Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Vulnerability Management in N-central & N-sight

N-able
07/16/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


your host, Jeff Green. We'll wait a couple of minutes to let folks filter in, but while we do that I'll get some housekeeping out of the way. So obligatory regulatory statements may contain forward-looking statements, nothing is promised or committed, all trademarks, patents and such. And we're gonna kind of go over what we've been doing with vulnerability management in the last couple months. We're going to take a look at how this plays into all of the changes we're making with Ecoverse and the enhancements we're making to our RMM platforms and Central and Insight and talk about futures, what we're going to be delivering with vulnerability management, and then do a live demo and then drill in and answer questions and maybe ask some questions too. So this is kind of a two-way street for us here at Enable. Not only do we love bringing you new cool stuff, but we love listening and to what you need and want. So you know my background having been at an MSP prior to coming to Enable, I think I know what most people want in this arena, but I don't always know for sure because I don't live it every day like I used to. So asking you questions, so we'll have some polls asking you some questions and then we'll have a Q&A period at the end. So that's kind of the plan for today. We're going to talk about where we've been, where we're going, give you a demo, answer some questions, ask a question or two, and then wrap up. So we really appreciate the time you spend with us. So in respect to that, I'm going to go ahead and get started. There will be a recording that folks can watch on replay after the session. So let's go ahead and get started. So why is vulnerability management even a thing in the sense of an RMM or Unified Impact Management solution like Enable? Seems like there's plenty of vendors out there that are selling, delivering vulnerability management, vulnerability scanning. Why would Enable endeavor to bring this into the platform? There's a number of reasons. One, we're about protecting your endpoints, helping you protect the endpoints of your customers. And the easiest way to protect them is to keep them from being exploited in the first place. So discovering those vulnerabilities that might exist because of software that's installed though or operating system versions or what have you, that's kind of a pain. You have multiple different tools, multiple different feeds, you have to run it constantly, you're constantly chasing down what does this mean, where does it go, how do we act upon it. So for us at Enable, what we really want to do is bring that entire life cycle of vulnerability management into the tool you use every day to manage the endpoint because that's most likely the tool you're going to use to remediate the vulnerability. So why not get the detection of the vulnerability and the presentation and prioritization of those vulnerabilities in the same place. Instead of having to use another tool, crosstab them, make lists, cross checklists, make sure that you got this or that, figure out if it's gone or not, rescan, rescan again. So that's kind of the reasoning around why we have undertaken this journey to bring vulnerability management more fully into NCentral and Insight. As you think about that workflow, you need to inventory your assets, which you already do with your RMO, but you also then need to inventory the vulnerabilities, identify those and that's what we're focusing on right now is getting to the point where we can inventory and identify the vulnerabilities that are in your environment and then moving into prioritizing those vulnerabilities for you so that you can work on the things that are most important, most impactful to your security posture and then take those remediative actions. But unfortunately, as we all know, with any kind of vulnerability management or patch management lifecycle, you're never really done. Once you've finished updating the last round of vulnerabilities or patches, it's time to start over. So we want to keep that flow as quick and as tight as possible and that's why we're working to bring the entire flow in to the RMM. So if you have Insight or NCentral today, you have access to vulnerability management in preview. If you're on Insight, it should just be there. If you're using custom permissions and you're not using the standard system permissions, you may have to go in and add the Ecoverse vulnerability management permission to your user. There's documentation on how to do that in the Insight documentation. If you're on NCentral, we recommend that you run 2025.3.1.9, which is our most recent and most secure release. And also, there is a permission there as well for turning on the Ecoverse vulnerability management, but it is on by default for sysadmins. So anybody who's a default system administrator will be on by default. If you want to grant it to someone else, you can grant it as a specific permission. So granular permissions are supported there. For NCentral, you also need to be using Enable SSO to use this because this is an Ecoverse feature and Ecoverse relies on Enable SSO for authentication. So again, those prerequisites are also available in NCentral documentation. So what's live today? Today we're scanning applications that are installed on operating systems for Windows, Linux, and Mac. Like I mentioned, you've got role-based access control, the ability to filter and view just if you're taking advantage of the assets view. It's the same interface, same filter builder. There is the ability to group by vulnerability, view the details of the vulnerability, and then also deep link back to the asset in NCentral or NCite to take remediative actions or export. And I'll walk through all this stuff in the demo, which I'll do right now. But before I do the demo, you didn't think you're going to get up that easy. So what I'd like to do is take a look at our first question for you. And that question is actually quite simple. How are you currently managing vulnerabilities across your endpoints? So if you can answer the poll, give us some kind of sense of how you're doing this today, that'd be great. Because obviously we want you to use NCentral or NCite to do this. That's why we're building these features. But, you know, understanding what you're doing today helps guide us towards what we should be building in the future. So wait for us to get a few more votes in whilst I make sure my demo is going to work. All right, so it looks like roughly half of you are using third-party tools, plus or minus. And a few more votes tripling in there. Still some clicking and clicking. All right, looks like we're about there. It's like watching a kettle boil. I'll go ahead and share. So yeah, so roughly 50% of you are using third-party tools, which