Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

What is Vulnerability Assessment?

Stop Searching and Start Patching. Everything You Need for Vulnerability Assessment Begins Right Here

Vulnerability assessment is a process that identifies and evaluates network vulnerabilities by constantly scanning and monitoring your organization's entire attack surface for risks. It is the first step in defending your network against vulnerabilities that may threaten your organization.

Unfortunately, almost 60% of cybersecurity professionals say they don’t have a set schedule to scan for vulnerabilities and many don’t scan for publicly disclosed vulnerabilities at all. Don’t become one of these statistics. Tenable can help you adopt best practices for vulnerability assessment, including recommendations about how to make your program stronger.

Understanding Vulnerability Assessment
Here are a few highlights of what you’ll find:
How to Run Your First Vulnerability Scan

Create your first Nessus vulnerability scan with five simple steps and explore other blogs about vulnerability assessment.

Learn More
Master the Fundamentals of Vulnerability Assessment

Discover and assess vulnerabilities and misconfigurations by identifying critical flaws in your attack surface.

Learn More
Vulnerability Assessment FAQ

Explore some frequently asked questions about vulnerability assessment.

Learn More
Vulnerability Assessment Solutions

Learn how Nessus gives you a unified view of all of the exposures and vulnerabilities across your assets.

Learn More
Tenable Vulnerability Assessment Community

Tenable Community is the #1 place to talk about vulnerability assessment, ask questions, and share tips.

Learn More

Monitor and Protect Your Entire Attack Surface With Continuous Vulnerability Assessment

Vulnerability assessment gives you comprehensive insight into the cyber exposure of all your assets, including vulnerabilities, misconfigurations and other security health indicators. With Nessus, you can be confident that your vulnerabilities and misconfigurations are remediated as you expect them to be. You can also automatically send related information directly to your Security Information and Event Management (SIEM) system to help you make more informed decisions about how to respond to weaknesses discovered within your network.

Learn More

Gartner's Market Guide for Vulnerability Assessment

Need help evaluating a vulnerability assessment vendor so you can improve your overall security program?

Gartner’s Market Guide for Vulnerability Assessment is a great place to start. In this guide, you’ll learn about common use cases and challenges for vulnerability assessment solutions, recommendations for requirements, tips on choosing a vendor, and how to map vendor capabilities to address the challenges your enterprise security team faces.

Read More

Quantifying the Attacker’s First-Mover Advantage

Who has the first-mover advantage — cyber criminals or security teams? What’s the time difference between the moment an exploit is publicly available and the first time your security team assesses your system? Do you know why this matters to your organization?

In this report, Tenable Research shares what it discovered after analyzing about 200,000 vulnerability assessment scans over more than three months. The team took a close look at the 50 most prevalent critical and high-severity vulnerabilities discovered. From the review, researchers determined the median delta between “time to exploit availability” and when the threat is actually assessed.

From continuous vulnerability assessment to ways you can proactively address risks, the report also provides insight into what you can do to thwart attackers’ first-move advantages so you can close the gap for your organization.

Read More

Here are a couple other key points:

  • On average, attackers have more than a seven-day advantage over your security team
  • For about 34% of the vulnerabilities studied, an exploit was available the same day as the vulnerability disclosure
The Economics of Vulnerabilities and Exploit Supply Chains


The Economics of Vulnerabilities
and Exploit Supply Chains

It Can Be a Lucrative Market for Attackers

Taking advantage of vulnerabilities and successfully turning them into exploits can be a lucrative business for attackers. Different types of exploits earn them varying pay-offs. In some cases, a single successful exploit can net millions.

In cybercrime money-laundering alone, the totals can easily hit $200 billion, which significantly overshadows the worldwide cybersecurity spend – how you’re protecting your organization – at $136 billion.

The exploit supply chain is sophisticated and challenging to detect, and so are related market segments. Exploit white and black markets intersect for both criminal buyers and legitimate ones, where the gray market is primarily driven by covert nation-state actors targeting data for intelligence.

