has been enhanced to provide greater flexibility for synchronizing large and complex Active Directory environments into the Saner Platform.
With this enhancement, administrators can configure multiple Active Directory domains, define how Organizational Units are mapped to Saner accounts/sites, and use LDAP query-based filtering to control which devices are synchronized. This helps organizations simplify account management, reduce administrative overhead, and better align Active Directory synchronization with their internal organizational structure.
Key Enhancements
- Configure and manage multiple Active Directory domains
- Use LDAP query filters to refine the devices synchronized from Active Directory
- Map multiple Active Directory OUs to a single Saner account/site for centralized device management
- Add Active Director OU source information as tags on synchronized devices for better traceability
- Continue to support existing Active Directory Sync capabilities, including one-to-one mapping, custom mapping, include/exclude options, and scheduled synchronization
Benefit
This enhancement simplifies Active Directory Sync management for customers with large and complex directory structures by supporting multiple Active Directory domains, enabling LDAP query-based filtering, and allowing multiple OUs to be managed under a single Saner account/site, while improving synchronization control and flexibility.
7. Vulnerability Alert Enhancements
Vulnerability alert emails have been enhanced to include additional risk context such as Severity, CVSS score, Exploitability, and Zero-Day classification.
Alerts can now also be triggered when Zero-Day vulnerabilities are detected, helping administrators quickly assess risk and prioritize response directly from the alert email.
Key Enhancements
- Include severity, CVSS score, exploitability, and zero-day classification details in vulnerability alert emails
- Trigger alerts when zero-day vulnerabilities are detected
Benefit
This enhancement helps administrators quickly understand vulnerability risk and prioritize response to critical, exploitable, and zero-day vulnerabilities.
8. Cyber Hygiene Score Enhancements in SanerOne Dashboard
The SanerOne dashboard has been enhanced to provide broader visibility into Cyber Hygiene Score (CHS) across the organization.
With this enhancement, SanerOne now provides an overall CHS view that considers posture across CVEM, Cloud Infrastructure, and CWPP, helping leadership and security teams quickly understand cyber hygiene across endpoints, network devices, cloud infrastructure, and workloads. Customers can also download CHS data in CSV format for reporting, offline analysis, and stakeholder review.
REST and Report API Changes
Modified APIs
- We have updated the getServiceProvision API to include Organization ID and Account ID in addition to the other service provision details in the response payload
- We have updated the getAuditLogs API to fetch the User Role associated with each audited action in the response payload
Report APIs
New Canned Report
We have added a new canned report, Cyber Essentials Plus Technical Assessment Report, at the account/site level to help customers assess their security posture against the five key technical control areas of the UK Cyber Essentials Plus scheme and prepare for assessment readiness activities.
The report provides an executive summary, overall compliance status, control-level compliance analysis, group-level and device family-level breakdowns, and detailed findings to help IT and security teams identify gaps and prioritize remediation.
New Custom Reports
We have added new custom reports at the Account/Site and Organization levels to improve compliance assessment, vulnerability status tracking, misconfiguration status tracking, and vulnerability aging analysis.
At the Account/Site level, the following new custom reports are available:
Cyber Essentials Plus Technical Assessment Reports
- Overall Compliance by Devices
- Firewalls Compliance by Devices
- Secure Configuration Compliance by Devices
- User Access Control Compliance by Devices
- Malware Protection Compliance by Devices
- Security Update Management Compliance by Devices
These reports help customers create focused reports for each Cyber Essentials Plus technical control area and review device-level compliance status.
Vulnerability Status and Aging Reports
- Vulnerability Status by Devices
- Vulnerability Status Summary
- Vulnerability Aging Summary
These reports help customers track vulnerability status across New, Active, Fixed, and Reopened findings, analyze remediation progress, and review vulnerability aging by severity and affected host count.
Misconfiguration Status Reports
Misconfiguration Status Reports
At the Organization level, the following new custom reports are available:
- Misconfiguration Status Summary
- Misconfiguration Status Summary
These reports help customers review vulnerability and misconfiguration status distribution across accounts within the organization.
New Custom Reports
We have added new custom reports at the Account/Site and Organization levels to improve compliance assessment, vulnerability status tracking, misconfiguration status tracking, and vulnerability aging analysis.
At the Account/Site level, the following new custom reports are available:
Cyber Essentials Plus Technical Assessment Reports
- Overall Compliance by Devices
- Firewalls Compliance by Devices
- Secure Configuration Compliance by Devices
- User Access Control Compliance by Devices
- Malware Protection Compliance by Devices
- Security Update Management Compliance by Devices
These reports help customers create focused reports for each Cyber Essentials Plus technical control area and review device-level compliance status.
Report Enhancements and Modifications
- Added a new Installation Type filter to the Application Details Custom Report
- Enhanced Vulnerabilities by Devices Custom Report with a new “Status” column, along with new “Severity” and “Vulnerability Age (Days)” filters.
- Added Patch Install Date Range and Patch Release Date Range filters to the Patch Compliance Summary by Devices Custom Report
