ManageEngine Vulnerability Manager Plus

Priority-driven web security scanner that doesn’t fall short on features

ManageEngine
(Image: © ManageEngine)

TechRadar Verdict

Vulnerability Manager Plus is a simple-to-use, cloud-delivered, agent-based security web scanner with an intuitive interface you’ll get used to without any trouble.

Pros

  • +

    Feature-rich freemium edition and free trials with paid plans

  • +

    Plenty of user-friendly features

  • +

    Supports Windows, Linux, and Mac

  • +

    Surprisingly simple to use

  • +

    Third-party app patching

Cons

  • -

    Paid plans are pretty pricey

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

One way you can shield yourself from all sorts of web-based security threats is to equip Zoho’s web risk-driven security scanner called ManageEngine Vulnerability Manager Plus – well, that was quite a mouthful, let’s call it Vulnerability Manager Plus from now on.

Aiming to cover all-sized businesses regardless of their budgets, Zoho’s “beautiful software” is there to solve “business problems” with multiple tiers of products including a freemium edition which you can try out for yourself straight away - it’s a full-on fit for small to mid-sized businesses (SMBs).

Formally known as AdventNet, Zoho Corporation is an India-based, multinational technology company and it has been providing SMBs with all sorts of web-based, business-oriented tools for over two decades. 

Famous for its Zoho Office Suite, the company announced it had over 80 million users in July 2022, which is nothing short of impressive.

Headquartered in Chennai (India), Zohos offices are scattered across nine countries around the world including the USA, the Netherlands, Japan, China, Singapore, Brazil, South Africa, Australia, the UAE, and Saudi Arabia.

Vulnerability Manager Plus’s official site looks fresh and feels convenient to use – it’s also available in multiple languages and offers plenty of information about the software itself which we’re always glad to see.

If you're a fan of social media sites, you can find Vulnerability Manager Plus on Facebook, Twitter, Instagram, LinkedIn, and YouTube - there you’ll also discover a good deal of videos on various security-oriented subjects.

ManageEngine

(Image credit: ManageEngine)

Plans and pricing

Vulnerability Manager Plus comes in three forms: a “Free Edition” which is suitable for SMBs and able to cover up to 25 computers; a “Professional” plan which is best for mission-critical businesses and computers in LAN; and an “Enterprise” plan which is aimed at enterprise-level businesses and computers in WAN.

As suggested, “Free Edition” is completely free of charge yet it comes with an attractive set of features such as advanced vulnerability scanning and assessment, high-risk software detection, zero-day vulnerability detection and mitigation, and much more.

“Professional” plan will set you back $695 per year and if you wish to utilize the “Enterprise” plan it will cost you $1195 for one year. All plans are billed on an annual or perpetual basis, so if you hoped to pay for one month only and see how it works for you, you’re out of luck.

Fortunately, all paid plans are backed by a 30-day free trial and they come with full features, which means you can try out everything for yourself before spending a single dime.

These plans can be purchased with all major credit/debit cards. 

ManageEngine

(Image credit: ManageEngine)

Features and functionality 

Vulnerability Manager Plus will scan all your systems at regular intervals and review critical security configurations and software within your network in search of vulnerabilities and threats to security. Data collected from these scans will be utilized to identify the real threats that are on the prowl within endpoints.

As soon as a risk is identified, Vulnerability Manager Plus will alert the administrator and present solutions ready for deployment in the targeted system. With vulnerability assessment, admins can give priority to particular vulnerabilities so they know which ones to take care of first.

In addition to risk-based vulnerability assessment, with Vulnerability Manager Plus you’ll find some fine features such as high-risk software detection and uninstalls, detection and resolution of server misconfigurations, missing patch detection, automatic patch deployment for over 300 third-party apps, and zero-day vulnerability detection and migrations.

And if you require security advice, Vulnerability Manager Plus will provide you with recommendations on how to set up your web servers safely and securely. Also, expect to get tons of reports with this rather rigorous web security scanner.   

As for supported operating systems (OS’), Vulnerability Manager Plus works wonderfully with most versions of Windows, Linux, Mac, iOS, and Android.

ManageEngine

(Image credit: ManageEngine)

Interface and ease of use

To get Vulnerability Manager Plus, go to the official site’s landing page and click on one of the prominently red “Download” buttons which will take you to the page where you can finally download the software - it shouldn’t take longer than a couple of minutes.

Once you start the download, you’ll be asked whether you want to attend a free personalized demo and a free training or to subscribe to a newsletter where you’ll receive news about the products, updates, promotions as well as some helpful tips and tricks.

When the installation of Vulnerability Manager Plus is completed you can proceed to your dashboard – while it may seem somewhat complex at first sight, it’s surprisingly simple to understand and use. 

By color-coding all detected vulnerabilities, the dashboard will help you understand which of them need to be addressed without further delay (and which of them can wait for a while).

There, you’ll also get to enjoy an extensive and very much effective use of graphs which make it easy to understand everything that's going on in your dashboard. In the “Threats'' section you can manage your software and zero-day vulnerabilities, system configurations, high-risk software, web server misconfiguration, and even active ports in your network systems.

Vulnerability Manager Plus also offers a well-stocked library of executive reports, granular report templates, and custom query reports that support different file formats - PDF, XLSX, and CSV to name a few. You can pick between generating reports on-demand and scheduling them to be sent to your team with a single click on your dashboard.

It’s also worth noting that Vulnerability Manager Plus is currently available in 17 languages in addition to English.

ManageEngine

(Image credit: ManageEngine)

Customer support

If you sign up with ManageEngine by submitting your name, business e-mail address, phone number, company name, and the name of the country you live in you can make use of their technical team and it’s available via phone, live chat, and e-mail. 

The best thing about it is that it’s offered to all licensed users alike (even those with freebies) - the worst thing about it is that it is practically notorious for being painfully slow.

ManageEngine

(Image credit: ManageEngine)

Alternatively, you can visit the documentation page where you’ll find plenty of simple-to-follow how-tos, some of which are supported with screenshots or video guides. 

Competition

As its name suggests, OpenVAS is open-source software but also an all-in-one vulnerability scanner with impressive scan coverage. Like most freeware, it’s completely free and backed by a committed community of developers, which is something you won’t find with Vulnerability Manager Plus.

On the other hand, OpenVAS isn’t as novice-friendly as Vulnerability Manager Plus since it calls for some technical know-how. Plus, its dashboard looks outrageously outdated.

Probely is another amazing alternative to Vulnerability Manager Plus and it’s aimed at security teams and software developers - so if you fall into these categories don’t fail to check them out. On the downside, if you’re into free stuff, Probely’s free plan is painfully basic – you’ll get much more with Vulnerability Manager Plus’s freemium edition.

If you strive for simplicity, Sucuri Sitecheck is probably the perfect choice for you. It’s one of the simplest web scanners we’ve seen which is both its strength and its weakness.  

Final verdict

Although Vulnerability Manager Plus is impressively intuitive and simple to use, it’s best suited for businesses of all sizes and professional use in general.

However, if you don’t fit into this category and still want to check Vulnerability Manager Plus for yourself, thanks to its full-featured freemium edition you can do it without putting your budget on the line.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.