Vulnerability Risk Management

Unified VRM® Modules

NopSec Unified VRM® provides up to a 40% time savings for security teams by eliminating the manual tasks involved with vulnerability risk management.


Find the Next Big Threat Before it Finds You.


Unified VRM® provides easy, comprehensive reporting throughout the vulnerability management process. We provide a unified platform with deep visibility and flexible options for reporting by groups, remediation progress, incident ownership, and aging.

Unified VRM® Web Application

time icon.png

Our Web Application Scanning module identifies vulnerabilties in your internet-facing applications. Using a web application scanner already? Our Web Application Module supports integration with many common scanners, such as W3af, Burp, Skipfish, HP WebInspect and IBM AppScan. If you don’t have a Web Application Scanner, you can leverage NopSec’s perimeter scanner and start seeing results in just a few hours.

Unified VRM® Network

arrow icon.png

The External Network Module helps you assess and manage vulnerabilities for internet-facing and perimeter networks. Using the same supported scanners as the Internal Network Module, our External Network Module combines flexible scanner data input with analytics and remediation to accelerate your vulnerability management program.

Unified VRM® Security Configuration

intelligent human icon.png

Evaluate hosts’ operating system security hardening configurations based on industry-based configuration checklists or based on compliance with standards and regulations, including NIST, HIPAA, PCI, and more. This is accomplished natively using a vulnerability scanner or via the SCAP-based XCCDF standard.

Find, Focus, Fix

Let NopSec VRM’s Predictive Threat Engine, zero-friction remediation, and Expert Engine correlate your IT environment within a unified platform.


The NopSec VRM Expert Engine correlates your IT environment against the global threatscape to find the vulnerabilities with the most risk.


Apply the deep analytics and machine learning models in NopSec’s Predictive Threat Engine to learn the true probability of exploitation so you can focus on the most critical threats.


Enable zero-friction remediation with our built-in ticketing system, or through integration with one you already use. NopSec Unified VRM allows your teams to communicate throughout the remediation process, view and report on progress, and close incidents quickly.

Unified Platform

NopSec Unified VRM provides easy, comprehensive reporting throughout the vulnerability management process. Our solution provides a unified platform with deep visibility and flexible options for reporting by groups, remediation progress, incident ownership and aging.

Unified VRM® Dashboards

Your inbox is full of must-read emails and reports from the different engineering and security teams. But who has time to read and retain everything important? Unified VRM dashboards are designed to provide you with an at-a-glance update for the most important metrics related to your vulnerability management and remediation program, providing you the opportunity to recognize a trend, notice patterns, and drill into the data as needed. Unified VRM dashboards focus on the three key areas essential to any vulnerability management program: Risk Posture, Vulnerabilities, and Ticketing.

Risk Posture Bar Chart

The Top 10 Vulnerable Platforms and Applications chart shows assets in your infrastructure that contain the highest number of vulnerabilities and is useful to determine areas of focus in your remediation program. Dashboards are organized to deliver a high level overview of your environment to enable you to holistically manage your vulnerability management processes.

Malware Prone Vendors and Social Media

Display relationships between known exploits in the wild and your environment to anticipate likely breach attempts. Social media chatter about the vulnerabilities and cyber threats that are trending is another dimension of situational awareness to consider and just one of the many unique factors NopSec Unified VRM evaluates in threat prediction and business risk scoring.

Vulnerability Progress Trend

NopSec Unified VRM delivers a built-in metrics system designed to track vulnerability trends over time, allowing you to quickly spot the most critical threats. Using this dashboard, you can identify any unexpected spikes or drops in trends across your organization which is essential to determining the overall state of your vulnerability risk management program. Vulnerability trends can be displayed over time, by month and by quarter.

Ticket Trends

Vulnerability risk management programs are ultimately assessed on results.It allows you to inspect the trends and direction of the open and closed tickets over time, both from a monthly and quarterly roll up. As scanning occurs more frequently, the rate of open tickets and closed tickets change as new vulnerabilities are discovered and tickets are opened, and the system will automatically close tickets as they are verified in the scan process.


Your scan is complete, NopSec Unified VRM has assembled a list of prioritized threats, complete with dashboards and reports to track progress as patches are applied and changes are made. But the inevitable occurs – the phone rings and the server team has a question about the risk associated with a given vulnerability. Why waste time with a static report? Leveraging NopSec Unified VRM Analytics, you can quickly answer questions on the fly and provide the level detail needed by both an administrator as well as a program owner without disrupting the remediation process.

Click Through Analytics Workflow from Dashboard

The NopSec VRM Expert Engine correlates your IT environment against the global threatscape to find the vulnerabilities with the most risk.

Simplified Reporting

In just a few minutes, you have managed to narrow your data set to focus on the Top 10 Most Exploitable Vulnerabilities in your environment. Save that search and generate a report on the fly, in HTML or PDF format.

Easy To Use Filtering and Workflow

Digging into the results a little more, you may want to select one of the facet filters, which are auto-populated based on the data. The interface is designed to allow someone who is brand new to the product to be effective with little to no training on how to use this powerful search capability. The results can be clicked to take you back to the individual module where the vulnerability was first logged, or the results can be quickly collected in a simple report.

Expert Engine Charts and Statistics

The NopSec Unified VRM Analytics interface is powered by our Expert Engine which is designed to consume raw scanner data, eliminate false positives and redundant information, and produce a cleansed and reduced data set. By eliminating the noise, customers interact with only the data that matters. These two visualizations indicate the performance of the Expert Engine as it crunches through your data. In this case, over 20% of incoming data was instantly eliminated.