Attackers appear to have more resources to target your network than you do to protect it, and when your security team is constantly playing catch-up, it’s challenging to close the gap between your risks and their bad intentions.

If you’re a CISO, security practitioner, or security manager, you’ll want to get this report now to take a closer look at the market dynamics that fuel the vulnerability and exploit supply chain, and learn more about what you can do to keep your network safe.

Read More

How Mature Are Your Cyber Defender Strategies?

Understanding What Your Vulnerability Assessment Strategies Reveal

When it comes to vulnerability assessment, Tenable Research discovered four distinct assessment types. From the most mature style to the least, they are Diligent, Investigative, Surveying and Minimalist. Here’s an overview of each:



This is the highest level of vulnerability assessment maturity. Only about 5% of all organizations are Diligent. Transportation, hospitality, electronics, banking and telecommunication industries make up the majority.



This is a medium-to-high level of maturity. Most enterprises, about 43%, are Investigative. Entertainment, utilities, education and healthcare comprise most of the Investigative style category.



This is a low-to-medium level of maturity, representing about 19% of organizations. Overall, the utilities industry has the largest representation of Surveying styles.



This is the lowest maturity level and represents about 33 percent of enterprises, with a fairly even representation of industries across the style profile.

You can get insight into your own vulnerability assessment style by evaluating five related Key Performance Indicators (KPIs): scan frequency, scan intensity, authentication coverage, asset coverage and vulnerability coverage.

In this report, you can also get more information about characteristics related to each vulnerability assessment style, ways to understand how your style compares to peers within your industry, and recommendations to enhance the maturity of your vulnerability assessment style.

Download the Report

Assess the Power of Community

All of Your Vulnerability Assessment Needs and Tenable Knowledge in One Place

Do you have questions about vulnerability assessment? Are you looking for other vulnerability assessment professionals for some advice? Have a great idea you want to share with others working in vulnerability assessment? The Tenable Community is a great place to ask questions and share tips, including vulnerability assessment-related tools and best practices.

Join Our Community

Here are some sample conversations happening now:

How do I generate a report from already scanned systems?

I performed a vulnerability assessment on 100 of our systems last week in one scan. Now I want to get a report of 3/4 IP address from 100 systems. How do I do this?

See the Answer

How does Nessus handle backported patches?

Nessus relies on backport.inc to prevent false positives. backport.inc contains mappings of known service banners to service banners that have arbitrarily high version numbers.

See More of This Answer

How are PCI quarterly external and internal PCI network scans different?

While the PCI quarterly external policy is valid for official attestation, both policies can be used any time for scanning.