doesn't surprise because there aren't a lot of built-in tools for this. Manual processes, I can feel the pain. And not managing consistently is a pretty good chunk, which is understandable. But probably something that as we continue to move into a more regulated state for MSPs, vulnerability management, our more formalized process is probably going to become important. So for those of you who aren't using vulnerability management consistently, or don't have a consistent practice, or maybe you're using third-party tools, hopefully you'll see some things here in the Enable Stack that we're building towards that you'll like to adopt. So without that further ado, I'll go ahead and kick into the demo. So I'm going to showcase this in NCentral, but it's very similar in NCite. In fact, the screens are the same because it's Eco-verse. So once you navigate to vulnerabilities, you're going to see the current screen. I'm just going to clear my filters here. So today, it's fairly bare-bones, fairly straightforward. We are detecting application vulnerabilities for assets that have the modern agent installed on them. And you can see here, we've got the ability to create a filter using the filter builder, just like you can in Assets View. You can search and sort. You can also manage which columns you want to see and which ones you don't. So if the customer and site information is not relevant to you, you can just hide that. We've also given you the ability to export the rows. So if you have less than 10,000 rows in the current data set today, you can just export the whole thing as a CSV. If you have more than 10,000 rows, you've got to print it down today. But one of the things we're going to release coming up this quarter is the ability to export up to a million rows of information. Hopefully you don't have a million rows of vulnerabilities, but it could happen. But you can export that data as a CSV file and then manipulate it, bring it into your own existing data elements, data management, and so on. The other things you can do here, obviously, you can drill into this asset straight from here. So I can just click on this and it'll take me to that asset. So I can start taking advantage of things like patch management, patch on demand, taking a look at the tools to take a look at applications that are installed, manage those applications. So very similar to the way you would manage the asset today, but another way to get to and prioritize those views. Additionally to the all detections view, which is basically a listing of every vulnerability asset pair. So every vulnerability, so if I wanted to search for just a specific vulnerability, I can search for a specific vulnerability or one that contains something, right? I can filter this by that vulnerability, by this workstation or workstation string type, right? So I can drill down pretty quickly and pretty easily in the view, but we also give you the crosstab view. So today you're able to see in the crosstab view, you can see a listing of vulnerabilities that exist in your environment, and you can then also see a list of assets that are at risk to that vulnerability, and then even start to take actions directly from here. So initially we've got remote access and reboot, which are Ecoverse features that have been brought forward. Over the coming quarter, you'll start to see other things like run a scan now, install the install the update here, so you'll start to see additional actions flow into the vulnerability management capability. We also give you the ability to drill in and take a look at the details. Today the details for the vulnerability are basically information you would get from NVD or NIST. You can link out to the source, you can see the risk score, the CVSS score. This risk score is actually kind of an interesting thing that we're doing, because if you look at all of these vulnerabilities that exist here, they're all important or critical or, you know, sort of by severity, right? So you've got critical vulnerabilities. Well, which of these is most critical? These two have CVSS scores of 9.8. Great. Which one's more important? So one of the things that we have done is we've kind of taken this risk score on as a composite score of not only what is the CVSS, because you can see here I've got a 9.8 and an 8.8 CVSS, but they're both risk scored at 81. So the risk score is a composite of the CVSS, obviously. How prevalent this vulnerability is on exploited systems, so not just is it prevalent, but is it prevalent on systems that have shown indications of compromise? And then how recent has it been in play? Are there kind of known, you know, threats or workarounds or not workarounds, exploits for this? So we've started kind of taking a composite approach to the vulnerability to give you a sense where you can stack rank, not just on CVSS anymore, but you can actually start ranking on risk. And as we add more capabilities, you see some of the things we're going to be adding in the future, this risk score will become more informed and you'll have more information in the breakout. So the roadmap for today will be looking at CISA Kev, ransomware, is it a server, is it a workstation? Those types of indicators will start to inform this risk score even more as we progress from a composite perspective. So today that is the majority of what we have. So from a live demo perspective, it doesn't feel like a lot, but once you're sitting there staring at the fact that you've got, you know, thousands of vulnerabilities that you need to sort through, it actually is a lot of information to deal with. And so with that being said, a lot of the improvements we're going to be making over the next couple quarters are around prioritization and giving you better ways to slice this data and then giving you the ability to act on this data. So that's what I'm going to kind of show you the roadmap, but I'm going to pause for a moment and take a look at some of these questions that have already kind of flown in and maybe ask another poll question. So questions that have come in. We're using Sentinel-1 for vulnerability. How does this compare? Well, it compares kind of like apples and oranges. So Sentinel-1 is really good at blocking known exploits from occurring, rolling back if there's ransomware, potentially giving you some insight into those vulnerabilities. But what we're doing with this is we're actually using the agent that's already on the asset from the RMM to scan every six hours, plus or minus, and update us with a list of software that's installed. And then we cross-check that to the list of software that's vulnerable and give you that list right here in the RML. So from a Sentinel-1 perspective, that is real-time protection from somebody taking action against one of the vulnerabilities that exists, whereas this is giving you information about what vulnerabilities are there so that you can then come back in and remediate