I'm using VulScan as one of the tools in my Pentest "kit".
Adding the granular detail VulScan provides, has increased our clients' satisfaction during the active phase of our pentests. Providing them Technician-level access once we wrap up the active phase provides them the ability to check down the vulnerabilities allowing them to confirm/deny/mitigate the findings, etc.
I'm liking it a lot and the clients seem to as well, once I get them over the initial scare of the high-volume of hits in their environment. Review collected by and hosted on G2.com.
Scanning is painfully slow, even when dropping the IVS on a dedicated machine with significant horsepower... it may take 3-6 hours for just a couple of /24's, and often seems to hang on the last IP in the range, at 99%, for several hours. Painful to watch!
It seems there are consistent false positives that I've learned and see every time... such as "Trojans"... just because a few ports associated with common products are present. I think a single criteria shouldn't trigger an event... but needs to corroborate with another in order to be considered "intelligence" v. "information". Review collected by and hosted on G2.com.
83 out of 84 Total Reviews for VulScan
Overall Review Sentiment for VulScan
Log in to view review sentiment.
It offers a thorough scanning for a wide range of vulnerabilities, making it an excellent tool for identifying potential security issues. With a simple user friednly interace, makes it simple to use for beginners (like for our helpdesk techs) and experienced users. The reporting features provides really in-depth actionable reports that gives us detailed information that not only explains the vulnerability, but helps us to share the justification for the billable time it would take to correct the vulnerability. I haven't had to use customer support very often but when we have, it's been pretty good with timely and educated responses. Review collected by and hosted on G2.com.
Probably the least disliked part is false postives, which is common in all scanners. False positives lead to wasted time with unneed investigations. With time we can reduce the noise of false postives by tweaking Vulscan, but it's still something that I wish it would improve on (which I imagine they actively are doing). Other than that, the cost is sometimes harder for our much smaller customers. Review collected by and hosted on G2.com.
Vulscan is easy to use where in you can just implemented it on your organization easily. You can automate scanning of vulnerabilities via scheduling it that will helps you to frequently scan its either weekly, monthy, it has a built-in scan profiles that can be use, auto-creation of tickets once it detects vulnerabilities, and many more features that will help organization to have internal/external vulnerability scan. Also, it can be integrated to Vonahi Vpentest for complete VAPT, and the supports is good when it comes in troubleshooting. Review collected by and hosted on G2.com.
So far, I haven't encountered any challenges while using the tool. Review collected by and hosted on G2.com.
What I appreciate about Vulscan is its seamless integration with Vonahi, which enhances our ability to manage and automate vulnerability scans effectively. Together, these solutions streamline our vulnerability assessment process, allowing us to identify and address security issues more efficiently within our organization. This integration not only simplifies our workflows but also helps ensure that we maintain a robust security posture in an ever-evolving threat landscape. Review collected by and hosted on G2.com.
The deployment requirements for running a scan are to deploy it only on Hyper-V or VMware.It would be better if we could deploy even at the endpoint for easier scanning deployment. Review collected by and hosted on G2.com.
The automation and the various reporting styles are top notch. the weekly trend and monthly trend reporting is extremely helpful and provides me with a quick view of the status.
The integration with the Kaseya stack wonderful to have. Review collected by and hosted on G2.com.
The initial setup is a bit cloogy, the user interface and steps are not as intuitive as most apps are today. Unfortunately we've gotten a bit lazy when it comes to app setup and are used to a "carry you along" method, while Vulscan does require one to head to the KB and do a little pre-game research first. Review collected by and hosted on G2.com.
What I like about vulscan is that it has automated vulnerability scanning and since we have vonahi penetration testing, the generated reports has been easier to check since they can be generated in a single report. Review collected by and hosted on G2.com.
That the host should be installed on HyperV or VMware, its really easy if it can be deployed on the endpoints itself. Review collected by and hosted on G2.com.
Intuitive user interface, makes it very easy to navigate and get started quickly. Wide range of threat detection from minor misconfigurations to critical issues. Quick and efficient scanning, without significant impact on system performance. Detailed reports help prioritize vulnerabilities based on severity, making it easier to focus on the most urgent security risks. Overall, the tool is reliable and effective for vulnerability management. Review collected by and hosted on G2.com.
Report customization options are limited, making it difficult to tailor reports for different audiences. Review collected by and hosted on G2.com.
The flexibility to update or modify vulnerability databases according to the specific needs of the environment is a significant advantage. Review collected by and hosted on G2.com.
Like many vulnerability scanners, VulScan can generate false positives or miss certain vulnerabilities (false negatives), especially if the version information of the service is incomplete or obscured. Review collected by and hosted on G2.com.
It has capabilities apart from vulnerability management is that the automation, efficiency and the actionable insights, where it has flexible remediation as well as the guidance for actionable steps, updates on threats and the customization for the reports. Review collected by and hosted on G2.com.
Limitations in Customization for reporting, it requires a dedicated training Review collected by and hosted on G2.com.
Nothing. As a regular user and administrator of Vulscan I can say that it offers very little benefit over scripted use of OSS tooling -- the time you will spend manually managing vulnerabilities in the patient will outweigh your development time. I will never choose this product again. Review collected by and hosted on G2.com.
Everything. Login is an absolute disaster if you use SSO. You can't SSO straight into the product, you have to SSO into KaseyaOne first. But then you can't go straight from KaseyaOne to Vulscan, you have to navigate to Vulscan's direct URL. And I pity the fool that doesn't follow that exact login flow.
The product, like everything in Kaseya's suite of acquired-and-slashed software, is under-developed and barely passes scrutiny. The interface is clunky, vulnerabilities stay in the console even when patched and gone from the network, EVERYTHING is manual except for the scan schedule, and there are zero integrations or public API's. (Kaseya might point out that they do have integrations... With their own awful products, like Kaseya VSA. And that's all.)
Do not choose this product unless you're an MSP that's already stuck in their ecosystem and you have an army of barely-above-minimum-wage workers to manage it. Review collected by and hosted on G2.com.
VulScan is an excellent tool for identifying internal and external vulnerabilites. I found it easy to spin up the scanning appliance in our virtual environment and get right to scanning and remeadiation. As an MSP I appreciated the ability to use the same external appliance to scan multiple clients. Scanning frequently is easy to set up using the built in scheduling. I also appreciate the ability to use the integrations to send tickets directly to our ticketing system. Review collected by and hosted on G2.com.
I do find the UI somewhat dated, it doesn't feel very modern. Review collected by and hosted on G2.com.
