Vulnerability Management
Compare 121 vulnerability management tools to find the right one for your needs
π Subcategories
π§ Tools
Compare and find the best vulnerability management for your needs
RunZero
A network discovery and asset inventory platform that provides a complete and detailed view of your entire network.
Bishop Fox Cosmos
A managed service combining attack surface management technology with expert-driven continuous penetration testing.
Burp Suite
An integrated platform for performing security testing of web applications.
Intruder
A cloud-based vulnerability scanner that finds cybersecurity weaknesses in your digital infrastructure.
Nmap
A free and open-source utility for network discovery and security auditing.
Wiz
A cloud security platform that provides visibility and risk context across the entire cloud stack.
Intruder
A cloud-based vulnerability scanner that finds cybersecurity weaknesses in your external infrastructure.
Edgescan
A managed vulnerability assessment and penetration testing solution combining smart technology with human intelligence.
Aikido Security
A developer-friendly platform that combines multiple security scanners to find and prioritize vulnerabilities.
Nozomi Networks
An OT and IoT security platform that provides asset discovery, vulnerability management, and threat detection for industrial control systems.
Dragos
An industrial cybersecurity platform that provides asset visibility, threat detection, and response for industrial control systems.
NinjaOne
A unified IT operations platform that provides endpoint management, remote monitoring and management (RMM), and IT asset management.
Intruder
An online vulnerability scanner that finds cybersecurity weaknesses in your external attack surface, so you can fix them before a breach happens.
Nucleus Security
A centralized platform for vulnerability management, aggregation, and orchestration.
Intruder
A proactive vulnerability scanner that finds cybersecurity weaknesses in your digital infrastructure.
JupiterOne
A platform that creates a graph-based model of all cyber assets to manage attack surfaces and compliance.
Brinqa
A comprehensive platform for managing cyber risk across all security programs.
Wiz
A cloud security platform that provides full-stack visibility and risk assessment for your cloud environment.
Picus Security
A Security Validation and Exposure Management platform that helps organizations assess, prioritize, and address cyber risks.
Trivy
An open-source vulnerability scanner for containers, IaC, and more.
CrowdStrike Falcon Exposure Management
An exposure management solution from CrowdStrike that provides a unified view of risk across the enterprise.
Nucleus Security
A unified vulnerability management and prioritization platform.
Armis
An agentless cybersecurity asset management platform that discovers and secures all types of assets.
StackHawk
A dynamic application and API security testing tool for developers.
Wiz
An agentless platform that provides full-stack visibility and context to find, prioritize, and fix risks in the cloud.
CrowdStrike Falcon Spotlight
An endpoint-native vulnerability management solution that provides real-time visibility without active scanning.
Nucleus Security
A centralized platform to aggregate, prioritize, and manage vulnerabilities from all scanning tools.
Orca Security
An agentless CNAPP that provides 100% coverage of cloud risks without any runtime overhead.
Armis
An agentless device security platform that discovers, monitors, and protects all managed, unmanaged, and IoT devices.
Axonius
A cybersecurity asset management platform that provides a comprehensive inventory of all assets, uncovers security gaps, and automates policy enforcement.
CrowdStrike Falcon Discover
Provides real-time visibility into the devices, users, and applications in your network to identify and eliminate malicious or noncompliant activity.
JupiterOne
A CAASM platform that provides a unified view of your cyber assets and their relationships, enabling you to manage your attack surface and reduce risk.
Claroty
A cyber-physical systems (CPS) security platform that provides visibility, protection, and monitoring for OT, IoT, and IoMT environments.
CyCognito
An external attack surface management platform that helps you discover, test, and protect your entire external attack surface.
CrowdStrike Falcon Surface
An EASM solution that provides continuous, real-time visibility into an organization's known and unknown exposed assets.
CyCognito
An external attack surface and exposure management platform that maps, tests, and prioritizes risks across the entire organization.
ImmuniWeb Discovery
An AI-driven platform for external attack surface management, dark web monitoring, and phishing detection.
Wiz
An agentless cloud security platform that provides full-stack visibility and identifies critical risks in the cloud.
Orca Security
An agentless CNAPP that provides full-stack visibility into cloud risks without the overhead of agents.
CrowdStrike Falcon Horizon
A CSPM solution that detects and prevents cloud misconfigurations, control plane threats, and ensures compliance.
OWASP ZAP
An open-source web application security scanner.
