Vulnerability Management (VM)
Vulnerability Management (VM)
Guard’s Vulnerability Management module triages, prioritizes, and tracks vulnerabilities across your entire attack surface. It integrates with your existing scanners, enriches findings with exploit intelligence, and filters 80,000+ noisy alerts down to the material risks that actually matter. Customers typically maintain an approximately 10% open rate — meaning 90% of scanner noise is eliminated before it ever reaches your team.
Why It Matters
Security teams suffer from scanner fatigue: too many tools generating too many alerts, most of which are informational, duplicated, or unexploitable. The result is alert blindness — real vulnerabilities get buried under thousands of low-value findings.
Guard solves this with attacker-verified prioritization. Rather than trusting scanner severity ratings at face value, Guard layers exploit intelligence, asset context, and human expert validation so that only real, exploitable risks get escalated. The rest is filtered, deduplicated, and archived — automatically.
The Noise Reduction Funnel
Every vulnerability passes through a five-stage funnel before it reaches your team:
Stage 1: Multi-Scanner Integration
Guard normalizes findings from all major vulnerability scanners into a unified schema:
Enterprise Scanners: Tenable, Qualys, Rapid7 InsightVM, Nessus
Cloud-Native: Wiz, Orca, CrowdStrike Spotlight
Application Security: Snyk, Invicti
Open Source: Nuclei templates (custom and community)
No matter which scanners you use, Guard ingests their output and maps it to a common data model — eliminating duplicate findings across tools and normalizing severity ratings.
Stage 2: Asset-Based Filtering
The VMFilter pipeline automatically removes findings associated with unreachable or irrelevant targets:
Private/RFC 1918 IP addresses (10.x, 172.16.x, 192.168.x)
Cloud metadata IPs (169.254.169.254)
CDN and WAF IP addresses (findings behind Cloudflare, Akamai, etc.)
These findings cannot be exploited from an external attacker’s perspective and are removed before scoring.
Stage 3: Severity Scoring
Guard maps every finding to standardized CVSS severity tiers across all supported versions (v2, v3.0, v3.1, v4.0):
Stage 4: Exploit Intelligence
Each finding is enriched with real-world exploitation data:
CISA KEV: Is this CVE actively exploited in the wild?
EPSS: What is the probability of exploitation in the next 30 days?
MITRE ATT&CK: Which adversary techniques does this vulnerability enable?
Findings with active exploitation evidence or high EPSS scores are automatically escalated.
Stage 5: Human Triage
Guard’s security team reviews the prioritized findings that survive the funnel. This final layer ensures zero false positives through expert validation — every risk that reaches your dashboard has been confirmed by a human analyst.
Risk Status Model
Every risk in Guard carries a two-character status code that combines its lifecycle state with its severity level:
The second character denotes severity: C (Critical), H (High), M (Medium), L (Low), I (Info).
Examples:
OC— Open Critical: a confirmed critical vulnerability requiring immediate actionTH— Triaged High: a high-severity finding reviewed and categorizedRM— Remediated Medium: a medium-severity vulnerability that has been fixed
Risk Lifecycle
Vulnerabilities follow a defined lifecycle through Guard:
Open → Triaged → Remediated → (Auto-reopen if re-detected)
Open: A new vulnerability is discovered and confirmed.
Triaged: The security team reviews, categorizes, and assigns priority.
Remediated: The engineering team applies a fix and the vulnerability is resolved.
Re-detection: If a subsequent scan detects the same vulnerability, Guard automatically reopens the risk — ensuring nothing slips through the cracks.
Jira Bi-Directional Sync
Guard integrates directly with Jira for seamless ticket management:
Auto-creation: When a risk is triaged, a Jira ticket is automatically created with full vulnerability details.
Auto-close: When a risk is remediated in Guard, the corresponding Jira ticket is closed.
Auto-reopen: If a remediated vulnerability is re-detected, both the Guard risk and Jira ticket are reopened.
Severity sync: When a vulnerability’s severity changes (e.g., new CVSS score or KEV listing), Guard posts a comment to the Jira ticket with the updated details.
Account Health Grade
Every status change updates your organization’s account health grade — a real-time score reflecting your overall vulnerability posture. As risks are remediated, your grade improves; as new risks open, it adjusts accordingly.
Exploit Intelligence Enrichment
Guard runs an automated daily pipeline that enriches every CVE with data from six authoritative sources:
The pipeline runs 25 concurrent workers to enrich each CVE daily. All enrichment results are stored in Guard’s graph database, enabling relationship-based queries like "show me all open critical risks linked to MITRE ATT&CK Initial Access techniques with EPSS > 0.5."
AI-Powered CVE Research
For CVEs listed in CISA’s Known Exploited Vulnerabilities catalog and other high-severity findings, Guard’s AI researcher automatically triggers a deep analysis workflow:
Research: The AI analyzes the CVE’s technical details, affected software versions, and known exploit methods.
Detection: It creates or updates detection capabilities (Nuclei templates, custom signatures) tailored to the specific vulnerability.
Tracking: It files internal tracking tickets to ensure the vulnerability is monitored through remediation.
This entire pipeline runs without manual intervention — from CVE publication to detection capability, Guard’s AI handles the research, creation, and tracking automatically.
What’s Next
Penetration Testing (PenTest) — Learn how Guard’s offensive security testing validates and prioritizes vulnerabilities.
Risk Lifecycle Deep-Dive — Explore the complete risk management workflow in detail.
Scanner Integration Guides — Step-by-step setup for connecting your vulnerability scanners to Guard.