While vulnerability assessment products are moving solidly in the direction of vulnerability management, Citadel Security Software takes that shift one step further with its focus on automatic remediation.

Citadel's Hercules is an automated vulnerability remediation tool that pulls results from vulnerability assessment scanners, applies its own detailed knowledge on remediation procedures across a variety of platforms, and then either recommends remediation steps or makes them happen.

The main focus of the product is to run remediation tasks, which could be changing file permissions, changing a password, setting an operating system configuration option or installing a patch. Administrators also can script their own fixes if they desire, and full rollback options are available.

Agents are installed on target systems that listen for information from a Citadel central server on how to handle remediation tasks. Remediation scripts also running on the target systems are responsible for fixing identified vulnerabilities.

You can use Hercules without agents, relying on Secure Shell, Windows Services or HTTP/Secure-HTTP for communications to the system from the central server.

Citadel also helps you use its remediation tool to further policy compliance. You can use Hercules to define policy groups. When scan results are imported, Hercules automatically pushes out fixes to machines that don't follow group policy if that is how the administrator has set up the script.

While auto-remediation sounds great, system administrators are wary. The remediation is based on the vulnerability assessment results, so you need to ensure those results are accurate for auto-remediation to be successful.