What is vulnerability management?

Start identifying and patching security weaknesses in your network with ThreatDown Vulnerability Assessment and Patch Management modules.

Award winning ThreatDown EDR stops threats that others miss

Vulnerability management definition

Vulnerability management is the continuous process of identifying, prioritizing, evaluating, treating, and reporting vulnerabilities that subject your business’s endpoints, workstations, and systems to cyber-attacks.

In an ever-evolving cyber ecosystem, security vulnerabilities remain increasingly complex and evasive to modern cybersecurity tactics. In addition to your team’s existing cybersecurity regime, leveraging the right vulnerability management tool ensures your IT infrastructure maintains strategic agility and blocks disruption to operations before incurring financial damage. A global study revealed the average cost of a data breach to companies was a record-breaking $4.24 million per incident. Astronomical expenses following a severe data breach not only result in reputational harm but the destruction of trust between businesses and consumers.

Vulnerability management combined with your existing network and endpoint security provides an added layer of protection by delivering ongoing identification, prioritization, and contextualization of software errors. It is an industry-leading plug-in that improves your team’s advanced decision-making capabilities when responding to threats. As networks are added and changes are made to operating systems, this process remains continuous as new vulnerabilities emerge over time.

How are vulnerabilities scored?

Understanding vulnerability severity ratings

The Common Vulnerability Scoring System (CVSS) is a basis used to rank severity and understand characteristics of software vulnerabilities.

CVSS v3.0 scoring

CVSS ScoreSeverity Level

In addition to CVSS, the National Vulnerability Database (NVD) contains vulnerability data that automated vulnerability management solutions and IT staff pull from. The Common Vulnerabilities and Exposures (CVE) is a public glossary of recorded cybersecurity errors that helps IT teams prioritize vulnerabilities and serves as a basis of dialogue within the cybersecurity community.

Steps in the vulnerability management process

Identify vulnerabilities

A vulnerability scanner pinpoints the number of affected endpoints and servers by probing connected systems within your network to identify areas of potential exposure that cyber attackers and exploits can take advantage of. Configuring parameters and scheduling scanning is critical in avoiding operation disruptions if bandwidth is limited.

Prioritize and evaluate

Using CVSS to evaluate the risks that vulnerabilities pose, your team can analyze information provided by vulnerability scoring to indicate prioritization of specific weaknesses and devise an appropriate strategy to address them. By gaining detailed information and asset inventory data, your team can take advantage of these tools to better protect your endpoints, intellectual property, and security posture.

Your team should consider these key questions when scoping vulnerabilities and conducting vulnerability analysis:

  • Is the vulnerability legitimate or a false positive discovery?
  • Is the vulnerability publicly known in the NVD?
  • Are our most critical assets protected? What asset types need coverage?
  • How challenging is the vulnerability to remediate? How long will remediation take?
  • What service level agreements (SLAs) or vulnerability and patch management policies need to be defined?


Vulnerabilities deemed a legitimate risk can be treated through one of 3 methods:

Remediating, mitigating, or accepting the flaw.

  • Remediation is the best option for completely fixing a vulnerability and eliminates the opportunity for exploits to strike.
  • Mitigation can reduce the chances of vulnerability being compromised. If a complete patch or fix is unavailable, mitigating the weakness is an appropriate measure to take when necessary.
  • Acceptance of a vulnerability means no action is taken. When a vulnerability is concluded to be low risk and the expense to remediate greatly outweighs the risk, accepting a vulnerability and moving forward with no course of action is plausible.


Tailored to your security team’s preferences, threat and vulnerability management reports offermultiple options for vulnerability scanning data visualization. Customized reports make it easier for IT staff to understand security weaknesses and develop a comprehensive remediation plan.

The difference between vulnerability management, vulnerability scanning, and vulnerability assessment tools?

When handling cybersecurity vulnerabilities, it’s important to understand the difference between vulnerability management, vulnerability scanning, and vulnerability assessment services.

