Security Vision Vulnerability Scanner (VS)

The main articles are:

• Software and hardware vulnerabilities
• Security Information and Event Management (SIEM)

The Security Vision Vulnerability Scanner (VS) is designed to automate scanning to find technical vulnerabilities and monitor asset health in terms of security and proactively identify weaknesses in the infrastructure before attackers exploit them.

2026: Advanced Analytics Update

On January 14, 2026, Security Vision announced the release of the next Vulnerability Scanner product update, which strengthens the ability to control the security of corporate infrastructure. The version includes updated analytics tools, advanced scanning capabilities, and optimized management of vulnerability detection processes.

𝓲

Фото: Security Vision

Vulnerability Lifecycle Tracking Scan Log

According to the company, an optimized version of the scan log has been implemented, which allows you to control the full life cycle of each vulnerability on the asset. The system automatically records the date of the first detection of the vulnerability and calculates the time of its existence on the asset. All fixed vulnerabilities are stored in the log to analyze the effectiveness of the security team. The journal automatically compares the results of consecutive scans, highlighting new, fixed and remaining vulnerabilities, which allows you to see the dynamics of fixing problems over time.

Increased support for Russian regulatory requirements

An updated algorithm for calculating the criticality of vulnerabilities and determining the timing of their elimination was implemented in accordance with the FSTEC methodology of June 30, 2025. The system takes into account the requirements of the regulator and automatically generates recommendations on the timing of correction, helping organizations comply with current regulatory requirements.

Advanced Network Equipment Scanning

Expanded support for network equipment of leading manufacturers. Added full support for Palo Alto Networks devices - the system can scan next-generation firewalls and protections via SSH, receive vulnerability data and recommendations for fixing them from the vendor's official sources. For all supported manufacturers, automatic enrichment of vulnerability cards with information about solutions is implemented.

𝓲

Фото: Security Vision

Optimized scan process management

Added the ability to monitor the execution of scan tasks: a detailed display of the current state of the scan execution in real time with an indication of progress, as well as monitoring of running processes with the possibility of their forced completion. The interface for creating and managing scan templates has been completely redesigned to more easily configure parameters and reuse configurations.

Advanced BlackBox Testing Capabilities

The functionality of BlackBox scanning has been significantly expanded. Added checks for current critical vulnerabilities in popular libraries and frameworks, integration of automated testing tools on SQL Injection, and automatic detection of used web technologies for more accurate surface assessment. attacks Specialized modules have been implemented for testings the security of popular ones. DBMS

Added the ability to control the scanning intensity for both BlackBox and WhiteBox modes. This allows you to flexibly adjust the load on target systems, avoiding overloading critical services during security checks.

Gentoo Linux Support

Added full support for the distribution kit Gentoo Linux - both as a source of vulnerabilities and for scanning. The system automatically detects installed packages and their versions, comparing them with current vulnerability data from official Gentoo sources.

𝓲

Фото: Security Vision

APCS testing

Added support for the Modbus protocol for detecting vulnerabilities in automated process control systems. This allows industrial sector organizations to conduct a comprehensive security assessment not only of the IT, but also of the OT infrastructure.

WMI Windows Scan

Added the ability to scan Windows systems via WMI (Windows Management Instrumentation) for information on installed software and updates. WMI scanning is available in both agent and agent-free mode, which provides deployment flexibility in various infrastructures. Advanced WMI inventory includes data collection on installed Windows (KB) updates, DNS configuration, and installed applications.

Vulnerability Reachability Graph

A mechanism for building a vulnerability reachability graph based on the network topology of the infrastructure has been implemented. The system automatically analyzes firewall rules and routing, determining which vulnerable systems can be reached by potential attackers from different points in the network. This allows you to more accurately assess real risks and prioritize the elimination of vulnerabilities, taking into account their actual achievability, and not just theoretical criticality.

Enhanced expertise and enrichment of vulnerability information

The entire database of vulnerabilities is supplied with translation into Russian while saving the original text, which allows security specialists to work with information in their native language without losing access to the original wording.

