Vulnerability Management
Industry-leading vulnerability scanning, attack surface management, breach simulation, and risk prioritization providers
Try:
Prominent Vulnerability Management Vendors
Industry-leading vendors in this security domain
Tenable
Enterprise
Qualys
Enterprise
Axonius
Enterprise
CyCognito
External Exposure Management
XM Cyber
Enterprise
HackerOne
Enterprise
Bugcrowd
Enterprise
AttackIQ
Enterprise
Cymulate
Enterprise
runZero
Enterprise
Horizon3.ai
Enterprise
IONIX
Enterprise
Capability Legend
Vuln Scan
Vulnerability Scanning
ASM
ASM/EASM
Risk Pri
Risk-Based Prioritization
Patch
Patch Management
Comply
Compliance Scanning
Cloud
Cloud VM
Container
Container Scanning
Web App
Web App Scanning
Pentest
Pentest Integration
Remediate
Remediation Tracking
Discovery
Asset Discovery
Enterprise Vulnerability Management (26)
Tenable
Tenable Holdings, Inc. is a cybersecurity company that helps organizations manage and reduce cyber risk through its exposure management platform, Tena
Qualys
Qualys, Inc. is an American technology firm specializing in cloud security, compliance, and related services, with over 10,300 customers worldwide. Th
Axonius
Axonius is a leading cyber asset attack surface management (CAASM) platform that provides comprehensive visibility into all assets across IT, cloud, S
XM Cyber
XM Cyber is a cybersecurity software company that specializes in exposure management, providing tools to proactively identify and mitigate cybersecuri
runZero
runZero is an exposure management platform that helps organizations find unknown assets, assess risk, and reduce cyber exposure - fast. It provides co
ArmorCode
ArmorCode's Unified Exposure Management Platform helps security teams unify, prioritize, and remediate vulnerabilities 10x faster by leveraging AI-pow
Asimily
Asimily is the leading top-rated IT, IoT, OT & IoMT exposure management platform enabling Visibility, Vulnerability Prioritization, Risk Mitigation, T
BackBox Software
BackBox provides the scalability and flexibility needed by large enterprises and MSPs to automate manual processes while ensuring security and complia
Brinqa
Brinqa delivers AI-driven exposure intelligence that unifies cyber risk data, clarifies ownership, and helps enterprises focus on what matters most. I
DefectDojo
DefectDojo is a security tool that automates application security vulnerability management, providing a platform for smarter and scalable security. It
Defense.com
Defense.com is a cybersecurity company that provides an XDR platform with optional SIEM to detect and respond to cyber threats across all areas of the
Forescout Technologies
Forescout provides continuous asset visibility, compliance, and network security across IT, OT, and IoT environments through its 4D Platform. The comp
Fortinet
Fortinet delivers cybersecurity everywhere you need it. We secure the entire digital attack surface from devices, data, and apps and from data center
Intruder
Intruder is a cloud-based vulnerability scanner that continuously monitors attack surfaces for security weaknesses across cloud infrastructure, web ap
JupiterOne
JupiterOne is a cyber asset analysis platform for cybersecurity designed to continuously collect, connect, and analyze asset data so security teams ca
Mondoo
Mondoo delivers world-class vulnerability management results through its expert-managed service, eliminating vulnerability backlogs and providing real
Nucleus Security
Nucleus Security provides a vulnerability and exposure management platform that enables organizations to prioritize and mitigate critical exposures at
RedSeal
RedSeal is an AI-enabled exposure management platform that models hybrid IT, OT, IoT, and cloud environments to uncover hidden risks, attack paths, an
SecPod
SecPod Technologies revolutionizes security with AI-powered prevention-first solutions for cloud and on-premises environments. The company provides un
Tenable Cloud Security
Tenable Holdings, Inc. is a cybersecurity company that provides cloud security solutions to protect multi-cloud and hybrid cloud environments from mis
Tonic Security
Tonic Security provides an Agentic Exposure Management platform that helps organizations reduce risk and remediate vulnerabilities at machine speed. T
Tripwire
Tripwire, now part of Fortra, provides enterprise security configuration management, vulnerability management, and file integrity monitoring solutions
Tromzo
Tromzo builds actionable context from code-to-cloud graph to accelerate remediation of critical risks across the software supply chain through AI-powe
Veriti AI
Veriti AI is an Israeli cybersecurity company that develops software for threat exposure management and automated remediation across multi-vendor envi
VulnCheck
VulnCheck provides vulnerability intelligence that predicts avenues of attack with speed and accuracy, helping organizations outpace adversaries in th
Zafran
Proactively stop vulnerability exploitation with Zafran's AI-native Exposure Management, unifying risk detection and mitigation to protect hybrid asse
Attack Surface Management (18)
CyCognito
CyCognito is an external exposure management leader that helps organizations discover and continuously test their external attack surface. The company
IONIX
Our mission at IONIX is to give security teams unmatched focus into what truly needs fixing, reducing external exposure by addressing high-impact expl
Assetnote
Assetnote provides industry-leading attack surface management solutions to help security teams continuously monitor and control their external exposur
