Frequently asked questions.

No. Rebasoft discovers and inventories assets without requiring agents across your estate. Windows devices use native WMI and PowerShell, reducing deployment effort and operational overhead. Where deeper endpoint visibility is required, an optional lightweight agent is available.

Yes. Rebasoft can be deployed on-premises, within a private cloud, or delivered as a managed service. Deployment options are designed to support security, compliance and data residency requirements.

Most deployments require only a single virtual machine and access to existing data sources. Customers typically see their first asset inventory, service relationships and risk findings within days rather than the months often associated with traditional projects.

Yes. Rebasoft provides a unified view across on-premises, cloud and container environments. AWS, Azure, Kubernetes, VMware, Proxmox and Hyper-V assets are continuously discovered and linked to the services they support, helping teams understand risk across the entire technology estate.

Rebasoft is designed to scale from small environments to organisations managing hundreds of thousands of assets. Open REST APIs ensure you retain access to your data and can integrate with other platforms whenever required.

Asset inventories are only valuable if they remain accurate. Rebasoft continuously discovers and validates assets, helping organisations maintain a live inventory rather than relying on periodic scans or manual updates.

Rebasoft is designed to discover and track all IP-addressable assets, including Windows, Linux, macOS, IoT devices, printers, BMCs and network infrastructure. This helps eliminate the blind spots that often create operational and security risk.

Many organisations use Rebasoft alongside ServiceNow initially. Rebasoft continuously validates asset, service and relationship data, helping keep the CMDB accurate and relevant. Over time, many customers reduce dependence on legacy discovery tools because maintaining multiple overlapping platforms becomes difficult to justify.

Traditional vulnerability scanners are effective at finding vulnerabilities. The challenge is deciding which findings actually matter. Rebasoft adds business context, asset criticality, exploit intelligence and service relationships to help teams prioritise remediation effort where it will reduce risk most effectively.

Microsoft Defender provides excellent visibility into Microsoft-managed assets. Most organisations also operate a mix of network infrastructure, Linux systems, cloud platforms, IoT devices, printers and third-party technologies. Rebasoft provides a single view across the entire estate, regardless of vendor.

Rebasoft combines CVE data, CISA Known Exploited Vulnerabilities (KEV), EPSS scoring, vendor advisories and business context to identify vulnerabilities that represent genuine risk. This helps security teams focus on what attackers are most likely to exploit.

Yes. Security and operations teams still need to take action, but Rebasoft helps reduce thousands of findings into a prioritised list of issues that have the greatest impact on risk reduction and operational resilience.

Significantly fewer. Where possible, Rebasoft validates vulnerability information against vendor patch data and actual system state, helping reduce the false positives commonly associated with traditional scanning approaches.

Through Microsoft Intune integration, mobile and BYOD devices become part of the same inventory, risk model and reporting framework as the rest of the technology estate.

Rebasoft uses multiple authoritative vulnerability intelligence sources, including NVD, CISA KEV, EPSS and vendor advisories. This reduces dependence on any single source and helps ensure emerging threats remain visible even when industry databases experience delays.

Configuration posture is continuously assessed against the controls you choose to monitor. When configuration drift occurs, it is identified quickly, allowing teams to remediate issues before they become audit findings or security risks.

Yes. Findings are linked directly to the configuration settings, policies or controls responsible for the issue, helping teams understand exactly what needs to change and reducing investigation time.

Rebasoft supports Cyber Essentials Plus (CE+), CIS Benchmarks, STIG/DISA, ISO 27001, NIST CSF, PCI DSS, NHS DSPT, DORA and other leading frameworks. A single source of evidence can support multiple compliance initiatives, reducing duplication, effort and audit costs.

Yes. Rebasoft integrates with Intune to identify non-compliant devices, associate them with users, prioritise risk and track remediation through to resolution.

macOS and Linux devices are fully included within asset discovery and visibility workflows. Windows currently has the deepest configuration coverage, with Linux and macOS capabilities continuing to expand.

