McAfee Vulnerability Manager

McAfee Vulnerability Manager provides fast, precise, and complete insights into vulnerabilities on all of your networked assets. Easy-to-implement Vulnerability Manager readily scales to suit networks from hundreds to millions of nodes. Nonstop global research helps you stay ahead of evolving threats and new vulnerabilities. Our single, actionable, correlated view of your weaknesses and our patented FoundScore risk formula helps you direct remediation efforts where they are needed most.

Vulnerability Manager gives you:

Priority-based auditing and remediation — Combines vulnerability, severity, and asset criticality information to quickly identify, rank, and address violations and vulnerabilities on networked systems and devices.

Proof of “not vulnerable” — A major requirement of auditors is to prove that you’re not vulnerable to threats, which is a significant attribute of McAfee Vulnerability Manager.

New threat identification and correlation — Automatically ranks the risk potential of new threats by correlating events to your asset and vulnerability data.

Policy auditing and compliance assessments — Defines values of policy checks and determines whether your organization complies with major regulations. Through an easy-to-use wizard it gives you templates for SOX, FISMA, HIPAA, PCI, and more.

Flexible reporting — Categorizes data by asset or network, and uses powerful filters to select and organize results in your reports. You can even create reports while scans are running.

Broad and deep content coverage — Performs authenticated and unauthenticated checks, automatically updated 24/7 by McAfee Labs, the world’s top threat research center. This helps you delve deep into operating systems and network devices to find vulnerabilities and policy violations.

Features and Benefits

Drill deep into web applications

Conduct deep scans of web applications that allow you to know where to focus your coding efforts before hackers can exploit your business-critical data. The scans include required checks for PCI, as well as coverage of the 2010 OWASP Top 10 and CWE-25 categories.

Start scanning within minutes

Choose an all-in-one or custom install on your physical or virtual hardware or our hardened appliances; use existing LDAP, Active Directory, or McAfee ePolicy Orchestrator (ePO) asset management systems, or let the first scan discover your assets.

Use comprehensive and customizable content for checks and reports

Save hours with SCAP support and predefined, up-to-date policy templates. Our extensive checks validate alignment to federal and regulatory requirements and write custom scripts and checks to test proprietary and legacy systems.

Meet demanding federal and industry requirements

Certify to EAL Common Criteria and validate to FIPS-140-2 encryption. McAfee Vulnerability Manager includes templates for the most popular compliance templates and standards.

Gain unmatched vulnerability coverage, scanning accuracy, and malware protection

Go beyond ports and configurations to inspect systems, databases, and applications on all networked assets — from smartphones to secure servers.

Increase flexibility and performance

Tailor your deployment, scans, reporting, and management consoles, regardless of whether you centralize or segregate your operations, with the speed required for even multimillion node networks.

Prove “not vulnerable” to threats

Generate conclusive evidence — such as expected and actual scan results, any systems not scanned, and any failed scans — to document that specific systems are “not vulnerable,” an increasingly common audit requirement.

Respond to threats via McAfee Global Threat Intelligence

Leverage millions of sensors around the world that direct hundreds of McAfee Labs researchers to the latest changes in the threat landscape, fueling real-time risk assessments and threat advisories.