AI TOOL PROFILE
Holm Security VMP: Vulnerability Management Software
- Security
- Vulnerability Management
- Small and medium-sized businesses
- Organizations with hybrid cloud and on-premise environments
- Companies needing to meet EU regulatory compliance
- IT managers overseeing OT and IoT infrastructure
Pricing
Pricing is based on the number of assets (active IPs, web apps, cloud resources, or users) and requires a custom quote. Free trials are available. Buyers should confirm current pricing on the vendor website.
At a glance
- Best for
- Small and medium-sized businesses, Organizations with hybrid cloud and on-premise environments, Companies needing to meet EU regulatory compliance, IT managers overseeing OT and IoT infrastructure
- Key use cases
- Continuous Asset Discovery, Compliance Alignment, API Vulnerability Management, Employee Security Awareness
- Integrations
- SIEM, CMDB, Ticketing systems, CI/CD pipelines, Postman import
- Official website
- Visit holm security vmp official website

How AI is used
Holm Security VMP is a security platform designed to provide a continuous overview of an organization's attack surface. It combines asset discovery with vulnerability scanning to identify weaknesses in servers, cloud environments, and web applications.
The tool supports businesses with diverse digital environments, including those utilizing IoT, OT, and cloud platforms like AWS, Azure, Google Cloud, and Oracle Cloud. It also includes components for employee awareness, such as phishing simulations and training.
Buyers can choose between cloud-based access for faster deployment or on-premise installation for organizations that prefer to keep sensitive data within their own infrastructure. The platform is designed to help teams transition to a risk-based security posture.
Before selecting this software, buyers should confirm their total asset count, as licensing is based on the number of monitored assets.
Key Features
Attack Surface Management (ASM)
Supports the discovery and monitoring of internet-facing and local assets to help identify shadow IT and blind spots.
Vulnerability Scanning
Scans systems, servers, network devices, and OT/IoT devices for vulnerabilities.
API Security Scanning
Assesses REST, GraphQL, and SOAP APIs for vulnerabilities, including the OWASP API Top 10.
Cloud Security (CSPM)
Identifies misconfigurations and vulnerabilities across Azure, AWS, Google Cloud, and Oracle Cloud.
Phishing Simulation & Training
Runs simulated phishing attacks and provides automated awareness training for users.
Compliance Reporting
Supports risk assessments and reporting aligned with NIS, NIS2, DORA, ISO 27001, PCI DSS, and GDPR.
Use Cases
Continuous Asset Discovery
Identifying hidden or forgotten local and internet-facing APIs and systems.
Compliance Alignment
Supporting technical requirements for EU directives like NIS2 through automated risk assessments.
API Vulnerability Management
Scanning and securing APIs to protect data exchange workflows.
Employee Security Awareness
Conducting phishing simulations to identify and train users.
Integrations
- SIEM
- CMDB
- Ticketing systems
- CI/CD pipelines
- Postman import
- Fiddler import
- Burp Suite import
- HAR import
FAQ
How is Holm Security VMP licensed?
- Licensing is based on the number of assets assessed. System & Network Security uses active IPs, Web Application Security uses URLs, Cloud Security uses cloud resources, and Phishing Training uses the number of targeted users.
Can the software be installed on-premise?
- Yes, Holm Security offers both cloud-based deployment and an on-premise option for organizations that prefer to keep sensitive data within their own infrastructure.
Which compliance standards does the tool support?
- The platform is designed to help organizations meet requirements for NIS, NIS2, DORA, ISO 27001, PCI DSS, and GDPR.
Source category: Security
Source subcategory: Vulnerability Management
More tools in Security
Other published listings in the Security category.
More tools in the Vulnerability Management software type
Related listings that share the same software type for comparison and shortlisting.