Snyk
A developer-first security platform for finding and fixing vulnerabilities in code, open source, containers, and IaC.
Microsoft Defender Vulnerability Management
A vulnerability management solution from Microsoft that is part of the Defender suite.
XM Cyber
An exposure management platform that helps you understand and remediate your security risks from an attacker's perspective.
Nikto
An open-source web server scanner that performs comprehensive tests against web servers for multiple items.
Cisco Vulnerability Management (formerly Kenna Security)
A risk-based vulnerability management platform that uses data science to prioritize vulnerabilities.
Vulcan Cyber
An exposure management platform that helps correlate assets, prioritize risks, and orchestrate remediation.
Microsoft Defender Vulnerability Management
Provides continuous vulnerability discovery, risk-based prioritization, and built-in remediation tools.
Armis
An agentless platform that discovers and secures all types of assets, including IT, IoT, OT, and medical devices.
Snyk
A platform that helps developers find and fix vulnerabilities in code, open source, containers, and IaC.
Lacework
A CNAPP that uses anomaly detection to identify threats across cloud workloads, accounts, and containers.
Balbix
Uses AI to automate asset discovery, vulnerability management, and cyber risk quantification.
Microsoft Defender for Endpoint
An enterprise endpoint security platform that helps organizations prevent, detect, investigate, and respond to advanced threats.
Lansweeper
An IT asset management platform that discovers and inventories all of your IT assets, providing a single source of truth for your entire IT environment.
Device42
A comprehensive IT asset management and dependency mapping platform that provides a single source of truth for your entire IT ecosystem.
Invicti
An application security testing platform that helps you secure your web applications, APIs, and microservices.
Mandiant Attack Surface Management
Part of the Mandiant Advantage platform, it provides visibility into external assets and vulnerabilities, backed by Mandiant's threat intelligence.
IBM Security Randori
A cloud-native attack surface management platform that helps businesses discover and prioritize their most critical external risks.
Detectify
A cloud-based attack surface management tool that leverages insights from elite ethical hackers for automated vulnerability scanning.
HackerOne Assets
An attack surface management solution that helps organizations map their digital footprint and prioritize security testing.
SecurityScorecard
A security ratings platform that provides continuous monitoring and assessment of an organization's and its vendors' cybersecurity posture.
Bitsight
A cyber risk intelligence platform that provides security ratings, external attack surface management, and third-party risk management.
Red Hat Ansible Automation Platform
An enterprise automation platform that can be used for configuration management, application deployment, and security automation.
Cisco Vulnerability Management (formerly Kenna Security)
A risk-based vulnerability management platform that helps you prioritize and remediate the vulnerabilities that matter most.
Syxsense
A cloud-based platform that combines endpoint management and security in a single solution.
Cymulate
A SaaS-based Extended Security Posture Management (XSPM) platform that helps manage exposure to cyber threats.
Tenable.io
Provides comprehensive vulnerability data and insights to help you understand and reduce your cyber risk.
ManageEngine Vulnerability Manager Plus
An end-to-end vulnerability management solution that provides visibility, assessment, and remediation.
AttackIQ
A leading provider of Breach and Attack Simulation (BAS) solutions for continuous security validation.
SafeBreach
A pioneer in breach and attack simulation (BAS) that provides a platform to test defenses before attackers can exploit them.
Tenable Nessus
A widely used vulnerability scanner for identifying security vulnerabilities, misconfigurations, and malware.
Rapid7 InsightVM
A vulnerability management solution that provides visibility into risk across the entire IT environment.
Invicti
A web application security scanner that provides automated vulnerability scanning and management.
Sysdig Secure
A cloud-native security platform that provides threat detection, vulnerability management, and compliance for containers, Kubernetes, and cloud.
Prisma Cloud
A comprehensive Cloud Native Application Protection Platform (CNAPP) from Palo Alto Networks.
Tenable.io
Provides visibility across the modern attack surface and insights to prioritize and remediate vulnerabilities.
Rapid7 InsightVM
A risk-based vulnerability management solution that provides visibility, prioritized guidance, and automation.
Brinqa
A platform for building a knowledge graph of all security and business data to manage cyber risk.
Palo Alto Networks Prisma Cloud
A comprehensive CNAPP that provides security and compliance coverage from code to cloud.
Veracode
A unified platform that provides comprehensive, automated application security from development to production.
Ivanti Neurons for RBVM (RiskSense)
A risk-based vulnerability management solution that prioritizes threats and automates remediation.