it. Will vulnerability scanning be able to originate from an on-site probe for devices not with an agent? Not right now. So the way that we're doing this today is it's a software inventory scan looking for vulnerabilities. We will be looking towards, in the later part of next year, some network scanning, at which point we may need or may have a network probe that can scan across the network. But for now, we're really just running a local agent scan for vulnerabilities. Let's see. So it would be nice to have a vulnerability status icon in the workstation server list. Yes, it would. And we are looking to bring that information in. So where we would probably land that would be up in the assets view. So we're already working towards bringing the list of vulnerabilities and the list of installed software into the assets view. So adding a column of vulnerability asset risk score or asset vulnerability level is absolutely on the roadmap for probably first part of next year. So that would start to show up here in the asset list in addition to obviously being here with vulnerabilities. Any plans to add an uninstall function? Yes, we are working on that actively and you should see that start to come in in the next quarter or so. Can you discuss the update available? Yes, so the update available column in this view is telling you that there is an update available for this particular software package that will remediate the problem. That doesn't necessarily mean that we can push that package at the moment, right? You may have to go get the updated version from the vendor, you may have to do some other, you know, there may be other things that are required. But what we are looking at is, is there an update available that will remediate this particular vulnerability? Is there a newer version of the software package that does not have this vulnerability? That's what that update available column is telling us. So one other problem tools have is how they group things and finding resolution. Filtering, so filtering with showing no updates available or no updates installed. So we are working to bring vulnerability management and the new patch management engine together into a consolidated flow as well. So you'll start to see those two things start to converge later this year where you'll be able to see vulnerabilities that are patched, patches available against vulnerabilities from inside enabled. So we are definitely making strides in that direction. If you're familiar with Chris Dunsmore and the work he's doing for the patch management Ecoverse proof of concept and the updates coming for patch management, we are working very closely together to unify these views. Is there a way to force a manual vulnerability scan? Yes, you're skipping ahead a little bit, but that is on the roadmap for next quarter as well. So that will be an action you'll be able to take against a given asset. So I'll show you some of that stuff in the futures. Let's see, all right, I think those are some of the questions I want to hit right here because they seem relevant. So let's see, so I'm seeing more questions coming in on the demo, so I'm going to stop the demo here real quick and maybe take a look at what's coming. But before I do that, time for another question and that is, have you started using vulnerability management in the product, in the preview? I know there are some questions on, hey I can't see assets in my view. If you are having that problem, if you can't see assets in your view, it could be that you don't have the right permission if you're running an end central or in site. So at the end of the session there'll be a link that you can snag where you can send me an email. So if you are currently using vulnerability management and you don't see any assets in the view, if it's empty, absolutely reach out to me with that link and I can get you set up. There may just be a checkbox that we're missing somewhere. So absolutely we can do that, but otherwise it should be turned on for you. So looks like a good portion of folks have already started using it and are planning to. Now what I would say to those of you who are actively using it, it is a preview feature. So things may change, things may update, things could move around on you. If you like what you see, click on, you know, give us feedback. I'll show you, actually I'll bring back the demo screen here one more time for that. If you like what you see, click on share feedback and let us know. If you don't like what you see, click on share feedback and let us know. We do actually listen, I do actually respond to the feedback. So but it looks like, you know, a good portion of you have started using it actively or are just starting to play with it. I would encourage those of you that haven't really dug into it to at least get in there, see what it sees, click rattles and things. So it's definitely going to be evolving and continue evolving over the next couple of quarters with your feedback. So what is coming, right? We talked about a lot of this stuff kind of as I went through the demo, but what is coming? So you're going to see CISA-KEV, that's the non-exploit database from CISA, as well as the MITRE CWE common weakness enumeration data for the MITRE ATT&CK framework. So you'll see that information about the vulnerabilities that are detected and we'll start to tag things that are exploit, have been known exploit, or known ransomware categories. We'll start to tag those in the view. We're also going to be adding operating system covers. Today we're really looking at just third-party applications, applications that are installed on Mac, Linux, and Windows. So as we get to the end of the year, in the beginning of next year, and as that patch management and ecoburst journey starts to converge with vulnerability management, you'll then be able to see operating system vulnerabilities. So hotfixes, service packs, in Linux you'll see application packages, Mac you'll see OS updates. So those will start to come in and you'll get a much more holistic view of the vulnerability state of not just the third-party application software, but also operating system software and be able to remediate those as well. As I mentioned, we're going to start to bring some of this vulnerability information into the asset view. So you all just have to see it in vulnerability views. You'll also be able to see it from the main asset views. Things like an asset risk score, things like vulnerable software attached to an asset, a full software inventory attached to the asset. Those types of things will start to come in probably beginning of next year. We will continue to drive towards adding actionable insights, right? Not just, hey, here's a vulnerability, go do something about it. So you'll start to see install, patch, uninstall, even accept the risk or ignore the risk. Those are, you know, sometimes you can't uninstall the application that's vulnerable and