We all worry that there's some lurking security problem in our servers. We do what we can, patching, following best practices, keeping up-to-date with training and news. But wouldn't it be great to have an automated tool to check our work? That's the promise of vulnerability analyzers: products that detect problems in configuration, applications, and patches.
Used correctly, a vulnerability analyzer can help you stay on top of hundreds or thousands of servers, network devices, and embedded systems. You'll know where to focus your efforts for security remediation, and you'll know that you have a system in place to keep little things from slipping through the cracks and becoming big things.
However, used incorrectly, these analyzers can generate thousands of pages of confusing information, frustrate security and network managers, and end up causing more problems than they solve.