Tenable.io Asset Inventory
Provides comprehensive asset visibility across your entire attack surface, including cloud, on-premises, and OT environments.
Rapid7 InsightVM
A vulnerability management solution that provides discovery, assessment, prioritization, and remediation of vulnerabilities.
Palo Alto Networks Cortex Xpanse
An attack surface management solution that discovers, evaluates, and mitigates risks across your entire internet-facing footprint.
SysAid
An AI-powered IT service management (ITSM) platform that helps you automate your IT and deliver better service.
Palo Alto Networks Cortex Xpanse
Provides a complete and accurate view of your global internet-facing assets to discover, evaluate, and mitigate your attack surface.
Rapid7 InsightVM
A vulnerability management solution that includes features for discovering and assessing assets across the entire attack surface.
Bugcrowd Attack Surface Management
An EASM solution that combines automated scanning with insights from a global community of ethical hackers.
UpGuard
A platform that unifies attack surface management, vendor risk management, and security ratings.
Tenable.sc
On-premises vulnerability management platform for comprehensive visibility and measurement of cyber risk.
Rapid7 InsightVM
A vulnerability risk management solution that provides visibility, prioritized risk scoring, and remediation workflows.
Palo Alto Networks Prisma Cloud
A comprehensive CNAPP that provides security and compliance coverage from code to cloud.
Qualys VMDR
A cloud-based platform for vulnerability management, providing asset discovery, vulnerability assessment, and remediation.
OpenVAS
A powerful open-source vulnerability scanner with a comprehensive feature set.
Checkmarx
An application security testing platform that provides SAST, SCA, IAST, and DAST solutions.
Qualys VMDR
A cloud-native solution that unifies discovery, assessment, detection, and response in a single workflow.
Qualys Asset Inventory
Provides a single source of truth for all IT assets across on-premises, cloud, and remote environments.
ServiceNow IT Asset Management
An IT asset management solution that helps organizations manage the entire lifecycle of their hardware, software, and cloud assets.
Forescout
A cybersecurity platform that provides continuous discovery, assessment, and control of all connected devices across the enterprise.
ManageEngine AssetExplorer
A web-based IT asset management software that helps you monitor and manage all of your IT assets from a single place.
SolarWinds Hybrid Cloud Observability
A full-stack observability solution that provides visibility into the performance of your applications, infrastructure, and networks, across on-premises and cloud environments.
Tenable.asm
An external attack surface management solution that provides continuous visibility and assessment of internet-facing assets.
Qualys VMDR
A cloud-based app that provides a unified solution for asset discovery, vulnerability assessment, and remediation.
Check Point CloudGuard
A unified cloud native security platform for automated posture management, threat prevention, and workload protection.
Progress Chef
An automation platform for building, deploying, and managing infrastructure and applications, with a strong focus on compliance.
Microsoft Defender for Cloud
A unified cloud-native application protection platform (CNAPP) for Azure, AWS, and Google Cloud.
Qualys VMDR
A comprehensive solution that combines vulnerability management, detection, and response in a single platform.
Rapid7 InsightVM
A vulnerability management solution that provides visibility into risk across your entire environment.
Mandiant Advantage Security Validation
A SaaS platform from Google Cloud that combines Mandiant's threat intelligence and expertise with automated security validation.
Acunetix
An automated web application security testing tool that audits your web applications by checking for vulnerabilities.
Skybox Security
A security posture management platform that provides visibility and context across your entire hybrid environment.
Checkmarx One
An application security platform that provides SAST, SCA, IaC, and API security in a single solution.
Qualys CyberSecurity Asset Management
A solution that combines internal and external asset discovery to provide a unified inventory and security posture assessment.
Puppet Enterprise
An infrastructure automation tool for configuration management, compliance enforcement, and continuous delivery.
Anchore
A platform for container security and compliance.
Microsoft Defender External Attack Surface Management
Defines an organization's unique internet-exposed attack surface and discovers unknown resources to proactively manage security posture.
Clair
An open-source project for the static analysis of vulnerabilities in application containers.
Grype
An open-source vulnerability scanner for container images and filesystems from Anchore.
Syft
An open-source tool for generating a Software Bill of Materials (SBOM).
CIS-CAT Pro Assessor
The official tool from the Center for Internet Security (CIS) for assessing system configurations against CIS Benchmarks.
OpenSCAP
An open-source framework for implementing and enforcing the Security Content Automation Protocol (SCAP).