A security configuration management system accesses, from two or more data sources, network data gathered from a network. The network data includes Internet Protocol (IP) addresses, device types and software used in the network. The system aggregates the network data, yielding an aggregated asset database, and generates, based on the aggregated asset database, a network topology describing computing nodes in the network and interconnections between the computing nodes. The system determines, based on a database of known security vulnerabilities corresponding to device and software profiles, a set of security vulnerabilities for the network and determines a set of security policies for the network based on the set of security vulnerabilities. The system generates network security configurations for the network based on the network topology and the set of security policies, and implements the network security configurations on a network security device in the network.