Vulnerability management software performs cyclical monitoring tasks to identify, diagnose, and remedy network threats such as hackers, viruses, or malware. Businesses will use vulnerability management tools to constantly test their network’s security and identify threats. IT managers and administrators use vulnerability management to automate tests and monitoring tasks required to maintain a secure network. Once a threat is detected, vulnerability management software will either alert administrators, remedy issues automatically, or install a patch to alter security policies. Vulnerability management products share many features with data security, network security, and web security tools. But vulnerability management tools are focused solely on the identification and management of network threats.
To qualify for inclusion in the Vulnerability Management category, a product must:
Built for security practitioners, by security professionals, Nessus Professional is the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.
IBM® BigFix® addresses a major challenge faced by many organizations — how to gain full visibility into the constantly changing endpoint landscape while bridging the gap between threat detection and remediation. See clearly: Discover and audit endpoints on or off the corporate network. Detect evasive attacks with behavioral analytics. Understand completely: Guided investigations to define the scope of detected attacks. Define what remediation action you need to take. Act precisely: Immediately contain and remediate attacks enterprise-wide. Continuously reduce your attack surface.
Website Threat Inspector (WTI) utilizes data, white hat penetration testing, and machine learning to provide an all-in-one security solution for domains and other online assets. WTI detects web vulnerabilities, illicit content, webpage defacement and backdoors to prevent possible financial loss caused by damage to your brand reputation
Qualys' integrated approach to IT security and compliance enables organizations of all sizes to successfully achieve both vulnerability management and policy compliance initiatives cohesively. Our solutions empower various roles within the organization to meet your unique requirements. Built on top of Qualys’ Infrastructure and Core Services, the Qualys Cloud Suite incorporates the following applications, all of which are delivered via the cloud: • AssetView • Vulnerability Management • Continuous Monitoring • ThreatPROTECT • Policy Compliance • Security Assessment Questionnaire • PCI Compliance • Web Application Scanning • Web Application Firewall • Malware Detection
Nexpose, Rapid7’s on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact. If you’re looking for more advanced capabilities such as Remediation Workflow and Rapid7's universal Insight Agent, check out our platform-based vulnerability management software, InsightVM.
AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure. With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud. Five Essential Security Capabilities in a Single SaaS Platform AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows. 1. Asset Discovery 2. Vulnerability Assessment 3. Intrusion Detection 4. Behavioral Monitoring 5. SIEM
Netsparker develops an industry leading automated web application security solution. Available as Windows software, online and on-premises service, the Netsparker scanner can automatically detect SQL Injection, Cross-site Scripting and other vulnerabilities in any type of modern HTML5, Single Page Application (SPA), Web 2.0 web application and web services, regardless of the technology they are built with. The Netsparker scanner does not just report the vulnerabilities, it also generates a proof of exploit confirming they are real and not false positives. Therefore you do not have to waste time manually verifying the scanner’s findings and can easily scale up web application security and scan thousands of websites within a matter of hours. Netsparker is trusted and used by world renowned companies such as Samsung, Ernst & Young, Skype, NASA, ISACA and ING Bank.
SolarWinds Patch Manager integrates with WSUS and Microsoft update agent, and automatically updates Windows patches based on custom schedules. In addition, you can create different patching schedules for different business groups within the organization per custom requirements.
Symantec Patch Management Solution allows you to proactively manage patches and software updates by automating the collection, analysis, and delivery of patches across your enterprise. The solution can significantly help you decrease the costs involved in testing and delivering patches to protect your environment.
Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments to protect data regardless of its location. The platform provides security intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent real damage. Netwrix Auditor includes applications for Active Directory, Azure AD, Exchange, Office 365, Windows file servers, EMC storage devices, NetApp filer appliances, SharePoint, Oracle Database, SQL Server, VMware, Windows Server and network devices. Empowered with a RESTful API and user activity video recording, the platform delivers visibility and control across all of your on-premises and cloud-based IT systems in a unified way.
WhiteSource helps business to develop better software by harnessing the power of open source. WhiteSource becomes part of your software development lifecycle (SDLC) and automates the entire process of open source components selection, approval, and management, including finding and fixing vulnerable components. We provide software development and security teams full control and visibility over their open source usage and helps them drive open source adoption
Desktop Central is a Unified Endpoint Management (UEM) solution that helps in managing servers, desktops, laptops, smartphones, tablets and POS devices from a central location. Automate your regular desktop management routines like installing patches, distributing software, imaging and deploying OS, managing your IT Assets, managing software licenses, monitoring software usage statistics, managing USB device usage, taking control of remote desktops, and more. It supports managing Windows, Mac and Linux operating systems. Manage your mobile devices to deploy profiles and policies, configure devices for Wifi, VPN, Email accounts, etc., apply restrictions on using camera, browser, etc., and to secure your devices like enabling passcode, remote lock/wipe, etc. Manage all your iOS, Android, Windows smartphones and tablets.
