Automated vulnerability management and remediation

Tufin enables a proactive, contextual and actionable vulnerability program through applications that integrate with your existing vulnerability scanners and leverage their data.

Get a demo

Enabling Your Vulnerability Management Strategy

Organizations need to confirm that new connectivity requests are not granting access to assets with known vulnerabilities - automatically. They also need to mitigate connections to assets with newly discovered vulnerabilities - automatically. Together Tufin’s Vulnerability-based Change Automation (VCA) App and Vulnerability Mitigation App (VMA) vulnerability apps enable both.

Preventing Connectivity to Vulnerabilities

One of the challenges when setting a new security rule or enabling connectivity is ensuring that access is not being granted to vulnerabilities. With the release of the VCA Tufin customers can automatically address this problem by integrating assessments into their existing processes or workflows. 

The VCA automatically retrieves scan data from an organization’s vulnerability scanner and reflects the results in the risk assessment step of an access request workflow. Integration is supported with leading vulnerability management solutions including Tenable, Rapid7, Nessus and Qualys. Customers can proactively ensure there are no risky vulnerabilities in the source or destination of assets before provisioning new network access. 

Vulnerability Mitigation

The Tufin Vulnerability Mitigation app enables organizations to prioritize remediation and mitigation efforts by enhancing vulnerability scanner output with network insights. By combining vulnerability measures (CVSS and severity) with insights into how these vulnerabilities may be accessed and exploited via the network, you’ll have the context to identify and address vulnerabilities that pose the greatest threat to your critical business assets.

The Tufin Vulnerability Mitigation app provides out-of-the-box integration between Tufin and the most widely used vulnerability management solutions, including,, Qualys VMDR, Rapid7 Nexpose, and Rapid7 InsightVM.

Risk Management

Risk Mitigation

Automated Risk Prevention

Proactively ensure there are no risky vulnerabilities within source or destination assets before provisioning new network access – automatically.

Risk-based remediation prioritization

Prioritize vulnerability remediation efforts based on exposure of critical assets as well as severity of vulnerabilities.

Use network insights to identify vulnerable assets

Easily assess overall risk to critical assets resulting from vulnerabilities that are both accessible and exploitable.

Easily apply mitigation when remediation is not an option

Automate risk mitigation by blocking access to the critical asset until remediation efforts can be fully implemented.