Platforms such as Drata and Vanta help organisations manage compliance programmes. Rebasoft complements that approach by continuously measuring the actual state of systems and controls, helping ensure compliance evidence reflects operational reality rather than periodic attestations.

No. Rebasoft complements patch management solutions by validating that updates have been successfully applied and identifying where vulnerabilities remain. It helps verify outcomes rather than replace deployment tools.

Most customers see their initial findings within hours of deployment. Asset visibility, configuration issues and prioritised risks are typically available on the first day.

Yes. Rebasoft continuously evaluates the controls associated with Cyber Essentials User Access Control (A7), including dormant accounts, privileged access and MFA adoption, and can automatically determine compliance status against the published requirements.

Yes, where evidence can be collected automatically. Rebasoft pre-populates technical sections of the Cyber Essentials assessment using live system data, reducing manual effort while ensuring answers are supported by evidence.

No. Certification remains the responsibility of the accredited certification body and the organisation being assessed. Rebasoft simplifies preparation, evidence gathering and ongoing compliance management.

Most organisations gain visibility into their Cyber Essentials Plus readiness within days. Asset inventories, configuration evidence and patch status become available quickly, helping teams prioritise remediation activities.

Rebasoft continuously evidences the technical controls required by Cyber Essentials. Policy, governance and organisational controls remain the responsibility of the organisation, but Rebasoft helps ensure technical controls remain aligned with policy.

All IP-addressable devices are included within asset discovery. Windows currently provides the deepest configuration validation, with macOS and Linux coverage continuing to expand.

Both. Many organisations find the greatest value during renewal because configuration drift often occurs between assessments. Rebasoft helps maintain compliance continuously rather than preparing only at audit time.

For very small organisations with limited regulatory, contractual or customer requirements, self-certification may be sufficient. Rebasoft is designed for organisations that require greater assurance, visibility and ongoing evidence of compliance.

Yes. The same asset, configuration and control evidence can support multiple frameworks, helping reduce duplicated effort and accelerating future compliance initiatives.

Yes. Rebasoft enables MSPs and certification bodies to standardise evidence collection, monitor multiple customers from a single platform and create repeatable compliance and assurance services.

No. Rebasoft uses native operating system capabilities and existing credentials to identify local administrators and privileged accounts without requiring an agent on every server.

Rebasoft works with Entra ID Free, P1 and P2 licensing tiers. Where advanced Microsoft APIs are available, they are used automatically to improve efficiency without affecting evidence quality.

No. Data collection is designed for production environments and uses efficient, incremental collection methods that minimise operational impact.

For many SME and mid-market organisations, Rebasoft can provide the visibility and evidence needed without the complexity of a dedicated IGA platform. Larger enterprises may choose to use Rebasoft alongside SailPoint or Saviynt to provide additional operational context and validation.

Most organisations gain useful insights within hours. Common early findings include unnecessary licence spend, excessive privileged access, dormant accounts and MFA gaps that can be addressed immediately.

No. Rebasoft operates in read-only mode by default. It provides visibility, evidence and recommendations without making changes to your Microsoft 365 environment.

These areas are not currently collected by Rebasoft. We believe transparency is important, so we clearly distinguish between available functionality and roadmap capabilities. Today, Exchange Online mailbox delegation, Teams channel membership, SharePoint and OneDrive sharing permissions, and Azure resource-level RBAC are on the roadmap rather than available now — talk to us about timing if any are blocking.

Yes. Microsoft Defender focuses on detecting and responding to threats. Rebasoft focuses on understanding assets, identities, relationships and control effectiveness. Together they provide a more complete picture of both exposure and active threats.

No. Rebasoft uses existing network protocols and telemetry to discover, monitor and control devices without deploying agents, supplicants or additional endpoint software.

No. Rebasoft is designed to work with existing network infrastructure, reducing deployment complexity and avoiding the cost and risk associated with inline appliances.