ConnectWise Automate third party patch management allows you to audit, patch, document, and even bill for third party application updates. All third party patch definitions are deployed following best practices, with automatic daily downloads ensuring you always patch to the latest version. Administrative time is significantly reduced so your technicians can focus their attention elsewhere.
LOGINCAT IS THE WORLD'S FIRST COMPREHENSIVE CYBERSECURITY SUITE, AI AND ZERO TRUST BASED. Cybersecurity is an increasingly critical issue. There is a hacker attack every 39 seconds. Prevent hacking and malware attacks with a robust, based on zero trust cybersecurity solution - LoginCat. From AI Based to Zero Day Exploits, LoginCat keeps you secure from all kinds of Cyberattacks.
Insignary Clarity enables proactive scanning of embedded firmware or any binaries for known, preventable security vulnerabilities, and also identifies potential license compliance issues. Clarity uses unique fingerprinting technology, which works on the binary without the source code or reverse engineering, making it simple for companies to take proper, preventive action before the deployment of their products.
Automoxs cloud-based solution simplifies patching and configuration management across Windows, Linux, Mac OS X, and 3rd party software. Automox provides IT managers and sysadmins with a patching system of record to track, control, and manage their patching process, providing greater security, improved productivity, and significant time savings. Automox is designed to complement your environment, whether you need a new patching solution or want to improve your existing patch workflow.
Sophisticated, targeted attacks can take weeks, months or longer to discover and resolve. Incident response teams need tools that quickly uncover the full source and scope of an attack to reduce time-to-resolution, mitigate ongoing risk and further fortify the network. Like a security camera for the network, Blue Coat Security Analytics delivers full network security visibility, advanced network forensics, anomaly detection and real-time content inspection for all network activity. This effectively arms security and incident response teams to identify and detect advanced malware crossing the network and contain zero-day and advanced targeted attacks. A comprehensive record of all network activity lets you conduct swift forensic investigations, perform proactive incident response and resolve breaches in a fraction of the time.
Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com. com.
Change Tracker Gen7R2 solves IT Security and the problems that plague all organizations – the overwhelming noise of change control and ensuring the integrity of IT systems. Completely redesigned with both security and IT operations in mind, Change Tracker Gen7 R2 is the only solution designed to reduce change noise and the complexity of integrity monitoring and policy management all while allowing for unprecedented scalability and management that meets the most demanding enterprise environments. Gen7R2 enables organizations to: - Define the systems that need protection - Ensure those systems are secured, compliant and fit for purpose at all times - Provide intelligent change control to ensure systems remain in a ‘known secure and compliant state’ - Enable organizations to move projects securely from Development to Operations Gen7 R2 integrates with leading Service desks and Change Management solutions to reconcile the changes that are actually occurring within your environment with those that were expected and part of an approved Request for Change. Security and IT Service Management (ITSM) have traditionally observed and managed change in two very different ways. By linking the changes approved and expected within the ITSM world with those that are actually happening from a security perspective, SecureOps is delivered and underpins effective, ongoing security and operational availability. With Gen7R2 you have the ability to reduce change noise by more than 90%, leaving only changes that are unknown, unwanted, unexpected or potentially malicious in nature for further investigation.
Cloud Security Command Center helps security teams gather data, identify threats, and act on them before they result in business damage or loss. It offers deep insight into application and data risk so that you can quickly mitigate threats to your cloud resources and evaluate overall health.
IBM Application Security on Cloud helps secure your organization's Web and mobile applications, by detecting dozens of today's most pervasive published security vulnerabilities. IBM Application Security on Cloud helps to eliminate vulnerabilities from applications before they are placed into production and deployed. Convenient, detailed reporting permits you to effectively address application security risk, enabling application users to benefit from a more secure experience. IBM Open Source Analyzer helps to secure and manage your open source components, by automating security testing and configuring scanning for open source.
Snyk is a developer-first security solution that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and Docker images. The Snyk solution integrates its comprehensive proprietary vulnerability database maintained by its expert security research team in Israel and London.
Provides automated security testing and security scan of web applications to identify vulnerabilities, scans your network and devices and suggest to you recommendations on how they can be fixed, and provides a source code analysis to identify and resolve security weaknesses and vulnerabilities
InsightVM, Rapid7’s vulnerability assessment solution, utilizes the power of the Insight platform and the heritage of our award-winning Nexpose product to provide full visibility of your modern ecosystem, prioritize risk using attacker analytics, contain threats, and remediate with SecOps agility. Leveraging InsightVM’s advanced analytics and endpoint technology enables you to discover vulnerabilities in real time and prioritize them actionably. Then, automate remediation by integrating into your IT team’s existing workflows and tools—a process made easy by InsightVM’s 40+ technology integrations.