Vulnerability Assessment
Detect and prioritize known vulnerabilities to fix them before attackers exploit them.
Improve your IT hygiene with the Vulnerability Assessment feature.

Vulnerability Assessment is available via both the Cloud and On-Prem versions of HarfangLab. This feature reports vulnerabilities identified on your IT infrastructure using a continuously updated list of public vulnerabilities (CVEs).
Installation is simple and requires no specific configuration.
CVEs are continuously retrieved by the HarfangLab security platform and compared with the software and applications deployed on the protected IT environments to report vulnerabilities that need to be corrected.
This enables security teams to stay one step ahead of threats. Immediately prioritize and remediate detected vulnerabilities, and correlate data with that of the deployed agents if needed.
- Continuous automatic detection without scanning
- CVE database constantly updated
- Daily reporting
What is a CVE?
CVE stands for Common Vulnerabilities and Exposures. It is a public database that lists IT security vulnerabilities – Log4Shell and Spectre are among the most infamous examples.
The cyber ecosystem relies on these databases to report vulnerabilities to security teams.
These vulnerabilities are given a standardized score that assesses their criticality, called the Common Vulnerability Scoring System (CVSS). This score ranges from 0 for the least critical to 10 for the most critical.
This score should be considered in the context of each unique organization. A vulnerability that is not inherently critical may still affect essential devices or solutions critical to the organization. In this case, it must be remediated as quickly as possible, even if the CVSS score is low!
Prevent threats before they reach your information system
Thanks to its single lightweight agent, HarfangLab transforms each endpoint into a watchdog for the entire IT infrastructure, with no impact on workstation or server performance.
Vulnerability Assessment does not require heavy and time-consuming manual scans, nor does it require opening ports or permissions… because the agent installed on each endpoint automatically detects vulnerabilities.

Map your information system and anticipate threats tied to vulnerability exploitation.
Maintain complete visibility over your endpoints, easily aggregate vulnerabilities by endpoint, application, criticality, or CVE, and prioritize remediation actions according to your business priorities.


Vulnerability Assessment is accessible via the HarfangLab console.
This feature is also available as a standalone feature with the Scout offering, without EDR or EPP.
Unlike EDR detection rules, for example, the CVEs list comes from NIST and cannot be customized.
For the Cloud and On-Prem versions of HarfangLab, the CVEs list is updated constantly and deployed to the consoles of SaaS solution users.
For On-Prem or Air-gapped environments, the updated file is stored in a dedicated secure space and can be loaded into the console manually.
This update frequency allows for optimal responsiveness to correct vulnerabilities wherever and whenever they occur.
Find out more

Basic rules for good IT hygiene
The protection of an information system must be constantly adapted to keep pace with changing usage patterns and cyber threats.…

5 KPIs for assessing and monitoring IT assets security
Can security be measured? Absolutely! Here is a selection of key indicators to help assess security, adapt your strategy and…

Attack Surface Management
