Vulnerability Management Tools

Best Vulnerability Management Tools include:

Tenable.sc (formerly SecurityCenter) and Nessus.

Vulnerability Management Tools TrustMap

TrustMaps are two-dimensional charts that compare products based on trScore and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.

Vulnerability Management Tools Overview

What are Vulnerability Management Tools?

Vulnerability management tools scan enterprise networks for weaknesses that may be exploited by would-be intruders. Should the scan find a weakness the vulnerability software suggests or initiates remediation action. In this way, vulnerability management software reduces the potential of a network attack. This approach to network security differs from firewalls, antivirus or antispyware software, and Intrusion Detection Systems (IDS). These security tools are designed to manage attacks on the network as they occur. In contrast, vulnerability management tools instead search for potential weaknesses and fix them in an attempt to mitigate potential future network attacks.


Vulnerability management tools initially assess the network using network and port scanners, IP scanners etc. They then prioritize remediation so that the most significant issues are addressed first. Best practice is to allow vulnerability management tools to perform limited scans, and remediate located weaknesses immediately, rather than conduct extensive scans. Conducting more extensive scans delay remediation while the scan completes and therefore leaves weaknesses found during the scan unattended until the scan is complete.


Remediation should happen quickly, and according to the vulnerability software’s prioritization schedule. Systematically eliminating network weaknesses reduces dependence on peripheral intrusion detection technologies. And even if access to the network is achieved, attacks can be minimized by removing vulnerabilities intruders may encounter.


Features of Vulnerability Management Tools

To achieve attack surface reduction, vulnerability management tools include the following features and capabilities:

  • Continuous monitoring and scanning for potential vulnerabilities

  • Monitoring profile & rule system (IT can determine which systems and assets to monitor)

  • Ability to set notifications rules

  • Attack surface visualization

  • Attack vector analytics and modeling

  • Threat intelligence platform integration, data used to update scan heuristics

  • Graphical attack modeling

  • Attack simulation and risk-scoring against current network security state

  • Patch simulation to model patch & update scenarios

  • Automated update and patching prioritization scheme

  • Network access path analysis to identify problematic access routes suggest lower risk traffic redirections

  • Reachability analysis for endpoints and secured assets

  • Customizable reporting, (e.g. policy-driven compliance reports)

Pricing Information

Vulnerability management tools are available via the cloud or, for entities facing strict data governance and sovereignty rules, on-premise. Pricing is dependent on the number of assets and systems monitored. Additionally, vulnerability management software vendors may offer additional modules (e.g. web application firewall) which increase subscription cost. Most vendors offer a 30-day free trial of small business and enterprise products.

Vulnerability Management Products

(1-25 of 86) Sorted by Most Reviews

CrowdStrike Falcon Endpoint Protection

CrowdStrike Falcon

Customer Verified
Top Rated
Starting Price $6.99

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment…

Key Features

  • Endpoint Detection and Response (EDR) (22)
    94%
    9.4
  • Centralized Management (22)
    93%
    9.3
  • Infection Remediation (22)
    91%
    9.1
Symantec Client Management Suite

Symantec Client Management Suite is designed to automate time-consuming and redundant tasks for deploying, managing, patching, and securing desktops and laptops so organizations can reduce the cost and effort of managing Windows, Mac, Linux, and virtual desktop environments.

McAfee ePolicy Orchestrator

McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance solutions.

Nessus

Nessus

Starting Price $2,790

Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.

Rapid7 InsightVM (Nexpose)

InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM…

Tenable.sc (formerly SecurityCenter)

Tenable.sc (formerly SecurityCenter) from Tenable Network Security in Baltimore, presents a vulnerabiliy management option.

Qualys Cloud Platform (formerly Qualysguard)

The Qualys Cloud Platform (formerly Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other…

AlienVault OSSIM

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing:…

Skybox Security

Skybox Security offers vulnerability and threat management solutions.

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint…

Tenable.io

Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable.io, a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible…

AWS CloudTrail

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of an AWS account. With CloudTrail, users can log, continuously monitor, and retain account activity related to actions across AWS infrastructure. CloudTrail provides event history…

Titania Nipper

Titania Nipper

Starting Price $1,191.75

Nipper discovers vulnerabilities in firewalls, switches and routers, automatically prioritizing risks to an organization. Its virtual modelling is designed to reduce false positives and identify exact fixes to help users stay secure and compliant.Audits: Firewalls | Switches | Routers…

BeyondTrust Network Security Scanner, powered by Retina (Legacy)

BeyondTrust offers vulnerability management via Network Security Scanner, powered by Retina. This technology was developed by eEye, before that company's acquisition by BeyondTrust in 2012.

HackerOne

HackerOne is a hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited, from the company of the same name in San Francisco. The service is used for vulnerability location, pen testing, bug bounty, and vulnerability…

Recorded Future

Boston-based Recorded Future presents a vulnerability management solution.

Ivanti Security Controls

Ivanti Security Controls is a vulnerability management solution, which replaces the former Heat Unified Endpoint Management & Security product, which in turn was formerly a Lumension supported product.

Symantec Control Compliance Suite

Symantec Control Compliance Suite (CCS) delivers the core assessment technologies to enable security and compliance programs, as well as support IT operations in the data center. Control Compliance Suite delivers asset autodiscovery, automates security assessments across procedural,…

ManageEngine Patch Manager Plus

Patch Manager Plus is an automated patch management software that provides enterprises with a single interface for all patch management tasks. The vendor claims it works across platforms, helping users patch Windows, Mac, Linux & 300+ third-party applications. With Automated…

GFI LanGuard

GFI LanGuard is a vulnerability management solution for small businesses, from Aurea SMB Solutions (formerly GFI Software).

Tripwire Enterprise

Tripwire Enterprise, from Tripwire in Portland, Oregon, is an intrusion detection/prevention system.

Tanium

Tanium, headquartered in Emeryville, provides two solution packages: Unified Endpoint Management and Unified Endpoint Security. The vendor states this approach reduces complexity, improves efficiency and closes the gaps between operations and security. Tanium can also be delivered…

Acunetix by Invicti

Acunetix by Invicti

Starting Price $4,500

AcuSensor from Maltese company Acunetix is application security and testing software.

Qualys Private Cloud Platform

Qualys Private Cloud Platform is the on-premise version of the Qualys Cloud Platform, from Qualys in Redwood City. The platform is designed for entities with strict data sovereignty rules, to patch and reduce enterprise network vulnerability while providing compliance with data security…

Tripwire IP360

IP360 from Tripwire is a vulnerability management solution; the technology was acquired with nCircle in 2013 and based on the nCircle 360 Suite product.

Frequently Asked Questions

How do vulnerability management tools work?

Vulnerability management tools most commonly scan an organization’s network for known weaknesses or exploitable characteristics that make the network vulnerable to attack. The tool then notifies IT administrators so they can remedy the vulnerability.

How can you evaluate a vulnerability management tool?

Consider whether each tool is a point solution or part of a larger security package, frequency of scans, vulnerability detection rates, and pricing.

What are the benefits of vulnerability management tools?

Vulnerability management tools preemptively reduce the risk of organizations’ networks being compromised and mitigate the damage when intrusions do occur.

How much do vulnerability management tools cost?

Pricing varies by the scope of assets and networks being assessed. There are also a range of free products and free versions available.