Blog

Practical guides on vulnerability management, compliance, and cybersecurity for European organizations.

Security posture update — HttpOnly sessions, nonce-based CSP, SBOM pipeline

A transparent write-up of the April 2026 security hardening on sentrikat.com and portal.sentrikat.com: what we changed, why it matters, and what's next.

Denis Sota · April 17, 2026 · 6 min read

security transparency CSP

SBOM CycloneDX SPDX

What's New in SentriKat — SBOM Export, Compliance Reports, and Remediation Workflows

Sprint 4 and Sprint 5 add CRA-ready SBOM export (CycloneDX, SPDX, STIX), signed gap-analysis reports for PCI-DSS, ISO 27001 and SOC 2, full remediation assignments with SLA tracking, and multi-tracker integration with Jira, GitHub, GitLab and YouTrack.

Denis Sota · April 14, 2026 · 5 min read

Early Access launch vulnerability management

SentriKat Early Access Is Now Open — All Plans Free, Limited Spots

We're opening SentriKat to 30 SaaS and 15 on-premises organizations for free. Full Pro features, no credit card, no time limit. Here's what you get and how to join.

Denis Sota · April 2, 2026 · 4 min read

NVD CVSS ENISA EUVD

Why We Stopped Trusting a Single Vulnerability Database

SentriKat now fetches CVSS scores from 3 independent sources with automatic fallback. Here's why we built multi-source vulnerability intelligence and what the NVD backlog crisis means for your security posture.

Denis Sota · February 15, 2026 · 5 min read

ENISA EUVD European Union NIS2

What Is the ENISA European Vulnerability Database (EUVD)? A Practical Guide

ENISA EUVD is the European Union's vulnerability database mandated by NIS2 Article 12. Learn what it contains, how it compares to NVD and CISA KEV, and how SentriKat integrates it for EU vulnerability management.

Denis Sota · February 15, 2026 · 5 min read

comparison Tenable Qualys

SentriKat vs Tenable vs Qualys vs Rapid7: Which Vulnerability Scanner Is Right for You?

A detailed comparison of SentriKat with Tenable Nessus, Qualys VMDR, and Rapid7 InsightVM. Learn how a CISA KEV-focused approach differs from traditional full-spectrum vulnerability scanning.

Denis Sota · February 11, 2026 · 5 min read

CISA KEV vulnerability management compliance

What Is the CISA KEV Catalog and Why Your Business Should Track It

The CISA Known Exploited Vulnerabilities catalog lists CVEs actively used in cyberattacks. Learn what KEV is, how it differs from the NVD, and why tracking it is essential for NIS2 and DORA compliance.

Denis Sota · February 11, 2026 · 5 min read

air-gapped on-premises security

Vulnerability Management in Air-Gapped Environments: A Practical Guide

How to manage vulnerabilities in air-gapped and isolated networks. Learn about offline KEV tracking, manual knowledge base sync, and SentriKat's approach to vulnerability management without internet access.

Denis Sota · February 10, 2026 · 5 min read

EPSS CVSS vulnerability prioritization

EPSS vs CVSS: How to Actually Prioritize Vulnerabilities in 2026

CVSS scores alone don't tell you what to fix first. Learn how EPSS (Exploit Prediction Scoring System) and the CISA KEV catalog provide real-world exploit context for better vulnerability prioritization.

Denis Sota · February 9, 2026 · 5 min read

MSP multi-tenant vulnerability management

Vulnerability Management for MSPs: How to Scale Across Multiple Clients

How managed service providers can deliver vulnerability management at scale using multi-tenant architecture, white-label branding, and CISA KEV-focused prioritization. A practical guide for MSPs.

Denis Sota · February 8, 2026 · 5 min read

DORA financial services compliance

DORA Vulnerability Management for Financial Services: A Practical Guide

The Digital Operational Resilience Act requires ICT vulnerability management for financial entities. Learn DORA requirements, deadlines, and how to implement compliant vulnerability tracking.

Denis Sota · February 7, 2026 · 4 min read

on-premises data sovereignty GDPR

On-Premises vs Cloud Vulnerability Management: Why Data Sovereignty Matters

Should your vulnerability management tool be self-hosted or cloud-based? We compare on-premises and SaaS approaches for organizations that care about data sovereignty and GDPR compliance.

Denis Sota · February 6, 2026 · 5 min read

IT NIS2 PMI gestione vulnerabilità

Gestione delle Vulnerabilità per PMI: Guida Pratica alla Conformità NIS2

This post is in Italian.

La direttiva NIS2 richiede la gestione delle vulnerabilità per le PMI europee. Scopri cosa serve, come implementarla senza budget enterprise, e come SentriKat automatizza la conformità.

Denis Sota · February 5, 2026 · 4 min read

NIS2 compliance vulnerability management

NIS2 Vulnerability Management: What European SMBs Need to Know in 2026

NIS2 requires vulnerability handling for essential and important entities across the EU. Learn what Article 21 demands, how to demonstrate compliance, and practical tools for SMBs.

Denis Sota · February 4, 2026 · 5 min read

Try SentriKat Free

Free during Early Access. Cloud or on-premises vulnerability management focused on CISA KEV.

Join Early Access

Topics

CISA KEV CRA CSP CVSS Cyber Resilience Act CycloneDX DORA ENISA EUVD EPSS Early Access European Union GDPR ICT risk ISO 27001 MSP NIS2 NVD PCI-DSS PMI Qualys Rapid7 SBOM SOC 2 SPDX Svizzera Tenable air-gapped cloud security comparison compliance conformità cybersecurity data sovereignty financial services free gestione vulnerabilità infrastructure launch managed services multi-source intelligence multi-tenant on-premises release notes remediation risk management security self-hosted sicurezza informatica transparency trust vulnerability database vulnerability management vulnerability prioritization white-label

Community

Join the discussion — share tips, report bugs, and connect with other SentriKat users.

Visit Community Forum

Subscribe via RSS