Enterprise security professionals have the responsibility of dealing with vulnerabilities. They have to find and fix as many issues as possible wherever they happen to pop up. Varying from one environment to the next, this can be a REALLY big job. To keep up many enlist the help of commercial and open source solutions. The problem is there are perhaps 100’s, or more, vulnerability management/assessment/scan/remediation/consulting vendors all targeting a specific niche of the vulnerability stack in their own special way. It’s a confusing landscape to say the least.In my position I get asked a lot about who covers what, how is it different from the other guy, or how good is it. I do my best to keep track of these things since it’s my business to know and want to give educated answers. I thought it would be helpful to create a couple of graphics that people researching solutions would be able to use. Less confusion = good.

The first graphic is my take on the “vulnerability stack”, the areas of focus for vulnerability scanning/assessment solutions. This is helpful for asking vendors what area they cover. There are probably some areas I missed, but it’s a first draft. If my technical vulnerabilities and business logic flaws terminology is confusing, please see Technology Alone cannot Defeat website Attacks: Understanding Technical vs. Logical Vulnerabilities.




The second graphic is a vulnerability scanning/assessment vendor comparison chart. Here we’re trying to answer the “who covers what question?” and a foundation to ask how they are different. I know some will vendors claim they do more that what the chart indicates, but I’m listing only their main areas of focus. If someone happens to add a website vuln check or two, it doesn’t make them a network scanner. Likewise if website scanners adds a few network checks, it hardly a new Nessus. A decent amount of comprehensiveness in the block is required. Enjoy!