Vulnerability Management
From CVE noise to prioritised action.
Unified vulnerability aggregation from scanners, EASM/CTEM platforms, and cloud security tools. Confidence scoring combines multiple scanner results for accurate prioritisation. Asset-vulnerability mapping ensures every finding is linked to business context. Remediation workflows with SLA enforcement and exception management.
What you get
Multi-Scanner Aggregation
Ingest vulnerability findings from Qualys, Tenable, Rapid7, cloud-native scanners (AWS Inspector, Azure Defender, GCP SCC), and container security tools into a unified vulnerability inventory. Findings from multiple scanners are normalised to a common taxonomy, deduplicated by CVE and asset, and enriched with threat intelligence context.
Confidence Scoring Across Overlapping Findings
When multiple scanners detect the same vulnerability on the same asset, confidence scoring combines their results to produce a more accurate severity assessment. A critical finding confirmed by 3 scanners receives higher confidence than a single-scanner detection that may be a false positive. Confidence scores reduce false positive investigation time by up to 40%.
Asset-Vulnerability Mapping with Business Context
Every vulnerability is linked to its affected asset in the asset registry, inheriting the asset's business criticality, regulatory scope, and vendor dependencies. A critical CVE on a low-criticality test server is deprioritised, while a medium CVE on a payment processing system is escalated — ensuring remediation effort aligns with business risk.
SLA-Enforced Remediation Workflows
Remediation tasks are automatically created from vulnerability findings with SLA deadlines based on severity and asset criticality — critical vulnerabilities on critical assets may have a 48-hour SLA while medium findings on standard assets get 30 days. SLA tracking monitors progress and escalates overdue remediations through configurable chains.
Exception and Risk Acceptance Management
When a vulnerability cannot be remediated due to technical constraints, business dependencies, or compensating controls, the exception management workflow captures the justification, approver, compensating controls, and expiry date. Exceptions are tracked as accepted risks and reviewed periodically, satisfying NIS2 Article 21(2)(a) risk management documentation requirements.
EASM/CTEM Integration
Integrate with External Attack Surface Management and Continuous Threat Exposure Management platforms including Censys, Hadrian, and CyCognito to incorporate externally-visible exposure data into your vulnerability inventory. EASM findings are correlated with internal scanner results to provide a complete picture of organisational exposure from both internal and external perspectives.
How it works
Scanners Feed Findings
Vulnerability scanners, EASM platforms, and cloud security tools continuously feed findings into FortisEU through API integrations. Each finding is captured with full scanner metadata, CVE references, affected asset identifiers, and raw severity scores.
Deduplicate & Score
Overlapping findings from multiple scanners are deduplicated by CVE and asset, with confidence scoring combining multiple scanner assessments. Threat intelligence enrichment adds exploit availability, active exploitation status, and EPSS probability scores to refine prioritisation.
Map to Assets
Deduplicated vulnerabilities are mapped to assets in the asset registry, inheriting business criticality, regulatory scope, and owner assignments. The combined vulnerability severity and asset criticality determine the effective risk score that drives SLA assignment and remediation priority.
Track Remediation
Remediation tasks are created and assigned to asset owners with SLA deadlines. Progress is tracked through fix verification — scanners confirm remediation by verifying the vulnerability is no longer detected in subsequent scans. Overdue items escalate through configurable chains and surface in executive dashboards.
Built for your team
Vulnerability Triage & Investigation
The SOC analyst starts each shift reviewing the vulnerability dashboard filtered to critical and high-confidence findings. Confidence scoring has already eliminated likely false positives, and asset-vulnerability mapping provides immediate business context for each finding. The analyst can focus investigation effort on confirmed, high-impact vulnerabilities rather than spending time validating scanner output quality.
Patch Prioritisation & Change Management
The IT Manager uses the vulnerability management module to prioritise patch deployment based on combined vulnerability severity and asset business criticality. Rather than patching by CVSS score alone, the IT Manager targets patches that deliver the greatest risk reduction — a CVSS 7.5 on a payment system is patched before a CVSS 9.8 on an isolated test server. SLA tracking ensures patches are deployed within required timeframes and provides evidence for change management audits.
Exposure Reporting & Risk Acceptance Oversight
The CISO uses vulnerability management dashboards to report organisational exposure posture to the board, showing remediation progress, SLA compliance rates, and trending vulnerability counts by severity. Exception management provides visibility into accepted risks with their justifications and expiry dates, ensuring risk acceptance decisions satisfy NIS2 Article 20 management body oversight requirements. DORA Article 9(4) ICT security policy compliance is evidenced through vulnerability management metrics.
Supports your compliance stack
Common questions
Which vulnerability scanners are supported?
FortisEU integrates with all major vulnerability scanning platforms including Qualys VMDR, Tenable.io/Nessus, Rapid7 InsightVM, cloud-native scanners (AWS Inspector, Azure Defender for Cloud, GCP Security Command Center), and container security tools (Trivy, Snyk Container, Aqua). Integration is via REST API with configurable sync intervals. Custom scanner integration is supported via a standardised JSON import format for scanners not covered by built-in connectors.
How does confidence scoring work across multiple scanners?
Confidence scoring uses a proprietary algorithm that correlates findings across multiple scanners on the same asset. When three scanners independently confirm a vulnerability, the confidence score approaches 1.0, virtually eliminating false positive risk. When only a single scanner reports a finding with no corroboration, the confidence score is adjusted downward based on that scanner's historical false positive rate. Confidence scoring also considers vulnerability age, exploit availability from threat intelligence feeds, and EPSS (Exploit Prediction Scoring System) probability to produce a holistic prioritisation score.
How are SLA deadlines enforced for vulnerability remediation?
SLA deadlines are configured per severity-criticality matrix — for example, critical vulnerabilities on critical assets may require 48-hour remediation, while medium vulnerabilities on standard assets allow 30 days. SLA tracking monitors time elapsed since finding creation, sends automated reminders at configurable intervals (e.g., 50%, 75%, 90% of SLA), and escalates overdue items through a configurable chain (asset owner → team lead → CISO). SLA compliance metrics are reported in executive dashboards and can be exported as evidence for NIS2 Article 21(2)(a) risk management and DORA Article 9(4)(c) ICT security policies.
Can FortisEU integrate with patch management tools?
Yes. FortisEU integrates with patch management tools including Microsoft SCCM/Intune, WSUS, Ivanti, and Tanium to close the loop between vulnerability detection and remediation. When a remediation task is created, FortisEU can push the required patch information to your patch management platform for deployment scheduling. Once patches are deployed, subsequent vulnerability scans confirm remediation and automatically close the corresponding tasks. This bidirectional integration ensures vulnerability management is not just a detection exercise but drives confirmed remediation.
What is the difference between EASM and traditional vulnerability scanning?
Traditional vulnerability scanning operates from inside your network, scanning known assets with authenticated or unauthenticated scans. External Attack Surface Management (EASM) operates from the outside, discovering internet-facing assets and exposures as an attacker would see them — including shadow IT, forgotten infrastructure, and misconfigured services not in your asset inventory. FortisEU correlates EASM findings from platforms like Censys, Hadrian, and CyCognito with internal scanner results, providing a complete exposure picture from both perspectives. This is particularly relevant for DORA Article 24-27 threat-led penetration testing requirements.
Related features
See Vulnerability Management in Action
Create an account and explore the platform, or talk to our team about enterprise deployment.