Attaxion
Attaxion helps lean security teams find and manage their web-facing assets, uncovering exposures and prioritizing cyber risks through agentless traffi
Bitsight Technologies
Bitsight Technologies, Inc. is a cybersecurity company that provides security performance monitoring, exposure analysis, and risk management for compa
Censys
Censys empowers security teams with the most comprehensive, accurate, and up-to-date map of the internet to defend attack surfaces and hunt for threat
CloudSEK
CloudSEK leverages contextual AI to predict and prevent cyber threats, serving the cybersecurity sector with threat intelligence platforms, digital ri
Criminal IP
Criminal IP delivers AI-powered threat intelligence and security solutions to help organizations protect themselves against cyber threats. The company
CybelAngel
CybelAngel offers a range of products and services for external threat intelligence, including Attack Surface Management, Data Breach Prevention, Dark
Cyberint
Cyberint, now part of Check Point Software, provides external risk management solutions to continuously detect and mitigate cyber threats. The company
ENTHEC
Enthec offers advanced AI-driven cyber-surveillance solutions to protect identities and detect potential threats. The company provides threat intellig
Edgewatch
Edgewatch Risk & Attack Surface Management Platform assists companies in discovering, monitoring, and analyzing their digital footprint. Sovereign, fi
FullHunt
FullHunt provides comprehensive external attack surface management solutions for security vendors and organizations. Its platform unifies internet-sca
Hadrian
Hadrian's agentic pentesting platform empowers defense teams with continuous asset mapping, risk discovery, and remediation prioritization for hardene
LocateRisk
LocateRisk offers KPI-based IT risk analyses for increased efficiency and security. The company provides IT security analyses, IT vulnerability scans,
Nagomi Security
Nagomi Security is a threat exposure management company that accelerates the path from investigation to verified remediation, neutralizing exposure be
RiskIQ (Microsoft)
Microsoft provides powerful threat intelligence software for cyber threat protection and solutions to organizations. The company offers global threat
Shodan
Shodan is the world's first search engine for Internet-connected devices, providing internet intelligence to help users make better decisions. It offe
Breach & Attack Simulation (12)
AttackIQ
AttackIQ, Inc. provides proactive security validation and exposure management solutions to help organizations strengthen their cyber defenses against
Cymulate
Cymulate is a leading provider of Continuous Threat Exposure Management (CTEM) solutions, helping organizations validate exposures, prioritize risk, a
Horizon3.ai
Horizon3.ai continuously assesses, fixes, and verifies security posture for enterprises across multiple attack surfaces through its NodeZero platform.
CyCraft Technology
CyCraft leverages AI to address cybersecurity challenges in various industries. Our XCockpit Threat Exposure Management Platform integrates EDR, privi
Gecko Security
Gecko Security provides security analysis and vulnerability detection for software applications, using AI-powered technology to identify complex threa
GhostEye
GhostEye is a cybersecurity company that specializes in vulnerability management for the human layer. It uses AI agents to simulate real-world social
MindFort
MindFort offers autonomous security agents that continuously find and fix vulnerabilities across every surface. The company provides infrastructure fo
Novee
Novee delivers AI-powered penetration testing to help organizations identify and remediate vulnerabilities in their systems. The company specializes i
Picus Security
Picus Security specializes in breach and attack simulation (BAS) and continuous security validation to help organizations prioritize critical issues,
Prelude
Prelude provides continuous, agentless visibility into IT security posture, helping organizations stay efficient, compliant, and secure. The company o
Prelude Security
Prelude provides unparalleled visibility into an organization's IT security posture by aggregating and acting on security data at scale. The company o
SIEGE
SIEGE is an AI-enabled Adversarial Exposure Validation platform that emulates real-world APTs to validate cyber defenses. It uses a pre-trained Reinfo
Patch Management (5)
Action1
Action1 provides unified cross-platform patch management solutions for modern IT teams, securing Windows, macOS, and Linux endpoints from one cloud-na
Backline
Backline's trusted AI team automates vulnerability remediation, from consolidation and prioritization to generating production-ready safe fixes. Integ
HeroDevs
HeroDevs provides secure drop-in replacements for end-of-life open source software, helping engineering teams eliminate risk from unsupported dependen
NinjaOne
NinjaOne provides unified IT operations platforms for smarter endpoint management and autonomous patching, serving IT teams and MSPs worldwide with AI
Patch My PC
Patch My PC provides automated endpoint management and patching solutions for enterprises, simplifying IT with software that automates third-party pat
Application Vulnerability Testing (15)
ActiveState
ActiveState enables DevOps, InfoSec, and Development teams to improve their security posture while simultaneously increasing productivity and innovati
Acunetix
Acunetix is an end-to-end web security scanner that offers a 360 view of an organization's security. It provides automated scanning and vulnerability