you can't upgrade it because it doesn't work in your environment. So sometimes you have to accept that risk or document some kind of compensating control. So we're going to give you those abilities to manage the full lifecycle of vulnerabilities, not just, you know, ignore it and move on. We're going to give you the ability to review those acceptances, review those compensating controls on a regular basis so that you actually have a full featured vulnerability management program, as well as the ability to track who did what when from an audit and historical perspective. And then from a prioritization perspective, we're going to start to give you more than just the columns and filters like Excel spreadsheet. We're going to start to give you visual filters and better ways to approach the data, whether it be through vulnerability management or patch management or both. So kind of some features that we're going to be doing. The visual filters, kind of almost like a BI dashboard to a certain extent, where you can click on one of these rings and it will automatically filter the data view. So if you're trying to drill into, I just want to see my Windows boxes, or I just want to see the systems that have exploits, or I just want to see servers or workstations, you'll be able to do that drill either with the visual filter or with the columns. So you're going to get also the ability to create saved views. So if you've got a view that you like and it's kind of your working view, you'll be able to save that view and come back to it, as opposed to having to reset up your columns and your filters and your workspace every time you come back. We're going to give you that exploit information. Does the workstation have an exploit, exploited vulnerability on it? Does the vulnerability have an exploit available for it? We're also going to give you the determination, or at least our best guess initially, of is this a workstation or is it a server, right? Based on the operating system that's installed. We know, I know from my history, and we've heard from folks, that yes, sometimes a Windows server is not a server. Sometimes it's a workstation. Sometimes a Windows workstation is a server. Sometimes a Mac is not a desktop, it is a server. Sometimes a Linux box is a workstation. We know that, and that is coming also from an overall asset view perspective, the ability to custom define what a workstation or server is, an asset with a tag, but until those tags arrive and are editable at scale, we're going to make a best guess, right? We're going to say, hey, if it's Windows and it says server in the name, it's a server. If it's Windows and it doesn't say server, then it's a workstation. If it's a Mac, it's probably a workstation. If it's Linux, it's probably a server, and that's kind of where we're going to start, but if you know that going in, and then you can use that to help you prioritize my servers versus my workstations, that's still further along than we were elsewise. So I think a lot of good things are going to come from a prioritization and visualization perspective in the next couple of releases, and so this is some of the goodness that's going to come. So just looking through questions, is there anything new, exciting? Will there be a feature that allows blocking of certain vulnerable applications or blacklisting applications that are installed? So you can do that today in NCentral for application control. We're looking at bringing that feature more holistically into the Ecoverse so that you can create a blacklist or a whitelist of applications, limiting what can be installed. The other thing that we are working through as we move down the journey of discovery, today we're kind of inventorying what Windows knows is installed based on what would show up in aggregate programs. We're working to expand that list to everything that's discovered on the system, so that would start to pick up user installed applications, portable applications, things of that nature, but that's probably a next year thing to be fair, but managing those would be something that we would be dealing with next year. So any other questions? Thanks Sasha for hitting the prerequisites there. When will reporting be enhanced in the dashboards? So we'll be bringing these dashboards in the next quarter or two, and then pushing even more detailed lifecycle type reporting into the analytics reporting engine probably in the beginning of next year. So that's kind of where we are in the journey. So let's see here. All right, we've talked about kind of what's coming, we've talked about folks that are already there. One more question for folks. So if you're using the vulnerability management today, which features are you finding most useful? And once we get some answers on this, I'll show you some of the cool stuff that we've also got coming to give you some of these details. I'll take a second to grab a sip. All right. Cool. Looks like the consensus is, show me if there's an update available. Great. And that's only going to get better as we move along. But the CVE details pane is good. So I want to show you next kind of the upgrade that we're going to give to the CVE details pane, which I'm really excited about. So we're going to up-level the CVE details pane. If you recall, it was just kind of a little sliver off to the side. So now we're going to give you way more information. I'm going to zoom in because it makes it a little bit easier to see. So we're going to give you more screen real estate. We're going to give you more indicators of what's going on with this particular vulnerability. We're going to bring those threat insights around CISA and CWE more to the forefront. Give you some metrics on how many affected assets, unresolved, resolved. And then in here, we're going to also give you, instead of having to pop out to the assets at risk or affected software tabs, we're going to go ahead and bring those in and give you those as part of this this working tab. So you'll be able to see the workstations. You'll be able to take actions on those exposed or assets at risk directly from inside the CVE and take actions like install third-party patch or install application update, reboot remote control straight from here and drill into the asset as well. So we're going to give you more space. We're going to give you the ability to kind of tear it off as a full page and work on that particular vulnerability from anywhere. So anywhere where you see the vulnerability ID, you'll be able to click on it and pull this tab out. And this also gives us more room later for more cool things like remediation plans, AI recommendations, things of that nature. So this will be a great add-on that's going to come in the next, by the end of this quarter, beginning, you know, end of this quarter, September-October timeframe. And then we'll just continue building on this as well. So you'll have some great capabilities around