In this paper, we compare vulnerability management tools in two stages. In the first stage, we perform a global comparison involving thirty tools available in the market. A framework composed of several criteria based on scope and analysis is used for this comparison. From this global view of the tools, we detected that only three tools perform correlated analysis. Correlated analysis can be done in two ways: (i) correlation of scanning results with the output from other security devices such as firewall and intrusion detection systems, or (ii) correlation between vulnerabilities composing attack scenarios. Although both correlations add value to vulnerability management, the latter is especially important to unveil stepping stones which could be exploited by attackers. The comparison shows that two out of three tools perform correlation of the second type but scalability and the amount of manual input required seems to be their biggest problems.
|Name||CTIT Technical Report Series|
|Publisher||Centre for Telematics and Information Technology, University of Twente|