There is no single automated vulnerability scanner that can reveal all security risks. For this reason, organizations have to use more than one scanner due to different requirements. SecFusion allows the security findings generated by these different tools to be collected in a single repository.

Among the security findings collected, besides the vulnerabilities found in conventional network components, the solution also includes application security findings on applications that are on production. In addition to this, compliance findings, security findings produced by static scans over code repositories can be transferred to the SecFusion vulnerability pool.

Gathering such different types of security findings in the same place provides many benefits for their reporting and analysis. However, it is not possible to resolve thousands or even tens of thousands of findings urgently due to limited resources. SecFusion guides organizations to prioritize which vulnerabilities should be covered by both the specially developed finding prioritization technology and integrated with other third party risk prioritization methods.

Security scans are usually performed actively, that is, by opening more than one connection to target systems. Since this scanning method causes traffic and processing power, they are not performed especially on business-critical assets. SecFusion passively reports the vulnerabilities of these assets after certain information is obtained.