managing the assets, managing the vulnerabilities, actions, more actions available to you. So I'm looking forward to having that in the product because it gives me a lot more tools to deliver value. So one of the things that I wanted to just hit one more time is that feedback button in the product is driving our roadmap. It is driving what we're prioritizing. So the feedback that you're giving and questions here in this webinar and the webinar we've done before, sessions that people have done with me one-on-one or small groups, we're listening and we're implementing those changes. So we had multiple requests and we're bringing those in. So do not hesitate to ask questions, do not hesitate to propose ideas and needs. We're here to make this vulnerability management easier for you to manage, simpler, not to make it harder. So absolutely please use that feedback button, send me an email, make a comment in the Enable Me community. We're listening and we're taking that into account. So with that in mind, time for one more question before I show you the next stuff. But AI is everywhere, everyone's talking about AI, is going to take over the world, nobody's gonna have to do any work, we'll just all be able to sit around and you know watch sunrises and AI will do everything for us. But the question really is, for our purposes, how comfortable would you be if AI was making recommendations on what to remediate as opposed to you making the call from a data group? And I'm asking that question now because I want to show you kind of some of the stuff we're cooking up in the future. So I'm gonna hang out and wait just for folks. Seems to be a very hot topic, people are jumping in. While folks are responding to polls, I'm going to take a look. Remediations or recommendations? That's a good question, Cameron. So we would like to get to a point where initially AI is making recommendations, but potentially planning the remediation and then giving you, taking those remediative actions. Not sure if we're quite ready to go to fully autonomous remediation yet. That's partly the question, the reason for the question, right? How ready are are we for AI to take remediation steps? But initially at least recommendation. So it's like we've got probably most of the votes in, so I'll just end and share. So more than half of you are at least somewhat comfortable, which is kind of what we we see from folks we talked to. There are definitely folks that are not yet ready and that's okay. If you're familiar at all about with Enable and our commitments around AI, we continue to be committed to having a human in the loop at all times. So we're not going to just set the AI loose, we're not interested in Skynet. But I think there is value, especially when you consider the enormous amount of information around vulnerabilities that exists and having to sift through all that. I think there is value to use AI in looking at the landscape, the environment that exists, and making recommendations based on, you know, web search, reasoning, and then having the user approve that. So with that in mind, I want to kind of walk you through what what our thinking is as we move forward with AI and how we might integrate AI into into this journey. As we, you know, as we look at the roadmap and the things we're adding, right, we're adding information about what is there, how to inventory it, how to prioritize it, how to score it. We're hooking into the RMM's capabilities to remediate those vulnerabilities, whether it be through scripting or patching or application install, uninstall, potentially, you know, other compensating controls that you might have the ability to hook into. So as you think about that AI guided prioritization pathway, right, instead of coming in, digging through a dashboard, trying to find out what do I need to do, right, starting with AI saying, hey, based on this constellation of asset characteristics, vulnerability characteristics, the capability to remediate, how can we give you a recommendation that says, do these first and do them this way. So this kind of journey, technician journey of coming in, taking a look at that dashboard with AI recommendations, drilling into those recommendations, the reasoning behind those recommendations that the AI provides, chatting with the AI to say, hey, well, what about this and what about this and change that, and then having that formulate and build that script or remediation plan, then taking that action. It's not necessarily replacing you as the technician or you as the administrator and making the decision. It's decision support and then also kind of removing some of that toil and repetitive nature of things, right, sifting through large, vast amounts of information, make recommendations, and then potentially even, once you're done, making the determination that the AI's recommendation is good, it's right, it's correct based on the type of asset it is, the criticality of the vulnerability, taking and saving that logic automatically for anything that looks like that in the future. So you're still in the loop, you're still making that decision, but you are, it's being assisted by the context, the larger context. So, you know, we've started that proof of concept, we've started that work, right, so you probably have seen some of these workstation names in my demo environment. This is AI that was put against the actual real, air quotes, real demonstration environment that we use internally to enable, but looking at workstations based on their, or servers based on their capability, their risks, what should we do, what should we do first, right, so starting that work of having AI reason through and make recommendations based on not only what we know in our system, which is this asset has these characteristics and these vulnerabilities, but also combining that with what the large language models and the thinking models can go and get from web searches and citing that information, telling you, hey, I went out to this website, I looked at this particular vulnerability and this seems to be the script to remediate it. Would you like me to run this script? So those types of enhancements are what we're looking to bring in in the future, in the next year, and because we're uniquely positioned as a, as the RMM platform, as the control plane for your workstations, not only do we, can we take the information we've discovered, but we can also take the action, so it is that final unity of IT ops and security ops kind of coming together with some AI guidance in the middle. So that's kind of where we're, where we're coming from. We would absolutely be able to add things like maintenance windows, active use time, is it a business critical asset, so when we talk about those tags that we will be able to put on assets to give you kind of prioritization efforts, those are, those are things that we also would build into this, this path. So sneak peek, what's