Vulnerability Management Tools

Best Vulnerability Management Tools include: (formerly SecurityCenter),, and Qualys Cloud Platform.

Vulnerability Management Tools TrustMap

TrustMaps are two-dimensional charts that compare products based on trScore and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.

Vulnerability Management Tools Overview

What are Vulnerability Management Tools?

Vulnerability management tools scan enterprise networks for weaknesses that may be exploited by would-be intruders. Should the scan find a weakness the vulnerability software suggests or initiates remediation action. In this way, vulnerability management software reduces the potential of a network attack. This approach to network security differs from firewalls, antivirus or antispyware software, and Intrusion Detection Systems (IDS). These security tools are designed to manage attacks on the network as they occur. In contrast, vulnerability management tools instead search for potential weaknesses and fix them in an attempt to mitigate potential future network attacks.

Vulnerability management tools initially assess the network using network and port scanners, IP scanners etc. They then prioritize remediation so that the most significant issues are addressed first. Best practice is to allow vulnerability management tools to perform limited scans, and remediate located weaknesses immediately, rather than conduct extensive scans. Conducting more extensive scans delay remediation while the scan completes and therefore leaves weaknesses found during the scan unattended until the scan is complete.

Remediation should happen quickly, and according to the vulnerability software’s prioritization schedule. Systematically eliminating network weaknesses reduces dependence on peripheral intrusion detection technologies. And even if access to the network is achieved, attacks can be minimized by removing vulnerabilities intruders may encounter.

Features of Vulnerability Management Tools

To achieve attack surface reduction, vulnerability management tools include the following features and capabilities:

  • Continuous monitoring and scanning for potential vulnerabilities

  • Monitoring profile & rule system (IT can determine which systems and assets to monitor)

  • Ability to set notifications rules

  • Attack surface visualization

  • Attack vector analytics and modeling

  • Threat intelligence platform integration, data used to update scan heuristics

  • Graphical attack modeling

  • Attack simulation and risk-scoring against current network security state

  • Patch simulation to model patch & update scenarios

  • Automated update and patching prioritization scheme

  • Network access path analysis to identify problematic access routes suggest lower risk traffic redirections

  • Reachability analysis for endpoints and secured assets

  • Customizable reporting, (e.g. policy-driven compliance reports)

Pricing Information

Vulnerability management tools are available via the cloud or, for entities facing strict data governance and sovereignty rules, on-premise. Pricing is dependent on the number of assets and systems monitored. Additionally, vulnerability management software vendors may offer additional modules (e.g. web application firewall) which increase subscription cost. Most vendors offer a 30-day free trial of small business and enterprise products.

Vulnerability Management Products

(1-25 of 66) Sorted by Most Reviews

71 ratings
42 reviews
FireMon's Network Security Policy Management (NSPM) platform gives security and operations teams automated visibility and analysis for network security devices. FireMon's web-based UI allows users to dissect their network security policies, locate compliance failures, and assess security vulnerabili…
McAfee ePolicy Orchestrator
38 ratings
9 reviews
McAfee ePolicy Orchestrator (McAfee ePO) software centralizes and streamlines management of endpoint, network, data security, and compliance solutions.
25 ratings
9 reviews
SaltStack is a cloud management platform from the company of the same name in Lehi, Utah.
Qualys Cloud Platform (formerly Qualysguard)
27 ratings
7 reviews
The Qualys Cloud Platform (formerly Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other features to provide…
Rapid7 Nexpose
37 ratings
7 reviews
NeXpose from Boston-based Rapid7 is a vulnerability management option.
AlienVault OSSIM
18 ratings
7 reviews
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing: Asset discov…
CrowdStrike Falcon Endpoint Protection
24 ratings
7 reviews
CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance… (formerly SecurityCenter)
23 ratings
6 reviews (formerly SecurityCenter) from Tenable Network Security in Baltimore, presents a vulnerabiliy management option.
Microsoft Defender Advanced Threat Protection (ATP)
19 ratings
5 reviews
Microsoft Defender Advanced Threat Protection (ATP) is an endpoint security solution. It integrates technology based on the 2017 acquisition of Israeli cyber security company Hexadite, the developer of Hexadite AIRS, which uses AI designed to model optimal cyberthreat response behavior and provide…
19 ratings
5 reviews
Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.
Skybox Security
4 ratings
4 reviews
Skybox Security offers vulnerability and threat management solutions.
13 ratings
4 reviews
Vulnerability management specialist Tenable offers their cloud application and container security platform, a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicatin…
BeyondTrust Network Security Scanner, powered by Retina (Legacy)
6 ratings
2 reviews
BeyondTrust offers vulnerability management via Network Security Scanner, powered by Retina. This technology was developed by eEye, before that company's acquisition by BeyondTrust in 2012.
Ivanti Security Controls
7 ratings
2 reviews
Ivanti Security Controls is a vulnerability management solution, which replaces the former Heat Unified Endpoint Management & Security product, which in turn was formerly a Lumension supported product.
Tripwire IP360
4 ratings
1 reviews
IP360 from Tripwire is a vulnerability management solution; the technology was acquired with nCircle in 2013 and based on the nCircle 360 Suite product.
Symantec Control Compliance Suite
1 ratings
1 reviews
The Symantec Control Compliance Suite is a Governance, Risk Management, and Compliance (GRC) Platform.
GFI LanGuard
1 ratings
1 reviews
GFI LanGuard is a vulnerability management solution for small businesses, from Aurea SMB Solutions (formerly GFI Software).
Recorded Future
2 ratings
1 reviews
Boston-based Recorded Future presents a vulnerability management solution.
4 ratings
1 reviews
AcuSensor from Maltese company Acunetix is application security and testing software.
Qualys Private Cloud Platform
9 ratings
1 reviews
Qualys Private Cloud Platform is the on-premise version of the Qualys Cloud Platform, from Qualys in Redwood City. The platform is designed for entities with strict data sovereignty rules, to patch and reduce enterprise network vulnerability while providing compliance with data security policy.
Tripwire Enterprise
7 ratings
1 reviews
Tripwire Enterprise, from Tripwire in Portland, Oregon, is an intrusion detection/prevention system.
New York-based SecurityScorecard presents a vulnerability management solution.
SecPoint Penetrator Vulnerability Scanner
SecPoint Penetrator is a vulnerability scanning virtual or hardware appliance that simulates how a hacker could penetrate a given system and reveal vulnerabilities, used for penetration testing and vulnerability assessments.
Skyport Systems
Mountain View, California based Skyport Systems presents a vulnerability management solution.
Critical Watch FusionVM
Dallas-based Critical Watch offers FusionVM, a vulnerability management solution.