Aikido Security
Aikido Security offers a unified security platform that detects and blocks threats across an organization's entire stack. This includes code, cloud, a
Apiiro
Apiiro is an application security posture management (ASPM) platform that helps enterprises prevent risks before code exists. It provides AI-powered t
Bright Security
Bright Security helps teams to find and fix security issues fast with automated DAST, API, and cloud testing built for modern DevSecOps. The company's
Detectify
Detectify is a cybersecurity company that provides web application security testing and vulnerability detection services to businesses. The company's
Equixly
Equixly is an offensive security platform powered by an Agentic AI Hacker that continuously attacks APIs and applications to uncover real, exploitable
Escape
Escape is an AI-powered offensive security platform that helps teams replace legacy scanners with continuous discovery, pentesting, and remediation. T
Fluid Attacks
Fluid Attacks integrates AI, automated tools, and pentesters to continuously help development teams build secure software without delays. The company
Heeler
Heeler is a remediation platform that helps modern software teams mitigate open source risk through deterministic analysis and preventative guardrails
ImmuniWeb
ImmuniWeb develops machine learning and AI technologies for SaaS-based application security solutions provided via its proprietary ImmuniWeb AI Platfo
Nullify
Nullify provides an AI-powered workforce that automates product security tasks, including vulnerability detection, triage, and remediation. The compan
Oligo Security
Oligo Security provides an application and AI runtime security platform that detects and prevents threats in real-time across cloud, code, and AI work
Spektion
Spektion identifies real exploitable vulnerabilities in your environment, reducing critical backlogs by 60-80%. It provides continuous runtime exposur
StackHawk
StackHawk enables AppSec teams to prioritize testing and fixing what matters with its shift-left runtime testing (DAST) and attack surface discovery f
Bug Bounty & Pentest Platform (8)
HackerOne
HackerOne combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities ac
Bugcrowd
Bugcrowd teams with elite security researchers to reduce risk & improve security ROI through our bug bounty, pen testing, & vulnerability disclosure p
Cobalt
Cobalt provides modern offensive security services and solutions to help organizations identify and mitigate vulnerabilities. The company offers a ran
Intigriti
Intigriti is a global crowdsourced security provider trusted by the world's leading organizations. It offers bug bounty, pentesting, and vulnerability
PlexTrac
PlexTrac automates penetration test reporting with AI and implements risk-based vulnerability management across consolidated security data, serving th
Sprocket Security
Sprocket combines human expertise with automated solutions to provide a more scalable and reliable penetration testing solution, monitoring risk and r
Strike
Strike is an AI-led offensive security platform that delivers continuous attack simulation and human-expert validation to help organizations protect t
Synack
Synack is an American technology company that provides a software-as-a-service platform for penetration testing, connecting customers with freelance s
Specialized Vulnerability & Risk (47)
Appknox
Appknox provides AI-powered enterprise-grade mobile application security solutions for enterprises. The company offers vulnerability assessment, penet
Beazley Security
Beazley Security helps eliminate blind spots, maximize insurability, and boost cyber resilience through effective services and powerful XDR monitoring
BleepingComputer
BleepingComputer is a premier destination for cybersecurity news and support, delivering breaking stories on the latest hacks, malware threats, and ho
CYE
CYE's continuous cyber exposure management solution enables organizations to quantify and mitigate their cyber risk by combining three factors: the mo
Claroty
Claroty protects cyber-physical systems by providing comprehensive protection for industrial networks and devices, reducing risks to businesses, and i
Coalition
Coalition combines comprehensive cyber insurance coverage and security services to help businesses prevent digital risk before it strikes. The company
Concentric AI
Concentric AI is an advanced Data Security Governance Platform that automates data discovery, classification, risk monitoring, and remediation for sen
Corellium
Corellium provides virtual iOS and Android devices for security testing, research, and DevSecOps. The company offers solutions for mobile app pentesti
Cyber Cube
Cyber Cube provides AI-driven cybersecurity solutions to predict, detect, and eliminate digital threats by turning noise into tailored intelligence th
EchoHQ
echo is on a mission to make cloud-native infrastructure secure by design. They leverage AI to rebuild open source images with only the necessary comp
Exim
Exim is a message transfer agent (MTA) originally developed at the University of Cambridge for use on Unix systems connected to the Internet. It provi
Filigran
Filigran offers an open-source eXtended Threat Management platform that unifies threat intelligence, security validation, and remediation to help orga
Flare
Flare equips your team to shut down cybercrime by detecting, prioritizing, and remediating external threats with automated Threat Exposure Management.