Rather than relying solely on device identity, Rebasoft evaluates device behaviour. Network traffic patterns, communication activity and policy conformance help determine whether a device should remain connected, be restricted or be quarantined.

Most enterprise-grade switches, routers and firewalls support NetFlow, IPFIX, sFlow or jFlow. During onboarding, Rebasoft confirms what telemetry is already available and identifies any gaps.

Yes. IoT, OT and unmanaged devices are often the biggest visibility challenge for security teams. Rebasoft discovers and monitors these devices without requiring agents or manual maintenance of device inventories.

In many environments, yes. Rebasoft combines asset discovery, traffic visibility, performance monitoring, configuration management and access control within a single platform, reducing the need for multiple standalone tools.

Most organisations assume controls are working because they were deployed at some point in the past. Rebasoft continuously validates the controls protecting your assets, users, applications and services, helping you identify failures, drift and exposure before they become incidents.

Rebasoft identifies the assets, users, vulnerabilities and control failures that present the greatest risk to critical business services, helping leadership focus attention where it matters most.

Rebasoft maps relationships between assets, users, services and vulnerabilities, helping organisations understand potential attack paths and blast radius before an incident occurs.

Rebasoft continuously discovers and validates assets directly from the environment, reducing dependence on manual updates, spreadsheets and disconnected systems.

Most organisations already own multiple security and operational tools. The problem is not a lack of data — it is that nobody can confidently answer:

• What do we own?
• What supports critical services?
• What is exposed?
• Are our controls working?
• Can we prove it?

Rebasoft helps answer those questions continuously.

Boards, insurers, auditors and regulators increasingly expect organisations to prove control effectiveness continuously rather than periodically. Point-in-time assessments are no longer sufficient.

By replacing manual asset management, reducing audit preparation effort, improving remediation prioritisation and consolidating multiple overlapping tools.

Most customers realise value through:

• Reduced tool sprawl
• Reduced audit effort
• Faster remediation
• Better utilisation of existing security investments
• Fewer unknown assets
• Improved compliance outcomes

Vulnerability scanners tell you what vulnerabilities exist. Rebasoft helps you understand:

• Which matter
• Which are exploitable
• Which affect critical services
• Which should be fixed first

Most CAASM platforms aggregate information from other tools. Rebasoft continuously discovers and validates assets directly from the environment while also providing vulnerability, configuration, traffic and compliance intelligence from the same platform.

By identifying unmanaged assets, vulnerable systems, insecure configurations, excessive access and exposed services before attackers find them.

Rebasoft continuously validates assets, users, identities, configurations and device behaviour, helping organisations implement and maintain Zero Trust principles.

Yes. Rebasoft provides evidence of asset visibility, vulnerability management, configuration management, access control and control effectiveness that insurers increasingly expect to see.

Rather than preparing once a year, Rebasoft continuously measures compliance, helping organisations remain ready throughout the year.

Rebasoft provides continuous evidence for many technical controls, reducing manual evidence gathering and helping organisations maintain audit readiness.

Yes. Both frameworks require organisations to understand assets, services, dependencies, risks and controls. Rebasoft provides continuous visibility into each of these areas.

Most organisations do not have a tool problem — they have a visibility problem. They cannot confidently answer:

• What assets exist?
• What supports critical services?
• What is vulnerable?
• What is misconfigured?
• What is communicating?
• What is exposed?
• Are controls working?

Traditional tools answer one part of that problem. Rebasoft connects the whole picture — continuously discovering assets, mapping relationships, validating controls, prioritising risk and providing the evidence needed by operations, security, compliance and leadership teams from a single platform.

Risk continues to grow silently. Assets change, users change, services change, vulnerabilities change, controls drift and attackers adapt. The longer organisations rely on periodic scans, spreadsheets and disconnected tools, the harder it becomes to understand what is actually happening inside the environment.

Rebasoft was built to replace assumptions with continuous visibility and evidence.