Vulnerability Management17Vulnerability Management Software scans discovered IT assets for known vulnerabilities, i.e. configurations and setups that are open to security threats and malware. To make these scans effective, vulnerability management suites and platforms often must operate in tandem with a security or threat intelligence platform, a repository of ever-expanding known threats.FireMon1https://media.trustradius.com/product-logos/iL/JT/BCQ32GLX7WMA-180x180.PNGMcAfee ePolicy Orchestrator2https://media.trustradius.com/vendor-logos/eB/ri/277N5FG3B8SN-180x180.JPEGQualys Cloud Platform (formerly Qualysguard)3https://media.trustradius.com/vendor-logos/Kr/jJ/32G0095MQS8X-180x180.JPEGRapid7 Nexpose4https://media.trustradius.com/vendor-logos/Jt/nm/DMQHRCTTH9CT-180x180.JPEGAlienVault OSSIM5https://media.trustradius.com/vendor-logos/Sv/TO/0HHS1EUA42K7-180x180.JPEGMicrosoft Defender Advanced Threat Protection (ATP)6https://media.trustradius.com/vendor-logos/tf/J4/RTX1AO2GSVNS-180x180.JPEGTenable.sc (formerly SecurityCenter)7https://media.trustradius.com/vendor-logos/wa/hv/KXRS2SLG7A4A-180x180.JPEGNessus8https://media.trustradius.com/vendor-logos/wa/hv/KXRS2SLG7A4A-180x180.JPEGTenable.io9https://media.trustradius.com/vendor-logos/wa/hv/KXRS2SLG7A4A-180x180.JPEGSkybox Security10https://media.trustradius.com/product-logos/Gs/zR/XU1660ZPG60R-180x180.PNGAlert Logic Threat Manager11https://media.trustradius.com/vendor-logos/6s/Kj/LNDO4FAX2DHG-180x180.JPEGIvanti Security Controls12https://media.trustradius.com/vendor-logos/ab/K5/2J8L63CCMMTR-180x180.JPEGBeyondTrust Network Security Scanner, powered by Retina13https://media.trustradius.com/vendor-logos/oY/99/9C3PBM0AMI36-180x180.JPEGBMC Helix Client Management14https://media.trustradius.com/vendor-logos/I8/AI/M1BJKI1M3C52-180x180.PNGSymantec Control Compliance Suite15https://media.trustradius.com/vendor-logos/cS/FP/URPNU3J7IUQ9-180x180.PNGTripwire IP36016https://media.trustradius.com/product-logos/vQ/0Z/932ABHUO2Q9I-180x180.JPEGRecorded Future17https://media.trustradius.com/product-logos/V6/cA/H6TNWLOOA8UR.pngQualys Private Cloud Platform18https://media.trustradius.com/vendor-logos/Kr/jJ/32G0095MQS8X-180x180.JPEGAcunetix19https://media.trustradius.com/product-logos/wo/QM/WZ7N30JGW42K-180x180.JPEGSecPoint Penetrator Vulnerability Scanner20https://media.trustradius.com/product-logos/WU/Ab/WU3XBHMB2J0H.pngCritical Watch FusionVM21https://media.trustradius.com/product-logos/Aq/4X/S9HAQALHDV2P.jpegSkyport Systems22https://media.trustradius.com/product-logos/Vr/pk/TANN98T4A60W.pngBrinqa23https://media.trustradius.com/product-logos/Nr/4O/JLRU2FWJDMM0-180x180.JPEGDigital Shadows24https://media.trustradius.com/product-logos/6r/uT/UDS9G6I1OI3U.pngVerdiem25https://media.trustradius.com/vendor-logos/eB/st/BE0IVWGEPVC1-180x180.JPEG

Vulnerability Management Tools

Vulnerability Management Tools Overview

What is Vulnerability Management Tools?

Vulnerability management tools scan enterprise networks for weaknesses that may be exploited by would-be intruders. Should the scan find a weakness the vulnerability software suggests or initiates remediation action. In this way, vulnerability management software reduces the potential of a network attack. This approach to network security differs from firewalls, antivirus or antispyware software, and Intrusion Detection Systems (IDS). These security tools are designed to manage attacks on the network as they occur. In contrast, vulnerability management tools instead search for potential weaknesses and fix them in an attempt to mitigate potential future network attacks.


Vulnerability management tools initially assess the network using network and port scanners, IP scanners etc. They then prioritize remediation so that the most significant issues are addressed first. Best practice is to allow vulnerability management tools to perform limited scans, and remediate located weaknesses immediately, rather than conduct extensive scans. Conducting more extensive scans delay remediation while the scan completes and therefore leaves weaknesses found during the scan unattended until the scan is complete.


Remediation should happen quickly, and according to the vulnerability software’s prioritization schedule. Systematically eliminating network weaknesses reduces dependence on peripheral intrusion detection technologies. And even if access to the network is achieved, attacks can be minimized by removing vulnerabilities intruders may encounter.


Features of Vulnerability Management Tools

To achieve attack surface reduction, vulnerability management tools include the following features and capabilities:

  • Continuous monitoring and scanning for potential vulnerabilities

  • Monitoring profile & rule system (IT can determine which systems and assets to monitor)

  • Ability to set notifications rules

  • Attack surface visualization

  • Attack vector analytics and modeling

  • Threat intelligence platform integration, data used to update scan heuristics

  • Graphical attack modeling

  • Attack simulation and risk-scoring against current network security state

  • Patch simulation to model patch & update scenarios

  • Automated update and patching prioritization scheme

  • Network access path analysis to identify problematic access routes suggest lower risk traffic redirections

  • Reachability analysis for endpoints and secured assets

  • Customizable reporting, (e.g. policy-driven compliance reports)

Pricing Information

Vulnerability management tools are available via the cloud or, for entities facing strict data governance and sovereignty rules, on-premise. Pricing is dependent on the number of assets and systems monitored. Additionally, vulnerability management software vendors may offer additional modules (e.g. web application firewall) which increase subscription cost. Most vendors offer a 30-day free trial of small business and enterprise products.

Vulnerability Management Products

Listings (1-25 of 59)

57 Ratings

FireMon's Network Security Policy Management (NSPM) platform gives security and operations teams automated visibility and analysis for network security devices. FireMon's web-based UI allows users to dissect their network security policies, locate compliance failures, and assess security vulnerab...

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing: Asset dis...

13 Ratings

Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.

11 Ratings

Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable.io, a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indica...

We don't have enough ratings and reviews to provide an overall score.

Brinqa Risk Analytics is a governance, risk, and compliance (GRC) management platform from Brinqa headquartered in Austin, Texas.

We don't have enough ratings and reviews to provide an overall score.

Verdiem provides IT departments with the capability to remotely wake computers so that necessary security updates can be deployed immediately and optimize power management across the enterprise. Verdiem is now owned and supported by Avolin, the company formed by the divestiture of some Aptean pro...