Alex - stock.adobe.com
Top vulnerability scanning tools for security teams
Use these vulnerability scanning tools to find weaknesses and potential exploits in web applications, IT and cloud infrastructure, IoT devices and more.
With the right vulnerability scanning tools, organizations can identify potential weaknesses in their environments.
The technology has changed significantly since debuting more than 30 years ago with two basic types of vulnerability scanners. One scanned the internal network for hosts, identified open network ports and "fingerprinted" each host by analyzing its network behavior to pinpoint its OS and version. The other type of vulnerability scanning tool ran on individual hosts, often with local administrator credentials, for a more comprehensive picture of the software each host ran and the known vulnerabilities in that software.
Just as vulnerability scanners have expanded and evolved, so has the industry's understanding of what constitutes a vulnerability and what tools are needed. Here are some examples of enterprise vulnerability scanning tools currently available.
Burp Suite
Burp Suite, available from PortSwigger, focuses on website and web application vulnerability scanning. It supports both static and dynamic testing techniques to identify potential vulnerabilities. Rather than just targeting hosts, Burp Suite is designed to also run frequently or continuously, scanning an organization's websites and web applications.
Burp Suite Community Edition is a free download. Burp Suite Professional is priced at $499/user/year. DAST, formerly Enterprise Edition, starts at $6,000/year. Burp Suite Professional users can receive free credits for using Burp AI features, which use AI technologies to improve the efficiency and accuracy of Burp Suite Professional.
Intruder
Intruder is a cloud-based vulnerability scanner but does more than solely scan cloud-based resources. It also scans networks, servers, endpoints, cloud infrastructures and websites, regardless of location. Like many other scanners, Intruder can find unpatched software, security configuration errors and other weaknesses.
Intruder offers Essential, Cloud, Pro and Enterprise levels. Cloud, Pro and Enterprise include an AI technology called GregAI that assists analysts in reviewing scan results and prioritizing vulnerability mitigations.
Prices are based on the frequency of scheduled scans, the number of cloud accounts and internal targets scanned, and the sophistication of scan techniques. Essential costs $119/month, Cloud $239/month and Pro $399/month. Contact Intruder for Enterprise pricing.
Nessus
Nessus was created in 1998 by Renaud Deraison, who later founded Tenable, the cybersecurity company that still maintains Nessus. The company offers the basic Nessus Essentials version for free, and the Nessus Essentials Plus supports scanning up to 20 IP addresses and includes basic reporting capabilities. Tenable also offers Nessus Professional and Nessus Expert, which can find known-vulnerable software versions and weak or incorrect security configuration settings on many platforms, including cloud architectures and IoT devices. With nearly 300,000 plugins available, Nessus is highly adaptable.
Nessus Essentials Plus costs $199 per year. Nessus Professional and Expert are available as licenses starting at $4,790 and $6,790 per year, respectively, plus $400 for advanced support subscriptions.
OpenVAS
Open Vulnerability Assessment Scanner is an open source vulnerability scanner maintained by vulnerability management company Greenbone and a community of researchers and developers. OpenVAS launched in 2006 based on open source Nessus code, so the tool offers some of the same scanning and customization capabilities as Nessus products.
OpenVAS is available as a free download. Greenbone also sells OpenVAS Basic as a hardware appliance and a virtual instance with added capabilities beyond the free version, as well as OpenVAS Enterprise feed, which offers extended coverage. Contact Greenbone for pricing.
Snyk
Snyk offers multiple types of vulnerability scanners for software development and supply chain threats, including the following:
- Snyk Open Source looks for software dependencies that have known vulnerabilities.
- Snyk Code finds vulnerabilities in source code during development.
- Snyk API & Web (DAST) checks web applications and application programming interfaces for vulnerabilities.
Snyk Code and Snyk API & Web (DAST) both use AI technologies to improve the accuracy of their vulnerability detection.
Snyk offers free and paid products; prices vary based on organizational or developer needs.
Choosing the right vulnerability scanners for the business
While each tool is unique, there are some capability overlaps. Overlap is fine -- even preferable -- because two tools are more likely to find vulnerabilities. Each scanner, however, has an associated business cost -- for reviewing results, weeding out false positives, training users and licensing fees -- so teams should be careful not to acquire vulnerability scanners that do precisely the same things.
Security teams should be more concerned with vulnerability scanners that have gaps that leave hosts, networks or applications unchecked for certain vulnerabilities. There is an ideal middle ground for collectively providing all the scanning capabilities the company needs without excessive duplication.
Karen Kent is the co-founder of Trusted Cyber Annex. She provides cybersecurity research and publication services to organizations and was formerly a senior computer scientist for NIST.
Editor's note: The tools profiled in this article were selected based on market research. Each has a sizable customer base, is under active development and has numerous publicly available user reviews from verified purchasers. This list is organized alphabetically. Pricing and product details were current as of article publication. Information is subject to change at any time.