See More of This Answer

Frequently Asked Vulnerability Assessment Questions

What is a security vulnerability?
A security vulnerability is a weakness, bug, or programming mistake in hardware or software that attackers can exploit to compromise your network and gain unauthorized access to your data and systems.
What is vulnerability assessment?
A vulnerability assessment is a way you can discover, analyze and fix weaknesses within your attack surface to lessen the chance that attackers can exploit your network and gain unauthorized access to your systems and devices.
What does my organization’s attack surface look like?
Your organization's attack surface is made up of IT assets on your network. These assets have multiple points of exposure and can be at risk for exploitation. Historically, your attack surface was primarily traditional IT assets like servers and networks, but your modern IT attack surface now also includes mobile devices such as smartphones, desktops and laptops, and also virtual machines, cloud infrastructure, web apps, containers and IoT devices.
What is penetration testing?
Penetration testing is a way to detect weaknesses in your attack surface. The goal of your vulnerability assessment program is to find these weaknesses and fix them before attackers can exploit them. Penetration testing, also referred to as pen tests or pen testing, can help you find these weaknesses across your network. Pen testing is a stand-alone activity, not an ongoing process, and a third-party is often responsible for conducting these tests. Your organization should pen test often, for example, at least quarterly. Penetration testing gives you insight into how effective your vulnerability assessment and vulnerability management programs are.
What are the phases of penetration testing?
In most cases, penetration testing is generally completed with five stages including the initial engagement where you determine who will do your testing – complete with goals and expectations – the scope of the test, conducting the test, reporting on test findings, and a follow-up to review how you’re addressing remediation with re-testing as needed.
What’s the difference between vulnerability assessment and penetration testing?
Penetration testing gives you insight into weaknesses within your attack surface from a specific point in time. These tests help you better understand how well your vulnerability assessment and vulnerability management programs work. Pen tests can also help you define areas of improvement so you can set goals to strengthen your vulnerability assessment processes. Unlike pen testing, your vulnerability assessment and vulnerability management processes should be continuous to give you a more comprehensive look into your organization’s overall cyber exposure.
Are there different approaches to penetration testing?
Yes. There are two primary approaches you can adopt for pen tests. One is whitebox testing, which is more targeted than the alternative, blackbox testing. Generally, in whitebox testing your tester already knows information about your target, but in blackbox testing you do not share additional target information with the tester. In blackbox testing, the tester uses network sweeps without credentials, whereas whitebox testing is generally within a credentialed environment. You can use Nessus Professional for both types of pen testing.
What is a vulnerability scanner and what does it do?
A vulnerability scanner helps you discover misconfigurations, vulnerabilities, and other security issues within your IT infrastructure, including networks, servers, operating systems and applications. Passive network monitors can scan your environment in a safe and non-intrusive way to eliminate blind spots in your attack surface so you can discover vulnerabilities and prioritize remediation.
Why do I need to do vulnerability assessments?
Vulnerability assessments are an important part of your comprehensive cybersecurity program. These assessments give you insight into your cyber exposure so you can see where you may have holes or weaknesses within your IT attack surface (i.e. assets that connect with your network) and then plan for remediation. A vulnerability assessment helps you understand the actual risk your organization faces so you have a clear understanding of the vulnerabilities within your environment.

Vulnerability Assessment Styles: Which One Aligns with Your Team?

Do you know your vulnerability assessment maturity style? In this on-demand webinar, Tenable Research explores four distinct styles and their related characteristics. Are you Diligent, Investigative, Surveying or Minimalistic? Ready to find out? Here’s a quick look into what you’ll learn:

  • Core characteristics of each vulnerability assessment maturity style
  • How these styles are distributed across industries
  • What you can do to move from where you are today to a more mature vulnerability assessment style

Watch the Webinar

Back to Top

Vulnerability Assessment Solutions

Continuous vulnerability assessment is an important component of your overall vulnerability management program. Vulnerability assessment gives you insight into where you have cyber exposure within your attack surface, the volume and types of vulnerabilities that may be exploited, and the potential risk these vulnerabilities could pose to your organization. Vulnerability assessment helps you uncover these risks for prioritization.

Today, your modern attack surface consists of a variety of assets, including traditional IT, transitory, mobile, dynamic and operational technology. Without complete visibility into your attack surface, assessing vulnerabilities and misconfigurations across all of these devices is challenging; however, a single vulnerability assessment platform like Nessus can give you a unified view of all of your exposures and vulnerabilities.

Here’s a closer look at the benefits of vulnerability assessment and why it’s an important process for your organization to adopt as part of your comprehensive cybersecurity program.

Vulnerability Assessment Benefits

  1. Cyber Exposure Awareness

    Vulnerability assessment can help your team identify vulnerabilities, misconfigurations and other weaknesses across your entire attack surface.

  2. Configurations and Audit Patching

    Vulnerability assessment helps ensure you can remediate vulnerabilities and misconfigurations as outlined by your organizational goals.

  3. Incident Management Information

    With vulnerability assessment, you can automatically send vulnerability and misconfiguration information to your SIEM to enrich event data, help prioritize events for investigation and inform team responses.

  4. Process Effectiveness

    Vulnerability assessment gives you insight into your current cybersecurity processes so you can evaluate how effective they are and what you can do to improve your overall program.

Nessus: The Gold Standard for Vulnerability Assessment

Assets and vulnerabilities on your network constantly change. Get a full picture and protect your entire attack surface with Nessus Professional.

