What are the best vulnerability scanning tools? Why?

221 viewscircle icon2 Comments
Sort by:
CIO in Educationa year ago

The best vulnerability scanning tools are the ones that organisations actively use to improve the security of their environments. What I mean by this is that not only are scans configured to run at a regular cadence, but that the results are being analysed and remediation efforts are put in place. I've seen regular instances of organisations running vulnerability assessments as a compliance checklist item, but rarely interacting with the findings to make security posture improvements. 

The scanning tool you choose will often be based on your org's appetite for a few things: (not an exhaustive list)
- budget (agent-based VAS is more expensive)
- IT overhead ("do I really need to install yet another agent?")
- does your organisation have automation to, for example, automatically log your VAS calls and have them assigned to a team for remediation? (logging VAS calls manually is extremely time-consuming and emailing scan results to engineers individually isn't effective)
- is someone taking responsibility for remediating underlying reasons for the prevalence of vulnerabilities in their organisation's environment? e.g. if the vulnerabilities point to poor patching cadence, has a proper patching programme been implemented so that VAS isn't being relied on to point out vulnerable applications/operating systems etc. 

Head of Cyber Security in Manufacturinga year ago

Please detail out the question, so its clear what the focus is for example:
- Endpoints
- Servers 
- Webservers
- Databases
- Applications
- Running Kubernets
- Third Party Libraries
- etc

Content you might like

Using SIEM only

Using SIEM and SOAR solutions

Using MDR alongside SIEM (hybrid approach)

Fully transitioned from SIEM to MDR with Threat Intelligence and 24x7 monitoring from MDR solution provider.

Considering moving to MDR only, but not yet started

Considering moving out of SIEM to MDR with Threat Intelligence and 24x7 monitoring from MDR solution provider.

No plans to move to MDR

View Results

Drata5%

Vanta21%

Secureframe17%

KnowBe415%

Ostendio7%

AuditBoard4%

Something else -- I'll tell you in the comments6%

We’re not using a GRC platform22%

View Results