coming, I'm really excited about this work that our engineering teams are doing to bring AI to an actual application, not just a, you know, chatbot, but actual, you know, bring some action, actionable intelligence to the operation that is, you know, especially in a large environment, can be head spinning with the number of vulnerabilities and which ones should I focus on and which ones have what impact. So super excited to see this coming down the pipeline. So last things here, and then I'll try and hit some more questions, share your feedback, take our survey around what's next around network scanning, schedule a one-on-one meeting with me, right, so I'm going to leave these up here for just a second. Also coming up, actually coming up, I think, Tuesday, if you're interested, I am going to be on with Paul Kelly, one of our head nerds, for a much deeper dive in his office hours next, yeah, next Tuesday. So I put the link in the chat for anyone that's interested to go and join and sign up for that. That's primarily focused around Insight and then Central, but, you know, I'll be there talking, drilling in more one-on-one with him around what we've got coming with vulnerability management and, you know, probably some of what you've already seen today, but potentially more in-depth because it'll be a smaller group and more interactive. So by all means, you know, sign up for that office hours next week, click on one of these links, all the links, give us your feedback, have, you know, have a meeting. I love talking to partners, customers about what we're doing, what they need, just commiserating about the joy and fun of the daily grind that we live in, in the MSP and IT support world. So also use that shared feedback link. I look at it every day. So if you're having a problem, if you're having an issue, if you need support, yeah, you can use the feedback link, but if you actually need a, you know, if you're having a problem, either email me and I'll get you a support case or don't be afraid to open a support case. There are some weirdnesses with the way the permissions work right now because of the Ecoverse integration with SSO, just the nature of the beast. So there may need to be a couple of back-end alignments that need to be made if you can't see stuff or if stuff's not showing up consistently. The shared feedback is a place where you can voice those issues, but I guarantee that somebody's going to come right around and say, hey, can you open a support case and give me, you know, hop on a call, show us what you're seeing. So if you really want to get to the bottom of that, open that support case through EnableMe or, you know, shoot me an email. So just to kind of get it out there, there's my email, jeff.green at enable.com, but you can book those one-on-ones, join the EnableMe community here for vulnerability management. Please provide feedback any way you can. I'm going to take one last stroll through the questions here and see if there are any that are straightforward and easy to answer, and then we'll wrap up. Let's see. Will there be an option to receive automated notifications? Yes, there will be. We're working to integrate with the new notification services that are coming out in Ecoverse, so stay tuned, coming soon. Let's see here. Is it also possible to generate an overview report of a vulnerability across multiple customers? Yes. So if you're in the vulnerability view, you can see all your customers if you're at the top level of your organization, and then you can export that list using the export to CSV. So that's the easiest way to export or report on those vulnerabilities across all your customers, or if you want to drill in, obviously you can, you know, filter by customer and drill in. A specific report that is often asked for is the number of days between detection and remediation. Are there plans to create this report? Absolutely there are. Actually, vulnerability service level objectives and reporting for that is slated for Q1 of 2026. We'll be starting to collect that information and that lifecycle information in Q4, and so we will be doing, you know, kind of a how long has a vulnerability dwelled, what is your service level objective for, how long a given vulnerability, a given criticality should be there, and then obviously tying back into that notification and warning system of, hey, you've got a vulnerability that's about to go past its SLO, you should do something about it. So we are absolutely going to be doing that, Joe, in the beginning, coming next year. Will it check for installed programs created or registered? Currently today, no, it will not. It's just looking at what is in ag-removed programs, but as I said, we're looking to expand that to a broader discovery, which obviously is a little bit more end-user, end-machine intensive, so we don't want to do it every, you know, six hours. We want to do it maybe once a day or once a week. So partly there's a scheduling aspect of how often you want to do like an in-depth inventory scan, but yes, once we have the ability to do that in-depth inventory scan on a controlled basis, then we'll be walking the registry, walking the file system, looking for, you know, portable apps, apps that are installed, you know, in weird places, not installed with ag-removed programs, looking at, you know, things like Winget, Chocolaty, stuff like that. So much broader discovery that will be coming, but it's also more intensive, so we need to put some guard rails around doing it, not just automagically, you know, hammering everybody's endpoints at all the same times. So I think, let's see, any other questions? Sasha, any other high-level questions that maybe I missed that I should grab? I think you're looking good on the high-level questions. How long does the resolved vulnerability remain on the list? That's a good question, Michael. So today, the intent is for it to stay there for 90 days, but since we're still in preview, we're leaving them to stay until we get to a point where we have the full analytics engine and can offload that out of the main dashboard into kind of a long-term lifecycle trend management. So the intent is to get it cleaned up so that once it's resolved, it disappears after 90 days, but for now, those resolved ones are going to hang around a little bit longer. If you don't want to see them, just filter them out, save the view when that saved view comes out, and you know, you can move on from there, but for now, we want to keep them in the database so we can transition it into the full analytics platform once that lands next year. Alright, I think after a quick scan, those are the big ones. If there is a question that you asked that I did not answer, feel free to email me or reach out using one of the other methods, or come to the office hours next week with Paul and myself, and we can drill into the questions more in a one-on-one, and I hope this was informative and helpful.

