Flexible search and filtering functions help analysts answer questions quickly.
Exploit and threat intelligence correlation separates theoretical risk, from real-world risk. It also removes reliance on CVSS as the only quantifiable factor to prioritize findings.
Asset criticality and contextual data (is the vulnerable host exposed to the public Internet?) also helps with prioritization
Confidence scores also help prioritize. Some vulnerability checks can be 100% certain, while others have to guess. Knowing the difference is important.
A SaaS-based console, managed by the vendor
Network scanning engines that either install as software packages or are available as complete virtual appliances compatible with most hypervisors. These network scanning engines send their results back to the SaaS-based console.
Cloud scanning engines that can be used for performing external vulnerability scans (scanning from an Internet, 'outside', perspective)
Adrian joined SC Media’s parent company, CyberRisk Alliance in 2020. He will focus primarily on cybersecurity product reviews, but will also provide industry insight trends for both SC Media and Security Weekly (another CyberRisk Alliance company). He brings two decades of industry experience, working as a practitioner, penetration tester, and industry analyst. He spent the last few years as an entrepreneur, challenging norms in sales and marketing for a variety of vendors. Adrian loves to cook, eat, hike, play music and regale his teenagers with stories of what the early days of the Internet were like.