Vulnerability cards are enriched with additional metrics and recommendations: estimates of the likelihood of exploitation, data on the detection of vulnerable systems on the public Internet, as well as advanced recommendations for eliminating vulnerabilities from NCCC. All metrics are regularly updated to ensure that information is up-to-date for decision making.

For the FSTEC methodology, data on vulnerabilities and assets are also automatically enriched taking into account the requirements of the regulator.

𝓲

Фото: Security Vision

Dynamic Groups and Asset Categorization

Dynamic asset groups are implemented that are automatically formed based on specified criteria (type, OS version, presence of vulnerabilities, etc.). Added a directory of asset categories and the ability to automatically classify them based on service banners and other characteristics. Enhanced infrastructure auto-inventory capabilities, including FQDN list scanning and inventory of various types of equipment.

Results

The updated version of Vulnerability Scanner provides information security teams with deeper opportunities to analyze the state of security, prioritize work based on real threats and monitor the effectiveness of eliminating vulnerabilities.

2025

CVSS 4.0 Metric Support

Security Vision on October 2, 2025 announced the release of an updated version of the Vulnerability Scanner product, which significantly expands the ability to identify and analyze vulnerabilities. The update strengthened integration with NCCC, added new knowledge bases, expanded the functionality of web scanning, and further optimized analytics processes.

Special attention is paid to interaction with key Russian regulators. NCCCA bulletins are now automatically loaded into the system and enrich vulnerability cards with additional information. For the FSTEC methodology, the level of criticality of vulnerabilities by assets is calculated, and recommendations for Windows (Knowledge Base updates) that have passed FSTEC testing have been added. All this helps to more accurately prioritize tasks and act in accordance with the requirements of the regulator.

Vulnerability Scanner's knowledge base has become even richer. In addition, information from the catalog of actively exploited CISA KEV vulnerabilities is taken into account, and estimates of the likelihood of exploitation from the EPSS system are used. This approach allows you to take into account the most current threats and predict real risks.

This release enhances the auditing capabilities of network equipment. Implemented scanning, obtaining data on vulnerabilities and ways to fix them for devices from major vendors: Cisco, Huawei, Juniper, Check Point, Fortinet, etc. Data retrieval is available using SSH and SNMP protocols.

Added support for the CVSS 4.0 metric. Thanks to it, the system assesses the criticality of vulnerabilities more accurately and in detail, given the modern aspects of cyber threats. This helps you make informed decisions about prioritizing patches.

The exception management functionality has been expanded: now you can exclude vulnerabilities and products from the scan results both for one specific host and for everyone at once. During subsequent checks, excluded items will not be taken into account.

Now in the product you can not only plan the "windows" for scanning in advance, but also flexibly control the process itself. In addition to delayed startup, the ability to pause or stop scanning has been added.

The functionality of BlackBox has also expanded significantly. Security checks for web applications have appeared, and the management interface allows you to implement more custom scan scripts. Verification of weak credentials is now placed in a separate Bruteforce mode, which is supplemented by support for password guessing using remote control protocols (RDP, Radmin, NetBIOS) and databases (Sybase, PostgreSQL).

Improved collection of software information on legacy systems, such as, for example, CentOS 6, Windows Server 2008R2 and 2012R2, etc.

New tools have appeared for analytics and reporting. Differential reports allow you to compare the results of scans over time and see the dynamics of corrections. The scan log for each asset stores the change history and helps you quickly figure out what measures have already been taken.

Obtaining a certificate of conformity of the Ministry of Defense of the Russian Federation for NDV-2

On September 9, 2025, Security Vision announced that in IBLow code/No code, the Security Vision platform and all modules based on it received a certificate of conformity from the Ministry of Defense of the Russian Federation (No. 7564 of 28.08.2025) in the information protection certification system.

According to the company, the certification applies to the Security Vision platform itself and to modules developed on its basis within the framework of a certified configuration. Including certified Vulnerability Scanner (VS) - vulnerability scanner. Read more here.