but is not limited to, device discovery and inventory, vulnerability management, network and security monitoring, risk analysis and assessment,incident responseand policy enforcement