Understand and address all your risk in one place
The heart of managing risk is an effective risk-based vulnerability management program. Leverage Unified Vulnerability Management, built on our Data Fabric for Security, to prioritize your biggest risks, automate remediation workflows, and showcase your security posture improvements.
Siloed data makes it impossible to understand, report on, and address risk as a whole
Traditional vulnerability management systems fail to provide a complete picture of risk across your environment. These vulnerability prioritization technology tools also offer little ability to customize risk prioritization factors or remediation workflows. In other words, they provide too little context to accurately identify the biggest sources of risk.
CVSS scores are a helpful way to understand the severity of security vulnerabilities, but they don’t accurately reflect risk. Tens of thousands of new CVEs are published every year—far more than security teams can process. Plus, without the context of your specific risk profile, your team has no idea which vulnerabilities to patch first.
To accurately assess and remediate risks, you need comprehensive, unified insights.
Product overview
Efficiently address security gaps with contextual risk scoring and flexible workflows
The Zscaler Unified Vulnerability Management solution taps into an aggregated, correlated data set to fuel a more effective and efficient vulnerability management program. UVM is powered by our Data Fabric for Security, which ingests data from traditional vulnerability and exploitability sources—as well as Zscaler and third parties—leveraging 150+ prebuilt data connectors. It correlates security findings and context spanning identity, assets, user behavior, mitigating controls, business processes, organizational hierarchy, and more. These rich insights bring your most important security gaps into focus, empowering you to meaningfully reduce your risk.
What sets Unified Vulnerability Management apart?
Identify which security gaps and vulnerabilities to fix first
Prioritize risks in the context of your own risk factors and mitigating controls, based on input from 150+ data sources.
Get always-up-to-date reports and dashboards
Get dynamic insights into your risk posture, KPIs, SLAs, and other metrics in one correlated, context-rich data set.
Automate workflows to streamline remediation
Accelerate triage with custom workflows that provide remediation details and rationale, and automatically reconcile tickets.
SOLUTION DETAILS
Risk-based prioritization
Get a to-do list of your riskiest exposures with our out-of-the-box risk scoring. Adjust the weighting of your unique factors and mitigating controls to ensure your teams can focus on the most critical risks.
Out-of-the-Box Multifactor Scoring
Understand your top risks with prebuilt risk calculation that accounts for your risk factors and mitigating controls.
Customizable Factors and Weights
Adjust the weight of any risk factor or mitigating control based on your specific needs, unlike the static weights of traditional vulnerability management tools.
Support for Additional Factors
Easily add new data sources to the data model that drives UVM, which can then be a factor in your risk calculations.
Breadth of integrations
Pull in feeds from dozens of siloed vulnerability scanners and other tools. Harmonize, deduplicate, correlate, and enrich that data to construct a unified view of risk across your entire environment.
150+ Prebuilt Integrations
Leverage native connectors to 150+ data sources, spanning CVEs, threat intel feeds, identity, applications, cloud services, and user behavior.
AnySource Connector
Easily integrate new data sources—even flat files or webhooks—with AnySource Connector. Plus, request new connectors, which can be built in a matter of a few weeks.
AnyTarget Connector
“Outegrations” are just as important as integrations. Push workflows, tickets, or other outputs to any downstream system of choice with AnyTarget Connector.
Customizable reporting
Communicate risk posture and progress with dynamic at-a-glance dashboards and reports. Prebuilt and custom reports cover KPIs, SLAs, and other key metrics for real-time insights into your security posture and team performance.
Prebuilt Dashboards and Reports
Simplify reporting with an array of ready-made reports that capture risk posture, remediation history, asset coverage, and more.
Custom Dashboards and Reports
Easily create your own reports and dashboards to show SLA performance, KPI status, and more. Enjoy all the power of a business insights tool in a user-friendly but robust dashboard creator.
Dynamically Updated Data
Deliver valuable, accurate reports that tap into a consistent, always up-to-date data set.
Automated workflows
Streamline operations and accelerate remediation with automated ticket assignment and tracking, built to match your structure and systems. Empower your teams to quickly address the risks most likely to cause harm, before bad actors can exploit them.
Custom Workflows
Take effective action with workflows that match your organizational structure to get the right teams the right info at the right time.
Simple Grouping Logic
Cluster work items by assignee, business unit, or any other criteria, with flexible and easily adjusted grouping logic.
Two-Way Ticketing Integration
Automatically reconcile tickets, including automatic closing and reopening, to gain an accurate view of remediation requests.
Reduce risk with a data-first approach
Analyze asset hygiene and coverage/gaps
Collect data from multiple sources to help understand assets in your environment, whether or not they are reflected in your CMDB. Reconcile asset information to uncover gaps or duplications in asset tools.
Uncover cloud native app vulnerabilities
Correlate asset inventory and vulnerabilities, and enrich them with other cloud native-related asset details, to paint a clear picture of your application risk.
Experience the power of the Zscaler Zero Trust Exchange
A comprehensive platform to secure, simplify, and transform your business
01 Risk Management
Reduce risk, and detect and contain breaches, with actionable insights from a unified platform
02 Cyberthreat Protection
Protect users, devices, and workloads against compromise and lateral threat movement
03 Data Protection
Leverage full TLS/SSL inspection at scale for complete data protection across the SSE platform
04 Zero Trust for Branch and Cloud
Connect users, devices, and workloads between and within the branch, cloud, and data center