Glassnode
Glassnode provides on-chain market intelligence and analytics for digital assets and blockchain networks. The platform offers comprehensive data on ne
Gray Swan AI
Gray Swan provides enterprise-grade security solutions for Large Language Models (LLMs), developed by the pioneers of AI vulnerability research. The c
Intel 471
Intel 471 provides cyber threat intelligence solutions to help organizations anticipate and counter emerging threats. The company offers advanced secu
Kai Cyber
Kai Cyber Inc. is an agentic AI platform that executes security work at machine speed, providing end-to-end autonomous risk reduction across threat in
Knocknoc
Knocknoc removes the attack surface of your assets by orchestrating network level access controls and linking them to your identity platform. It's a s
Maze
Maze is a new type of security platform - built from scratch to use modern AI to make decisions, instead of pre-defined logic. It leverages Agentic AI
Mint Security
Mint Security helps organizations protect against the three-dimensional attack surface created by artificial intelligence. The company provides a solu
MirrorTab
MirrorTab protects customer and partner sessions by eliminating the browser as an attack surface-blocking malware, bots, and fraud without user disrup
MokN
MokN deploys defensive phishing pages with valid certificates, ultra-realistic behavior, and domains crafted to blend into the attack surface, enablin
Nexus
Nexus provides an AI-powered security operations platform that unifies threat detection, investigation, and response workflows across hybrid cloud env
Nile Secure
Nile automates traditional network operations with AI and delivers industry's first performance guarantee for enterprise networks. It specializes in I
ONEKEY
ONEKEY provides an all-in-one platform for product cybersecurity and compliance, offering automated SBOM management, vulnerability analysis, and compl
Offensive Security
Offensive Security is an American company specializing in information security, penetration testing, and digital forensics. They provide advanced secu
Opsin Security
Opsin Security helps enterprises securely deploy and govern AI applications, identifying data exposure risks and providing continuous monitoring to ke
Osto
Osto is a one-stop cybersecurity platform for startups, providing comprehensive security solutions and threat intelligence to protect against cyber th
Ray Security
Ray Security is a predictive data security platform that reduces data risk by over 90% through its proprietary engine and dynamic protection implement
Red Hat StackRox
Red Hat Advanced Cluster Security for Kubernetes is a Kubernetes-native security platform that equips organizations to build, deploy, and run cloud-na
ReversingLabs
ReversingLabs provides software supply chain security and threat intelligence solutions to identify malicious components and ensure the trustworthines
Riot Security
Riot is a cybersecurity awareness and human risk management platform that uses AI-powered chatbot-based training to engage employees in interactive se
Root
Root delivers security that fixes itself-autonomously patching vulnerabilities across your containers and dependencies without rebuilds or workflow ch
SECPAAS
SECPAAS provides security platform as a service, offering various security solutions and services to protect against cyber threats. The company specia
Scrut Automation
Scrut Automation helps businesses build risk-aligned security programs that scale with them, providing AI-powered solutions for compliance and risk ma
Seceon
Seceon is a cybersecurity company that provides threat detection and incident response solutions. The company's core business revolves around developi
SecureFlag
SecureFlag provides hands-on secure coding training for Developers, DevOps, Cloud and QA Engineers to write secure software from the first keystroke.
SpiderFoot
Intel 471 provides advanced cyber threat intelligence solutions to help organizations anticipate and counter emerging threats. The company offers a ra
Sysdig
Sysdig delivers real-time security with zero compromise, providing cloud security solutions that prioritize critical risks, detect threats instantly,
Thinkst
Thinkst provides security solutions and services to various organizations. Their core business involves developing and implementing secure systems and
TryHackMe
TryHackMe provides interactive online training and labs for cybersecurity professionals to practice and learn various skills. The company offers hands
Valence Security
Valence Security helps organizations take control of SaaS and AI sprawl across applications, identities, and AI agents while confidently remediating r
Whistic
Whistic is a third-party risk management software company that automates vendor assessments and shares security posture to build customer trust. It of
Yottasecure
YottaSecure provides an Autonomous Vulnerability Intelligence Platform which is an AI Engine for Proactive Vulnerability Defense for systems handling
Zluri
Zluri helps enterprise security and IT teams govern identities, automate access reviews, and enforce least privilege. The company provides next-genera
depthfirst
depthfirst is an AI-native platform that understands your code, business logic, and infrastructure to find more vulnerabilities, slash false positives
digiDations
digiDations delivers enterprise-grade security validation by thinking like an attacker-continuously testing your defenses, refining detection logic, a