TL;DR

  • N-able has integrated vulnerability management directly into N-central and N-sight RMM platforms at no additional cost, currently scanning third-party applications on Windows, Linux, and Mac endpoints with plans to add OS vulnerability detection.
  • The system uses a composite risk score that combines CVSS ratings with exploit prevalence and recency data, helping MSPs prioritize which vulnerabilities to address first when multiple issues share the same severity rating.
  • Current preview features include role-based access, filtering, crosstab views showing affected assets per vulnerability, and deep linking to remediation tools, with export capabilities expanding from 10,000 to one million rows.
  • The roadmap includes integration with Ecoverse patch management, AI-guided prioritization and remediation recommendations, visual filtering dashboards, saved views, and vulnerability service level objective tracking.
  • N-able is developing AI capabilities that will recommend remediation priorities based on asset characteristics and vulnerability context, with human-in-the-loop controls ensuring technicians approve all actions before execution.
  • Additional planned features include operating system vulnerability scanning, application install/uninstall actions, risk acceptance workflows, compensating control documentation, and lifecycle reporting showing time from detection to remediation.

Built-In Vulnerability Management for RMM Platforms

N-able has integrated vulnerability management directly into N-central and N-sight RMM platforms, eliminating the need for separate third-party tools. The feature scans applications installed on Windows, Linux, and Mac endpoints to detect vulnerabilities, presenting them in a unified interface where MSPs already manage remediation activities. This consolidation addresses a common pain point where technicians must cross-reference multiple tools, maintain separate lists, and rescan repeatedly to verify fixes. By bringing detection, prioritization, and remediation into the same workflow, N-able aims to streamline the entire vulnerability lifecycle from discovery through resolution.

Current Capabilities and Access Requirements

The vulnerability management feature is currently available in preview for all N-central and N-sight customers at no additional cost. N-central users must run version 2025.3.1.9 or later and use N-able SSO for authentication, as this is an Ecoverse feature. The current implementation scans third-party applications across supported operating systems, provides role-based access control, and offers filtering capabilities similar to the assets view. Users can view vulnerabilities by detection (every vulnerability-asset pair) or use a crosstab view to see which assets are affected by specific vulnerabilities. The interface includes export functionality for datasets under 10,000 rows, with plans to expand this to one million rows in the coming quarter.

Risk Scoring Beyond CVSS

N-able has implemented a composite risk score that goes beyond traditional CVSS ratings to help MSPs prioritize remediation efforts. The risk score combines CVSS severity with additional factors including how prevalent the vulnerability is on exploited systems and how recently it has been actively exploited in the wild. This addresses the common challenge where multiple vulnerabilities share the same CVSS score, making it difficult to determine which should be addressed first. The system will incorporate additional signals over time, including CISA KEV (Known Exploited Vulnerabilities) status, ransomware associations, and whether the affected system is a server or workstation, providing increasingly sophisticated prioritization guidance.

Roadmap and AI-Assisted Remediation

N-able's roadmap for vulnerability management includes operating system vulnerability detection, integration with the new Ecoverse patch management engine, and AI-guided prioritization. The company is developing AI capabilities that will analyze the constellation of asset characteristics, vulnerability details, and remediation options to provide specific recommendations on what to address first and how to fix it. This AI assistant will cite sources, explain its reasoning, and allow technicians to refine recommendations through conversation before taking action. The system will maintain human-in-the-loop controls, with AI serving as decision support rather than autonomous remediation. Additional planned features include saved views, visual filtering dashboards, vulnerability service level objectives, lifecycle reporting, and the ability to accept risk or document compensating controls for vulnerabilities that cannot be immediately remediated.