Try Nessus Professional free for 7 days

Vulnerability Assessment Blog Bytes

How Vulnerability Scanning Is Used for Penetration Testing

How Vulnerability Scanning Is Used for Penetration Testing

Penetration testing is a key component of your vulnerability assessment program, enabling you to delve into your attack surface to find weaknesses and fix them before attackers harm your organization.

Read More

Security Teams and Vulnerability Response

Three Vulnerability Intelligence Insights Worth Your Attention

If you're part of a cybersecurity team, you know there is a never-ending list of vulnerabilities that routinely come across your desk. Traditionally, that’s meant you dig into news headlines, forums and other information exchanges to see which vulnerability is getting the most attention so you can focus your efforts.

Read More

How to Run Your First Vulnerability Scan with Nessus

How to Run Your First Vulnerability Scan with Nessus

Conducting a vulnerability assessment has never been easier thanks to Nessus. Nessus vulnerability assessment gives you full visibility into your network so you can find vulnerabilities and make a plan to fix them. You can complete a Nessus vulnerability assessment with a few simple steps.

Read More

Vulnerability Assessment On Demand

Master the Fundamentals of Vulnerability Assessment

Master the Fundamentals of Vulnerability Assessment

Do you know how to secure your organization by effectively identifying and assessing misconfigurations and vulnerabilities that may put you at risk? In this webinar you’ll learn:

  • How to find critical flaws in your attack surface
  • How to balance frequency, scan depth and internal vs external factors focus to achieve optimal results
  • How Tenable improves your vulnerability assessment processes, helps uncover misconfiguration issues and enables you to better understand other indicators of security health
7 Reasons Security Consultants Trust Their Business to Nessus

7 Reasons Security Consultants Trust Their Business to Nessus

One million users around the world trust Nessus Professional. In this webinar, you can explore:

  • Why Nessus is the most widely deployed assessment solution for identifying vulnerabilities
  • How Nessus can help protect your organization from cyber risk
  • Why security consultants trust Tenable and Nessus
Overcoming the Challenges of Credentialed Scanning

Overcoming the Challenges of Credentialed Scanning

Are you taking full advantage of credentialed scanning? Do you use automation for more efficient processes? In this on-demand webinar, you can learn more about how Tenable can help you:

  • Get more insight about things you don’t know about your attack surface so you can have a better view of your cyber exposure
  • Get the most out of credentialed scanning
  • Automate your processes for more efficiency

Take the Guesswork Out of Vulnerability Assessment

Nessus automates point-in-time assessments to help you quickly identify and fix vulnerabilities, including software flaws, missing patches, malware and misconfigurations across a variety of operating systems, devices and applications.

Comprehensive Assessment


Nessus is trusted by more than 30,000 organizations globally with 2 million downloads. Half of the Fortune 500 rely on Nessus.

Predictive Prioritization


Nessus has the industry’s lowest false positive rate with six-sigma accuracy (measured at .32 defects per 1 million scans).

Dynamic Asset Tracking

Comprehensive Coverage

Nessus has the deepest and broadest coverage with more than 163,000 plugins, coverage for more than 66K CVEs, and more than 100 new plugins released weekly within 24 hours of vulnerability disclosure.

Passive Network Monitoring

Real-Time Assessments

With more than 140,000 plugins automatically updating in real-time, Nessus gives you the most timely information about the latest vulnerabilities and malware so you can decrease your assessment and research time and get to remediation faster.

Automated Cloud Visibility

Insight and Visibility

Nessus provides insight into potential malware running on hosts throughout your environment with seamless integration with multiple commercial threat intelligence feeds. You get full visibility into your vulnerabilities with every assessment.

Pre-built Integrations and Flexible API


Built for security practitioners, by security practitioners, Nessus was created with a single focus—to provide you with an intuitive experience so you can find and fix vulnerabilities, faster and with more confidence.

Nessus: Take the Guesswork Out of Vulnerability Assessment

The industry standard for vulnerability assessment. Try it now for free.

Try Nessus Professional Free for 7 Days

Back to Top

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.