This content is part of the Buyer's Guide: Select the vulnerability management tool that fits your business needs
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Beyond Security's AVDS: Vulnerability management product overview

Expert Ed Tittel examines Beyond Security's Automated Vulnerability Detection System, which scans IP-based network infrastructures to detect vulnerabilities and identify assets.

Beyond Security provides products and services that help organizations test and assess networks, software and web applications for a wide range of security weaknesses. The company's Automated Vulnerability Detection System product is available as an on-premises network appliance or as a software as a service offering.


Beyond Security's Automated Vulnerability Detection System (AVDS) is a vulnerability management tool that scans IP-based networked infrastructure, including servers, firewalls, routers, switches and operating systems, to identify assets and detect vulnerabilities. Administrators do not need to install software or agents on the infrastructure, and they can schedule scans or perform them on demand. AVDS vulnerability databases, meanwhile, are updated automatically each day.

Beyond Security's AVDS doesn't include auto-patching or auto-remediation like some of its competitors. Beyond Security believes that patches must be tested and verified by humans before being deployed, so a few automation features are intentionally not included.

Beyond Security offers a multi-unit AVDS system that can scan tens of thousands of IPs in large environments with segmented or distributed networks, and generate remediation tickets when vulnerabilities are found -- and then track them within the system. The management console enables departmental administrators to perform scans and generate reports on their own parts of the network. An entry-level version is available for smaller networks with up to 500 active IPs -- a single network, single administrator scenario. Customers can also get AVDS as a hosted solution for scanning websites or IPs on the external edge of the network. Scan results may be exported to nearly any type of SIEM, ticketing system or similar systems.

An AVDS scan can also serve as a penetration test by probing an organization's internal network, DMZ and wide area network. Pen tests run automatically, as scheduled, and do not impact network performance or cause damage.

Performance and deployment

Beyond Security's AVDS has a false positive rate of about 0.1%, which is very low for vulnerability scanning tools. AVDS achieves this rate by querying network components and analyzing the resulting behavior to verify vulnerabilities before reporting them to the customer. Many other scanning products primarily perform version checking to determine if vulnerabilities exist, which can increase the number of false positives an administrator must handle.

The vulnerability detection product was designed to be easily deployed and straightforward to use; the hardware version can be up and running within an hour. The reporting system lets an administrator see changes from a security baseline and track remediation efforts. The system can also generate reports for most common vulnerabilities, vulnerabilities by business unit, vulnerability trends and compliance for regulations such as the Payment Card Industry Data Security Standard and HIPAA.

Beyond Security's AVDS is available in several different product versions: AVDS for Corporations (enterprise level), AVDS for small and medium-sized businesses and Hosted AVDS (SaaS offering). Beyond Security also offers PCI scanning as a separate, stand-alone service.

Pricing, licensing and support

Whether a customer uses the on-premises or SaaS version, Beyond Security licenses AVDS based on active IPs, which means the customer pays only for scans performed against IPs in use.

Beyond Security offers unlimited phone support with access to staff experts. Beyond Security also owns SecuriTeam, a security vulnerability information portal that provides security news articles, detailed vulnerability advisories and an Ask the Team feature.

Next Steps

In part one of this series, learn the basics of vulnerability management tools

In part two read about enterprise use cases for vulnerability management

In part three discover the purchasing criteria for vulnerability management tools

In part four compare the leading vulnerability management products on the market

This was last published in October 2016

Dig Deeper on Risk assessments, metrics and frameworks