Chapters

0:00 - Introduction and Housekeeping
2:35 - Why Vulnerability Management in RMM
5:54 - Access Requirements and Prerequisites
8:03 - Audience Poll: Current VM Practices
10:42 - Live Demo: Current Features
14:43 - Risk Scoring Explained
23:51 - Audience Poll: Feature Usage
25:51 - Roadmap: Coming Features
35:15 - Enhanced CVE Details Pane
39:29 - AI and Vulnerability Management
47:33 - Resources and Q&A

Key Quotes

3:52 "For us at Enable, what we really want to do is bring that entire life cycle of vulnerability management into the tool you use every day to manage the endpoint because that's most likely the tool you're going to use to remediate the vulnerability."
15:32 "We've kind of taken this risk score on as a composite score of not only what is the CVSS, because you can see here I've got a 9.8 and an 8.8 CVSS, but they're both risk scored at 81."
16:03 "How prevalent this vulnerability is on exploited systems, so not just is it prevalent, but is it prevalent on systems that have shown indications of compromise? And then how recent has it been in play? ..."
22:03 "We are working to bring vulnerability management and the new patch management engine together into a consolidated flow as well. So you'll start to see those two things start to converge later this year."
41:26 "We continue to be committed to having a human in the loop at all times. So we're not going to just set the AI loose, we're not interested in Skynet."
43:06 "Instead of coming in, digging through a dashboard, trying to find out what do I need to do, right, starting with AI saying, hey, based on this constellation of asset characteristics, vulnerability characteristics, the capability to remediate, how can we give you a recommendation that says, do these first and do them this way."
46:14 "We're uniquely positioned as a, as the RMM platform, as the control plane for your workstations, not only do we, can we take the information we've discovered, but we can also take the action, so it is that final unity of IT ops and security ops kind of coming together with some AI guidance in the middle."

FAQ

How do I enable vulnerability management if I don't see it in my N-central or N-sight instance?

For N-sight, the feature should be available by default, but if you use custom permissions you may need to add the Ecoverse vulnerability management permission to your user role. For N-central, you need to be running version 2025.3.1.9 or later and using N-able SSO for authentication. System administrators have the permission enabled by default, but you can grant it to other users through granular permissions. If you still don't see assets in the vulnerability view after checking these requirements, contact N-able support or reach out to the product team directly.

What's the difference between the risk score and CVSS score shown for vulnerabilities?

The CVSS score is the standard industry severity rating from NIST/NVD, while N-able's risk score is a composite metric that combines CVSS with additional factors including how prevalent the vulnerability is on exploited systems and how recently it has been actively exploited. This helps prioritize remediation when multiple vulnerabilities have the same CVSS rating. The risk score will become more sophisticated over time as N-able adds signals like CISA KEV status, ransomware associations, and asset type (server vs. workstation) to the calculation.

Can I track how long vulnerabilities remain unresolved and set service level objectives?

Vulnerability service level objectives and lifecycle reporting are planned for Q1 2026. N-able will begin collecting dwell time data (days between detection and remediation) in Q4 2025, which will enable reporting on how long vulnerabilities of different criticality levels remain in your environment. The system will support setting SLOs for different vulnerability types and provide notifications when vulnerabilities are approaching their SLO deadlines. Currently in preview, resolved vulnerabilities remain visible in the interface rather than disappearing after 90 days to support the transition to the full analytics platform.

Categories:
  • » Cybersecurity » Endpoint Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Vulnerability Management
  • Endpoint Management
  • Security Operations
  • AI & Machine Learning
  • Webinar
  • Technical Deep Dive
  • Getting Started
  • RMM Platform Integration
  • Risk Scoring and Prioritization
  • Patch Management
  • AI-Assisted Remediation
  • Endpoint Security
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Vulnerability Management in N-central & N-sight

              XStreaminars (watch here)

              • Jul
                28

                Illumio + Netskope: Zero Trust in the Age of AI Autonomy

                07/28/202601:00 PM ET
                • Jul
                  29

                  Ask Your Cloud Anything: Unlocking Governance Silos in your Environments

                  07/29/202601:00 PM ET
                  More events

                  Industry Events (watch there)

                  • Jul
                    22

                    Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                    07/22/202601:00 PM ET
                    • Aug
                      19

                      Becoming Agent Ready: Insights from Cyera's Expertise

                      08/19/202612:00 PM ET
                      More events

                      Upcoming Webinar Calendar

                      • 07/21/2026
                        04:00 AM
                        07/21/2026
                        Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                        https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
                      • 07/22/2026
                        06:30 AM
                        07/22/2026
                        Insights and Strategies for Effective Data Privacy and Protection
                        https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
                      • 07/22/2026
                        01:00 PM
                        07/22/2026
                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                        https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
                      • 07/28/2026
                        01:00 PM
                        07/28/2026
                        Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                        https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
                      • 07/29/2026
                        04:00 AM
                        07/29/2026
                        Real-Time Strategies for Safeguarding Against Prompt Injections
                        https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
                      • 07/29/2026
                        01:00 PM
                        07/29/2026
                        Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                        https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
                      • 08/19/2026
                        12:00 PM
                        08/19/2026
                        Becoming Agent Ready: Insights from Cyera's Expertise
                        https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
                      • 09/02/2026
                        12:00 PM
                        09/02/2026
                        Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                        https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
                      • 09/30/2026
                        04:00 AM
                        09/30/2026
                        AI Command Center: Optimizing Visibility and Control in Your Operations
                        https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/
                      Truth in IT
                      • Sponsor
                      • About Us
                      • Terms of Service
                      • Privacy Policy
                      • Contact Us
                      • Preference Management
                      Desktop version
                      Standard version