Our internal researchers procure vulnerability information for Windows Operating systems and other Microsoft products from Microsoft's official security guidance page, and for different Linux distros from the official security advisories of the respective vendors. For third-party products, we obtain the vulnerability data from NIST and CVE details, and the respective vendors' official security advisory pages.
Our internal researchers procure information regarding security misconfigurations from recommendations in STIG and CIS, and also from respective vendor websites.
All the CIS benchmarks that are used for Vulnerability Manager Plus' audits are arrived at from the official CIS website.
The Professional edition offers a variety of features which includes vulnerability scanning and assessment, detection of system misconfigurations, security misconfigurations, high-risk software and web server misconfigurations. The Enterprise edition offers all the features of the Professional edition and in addition to that, it offers remediation for all the security flaws from the console. Refer our detailed edition comparison to learn about the different editions in detail.
ManageEngine Vulnerability Manager Plus brings together all the capabilities of vulnerability management under one package- right from assessment of vulnerabilities to patching them, from managing security configurations of network endpoints to hardening internet facing web servers- from a centralized console.
Whereas, ManageEngine Patch Manager Plus is an exclusive tool for automating, customizing and streamlining the entire patching process. Best suited for IT administrators who are looking out for a stand-alone patch management solution. To learn in detail about the feature-wise comparison between the two products, refer this document.
Any of the Windows computers in your network with the requirements mentioned here can be hosted as your Central server.
Vulnerability Manager Plus offers different pricing plan for workstations and servers, and the pricing is also different for Professional and Enterprise edition. For more details on the pricing, refer to our online store.
Currently, if the operating systems meet any of the following criteria, we consider them as server machines:
We recommend purchasing server licenses for any Linux machine when deploying them as servers within the organization.
Navigate to Agent --> Computers in the console interface. Create a filter for Operating System with tags "server" and "Oracle". The Red Hat Enterprise Linux OS server machines cannot be identified using the web console as its subscription has to be checked.
The free edition allows management of any number of servers, as long as the total number of endpoints does not exceed 25.
You can track the status of high-risk software uninstallation from Deployments> Software uninstallation.
You can track the status of deployed security configurations from Deployments> Security configurations and re-deploy the failed deployments from here.
Under software vulnerabilities, patches are displayed as a resolution to fix a known threat or vulnerability.
Common Vulnerability Scoring System (CVSS v3.0) is used to assess the severity of vulnerabilities based upon the ease of exploit and the approximated potential of impact. Scores range between 1 and 10 with 10 being most severe. Additionally patches can be looked up using their CVE ID
The product currently supports security configuration management only for systems running on Windows OS
We detect web and database server vulnerabilities by scanning listening ports and identifying the application and its version. Vulnerabilities are identified by comparing the detected version to the vulnerability database.For further clarification on vulnerability applicability, please contact the vendor.
NOTE: Web/database servers will be detected only when they are actively running.For Vulnerability Manager Plus and other Zoho products, we use CVE analysis data from our internal security experts to exclude non-applicable vulnerabilities and display only applicable ones. In the initial days after a CVE is released, vulnerabilities may be detected, but if our analysis determines they are not applicable, they will be removed in subsequent scans after a database sync.
Static group exclusion happens immediately, whereas for Dynamic groups, it reflects after the next scan.