Vulnerability management

Aligned with your performance-focused objectives, utilizing an enterprise vulnerability management software with automated capabilities offer flexible scheduling for vulnerability scanning depending on network changes during peak hours.Designed as a holistic approach,vulnerability management programs are customizable with the ability to focus metrics to develop better overall security maturity, risk management, and vulnerability governance. MSPs and organizations can analyze risks on an easy-to-use interface in one place with vulnerability management solutions.

Vulnerability scanning

Vulnerability scanning is a method used to pinpoint real-time vulnerabilities and classify the risks they pose while offering context toward determining the best course of action. A vulnerability scanner is a tool that inventories all connected IT assets, such as desktops, laptops, servers, firewalls, and machines, facilitating to monitor security vulnerabilities within your systems, networks, and applications. Running scans in off hours allows organizations to streamline the vulnerability process by avoiding network disruption caused by limited bandwidth.

Vulnerability assessment

vulnerability assessment (VA) is a single-time evaluation that reviews systemic security weaknesses in a network or host. Unlike VA, the vulnerability management process is a continuous practice that includes performing a vulnerability assessment as part of the vulnerability management framework. This allows businesses to gain deeper insight into their cybersecurity environment by mitigating cyberattacks before vulnerabilities are jeopardized. VA helps businesses examine efficiency of their existing vulnerability management process throughout time. Conducting vulnerability assessments satisfy regulatory requirements and compliance guidelines that aim to protect sensitive data.

Examples of compliance and regulations that require vulnerability assessment include:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • The General Data Protection Regulation (GDPR)
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • National Institute of Standards and Technology (NIST) Cybersecurity Framework

What is vulnerability assessment and penetration testing (VAPT)?

Vulnerability assessments aid in risk classification through assigning priority to potential threats that are categorized by severity. Organizations combine VA with a penetration test (PT) to enhance threat intelligence breadth and scope. Vulnerability assessment and penetration testing (VAPT) involves a wide range of security tests used to detect threat actors penetrating across your security stack. From human-led to automated VAPT, these services help your company achieve visibility over existing security weaknesses so they can be addressed.

Choosing a threat and vulnerability assessment tool

With ThreatDown Vulnerability Assessment module, Nebula subscribers for EP and  EDR can now take advantage of our new vulnerability assessment solution to better understand their business’ exposure to cyberthreats, identify vulnerabilities, and prioritize action to reduce the risk of vulnerability-based infection. Enabling organizations to build proactive cyber protection and respond swiftly to high-risk vulnerabilities, this keeps defenses current across device and server operating systems, as well as a variety of third-party apps.

Featured Resources

Vulnerability management FAQ

What is a vulnerability?

A security vulnerability is an error or flaw within a device or system’s code acting as a point of weakness that leaves your business susceptible to malware, data loss, and other intrusive cyber-attacks.

What is vulnerability assessment?

Vulnerability assessment (VA) is a one-time test that evaluates network systemic security flaws. A vulnerability assessment is a part of the vulnerability management process that involves identifying risks of intrusion before vulnerabilities are compromised. Businesses can use vulnerability assessments to analyze the effectiveness of their current vulnerability management process over time.

What is risk-based vulnerability management?

Risk-based vulnerability management is an extended process of vulnerability management that leverages automation and integrated data. It involves a deep focus on identifying and remediating vulnerabilities of the highest risk level by employing artificial intelligence (AI), machine learning (ML), and collected threat intelligence data. Benefits of risk-based vulnerability for your organization include improved visibility across the attack surface, continuous protection, and data-backed decision making.

What is the vulnerability management lifecycle?

4 Stages of the vulnerability management lifecycle:

Step 1. Identify and assess existing vulnerabilities

Step 2. Classify and prioritize threats

Step 3. Respond and act

Step 4. Reassess and improve vulnerability policy