Top 10 Vulnerability Management Solutions

CrowdStrike Falcon Spotlight by CrowdStrike

Austin, Texas | 2011 | www.crowdstrike.com

CrowdStrike Falcon Spotlight is part of the larger CrowdStrike Falcon EPP platform. It is a modern, cloud-native VM with no infrastructure to manage, no scanning impact to hosts, and quick, timely results.

Key Features

• Real-time vulnerability assessment to stay ahead of emergent threats
• Assess vulnerabilities via a single, lightweight agent, without scanning overhead or any need for additional infrastructure
• Intuitive dashboards, visualizations, and reporting
• Fully integrated with CrowdStrike Falcon platform, including world-class threat feeds and embedded information for incident response teams

• ExPRT.AI  prioritization incorporates the latest threat context to dynamically prioritize the vulnerabilities VM teams can focus on

Frontline VM by Digital Defense (Fortra)

San Antonio, TX | 1999 | www.digitaldefense.com

Digital Defense is part of the Fortra Cybersecurity portfolio, offering vulnerability scanning, web application assessment, pen testing, compliance auditing, and network endpoint correlation.

Key Features

• AI-driven decision making
• Lightweight, flexible agent
• No reboots are required during setup
• Cloud-native for flexibility, better scaling, and reduced operating costs
• Wide range of features
• Offers penetration testing and adversary simulation
• Can be expensive and complex to use

Kenna.VM by Kenna Security (Cisco)

San Francisco, CA | 2009 | www.kennasecurity.com

A vulnerability management solution that leverages artificial intelligence and machine learning to analyze threats and prioritize risk across the business.

Key Features

• Patented machine learning techniques for vulnerability assessments
• Extensive list of pre-built connectors for use across entire tech stack
• Powerful risk scoring tool for better prioritization
• Internal and external data used to assess risk
• Not as user-friendly as other products
• Complex query language that requires training

Vulnerability Manager Plus by ManageEngine

Pleasanton, CA | 2002 | www.manageengine.com

A vulnerability management solution from the maker of additional tools across IT management and security, including AD management, Microsoft 365, and low-code development.

Key Features

• A comprehensive VM solution that scans devices on and off the network
• Provides deployment policies, antivirus audits, and role-based administration
• Simple and easy to use
• Wide array of IT management tools and integrations
• Poor reporting capabilities compared with competitors

NopSec Platform by NopSec

Brooklyn, NY | 2013 | www.nopsec.com

Correlates data from your IT systems with external vulnerability data to discover, prioritize, remediate, simulate, and measure cybersecurity threats.

Key Features

• Attack Surface 360 provides a full view of your IT assets to analyze for gaps between assets connected to your environment and those you’re actively managing
• Celebrity Vulnerability Hunt automatically identifies vulnerabilities and enriches content with zero-day bulletins from NopSec’s Offensive Security team
• Good integrations with ITSM platforms like Jira and ServiceNow
• Automated ticket creation, patching, and configuration management
• Risk Simulator and Attack Emulator to simulate attacks and conduct “what if” analysis
• Not suitable for large enterprises

InsightVM by Rapid7

Boston, MA | 2000 | www.rapid7.com

InsightVM by Rapid7 is a VM tool that scans vulnerabilities, prioritizes them, and facilitates remediation workflow.

Key Features

• Risk score prioritization
• Expensive
• Difficult to maintain
• No cloud-native console

Vulnerability Control with Skybox Security

San Jose, CA | 2002 | www.skyboxsecurity.com

Skybox Security aggregates data from network infrastructure, configuration databases, and external scanners to show various perspectives

Key Features

• Combines network modeling, exposure management, and path analysis to develop accurate risk assessments
• Integrates with other vulnerability scanners for a comprehensive view across the environment
• Straightforward deployment and configuration
• Easy-to-use interface for users and administrators
• Compatibility across a wide range of operating systems
• Expensive
• Slow response times from support team

Nessus by Tenable

Columbia, MD | 2002 | www.tenable.com

A basic on-premises software VM solution from Tenable.

Key Features

• Low cost
• Wide range of templates across threat landscape
• High false positive rates
• Minimal management capability
• Extensive configuration required

Tripwire Integrity Management by Tripwire (Fortra)

Portland, OR | 1997 | www.tripwire.com

A VM solution that is part of the Fortra brand. Focused on connecting complementary cybersecurity products to create comprehensive solutions.

Key Features

• Comprehensive profiling across all devices
• Intelligent prioritization based on risk scoring
• Open API integrates with other systems
• Comprehensive reporting features

• Can execute custom Command Output Capture Rule (COCR) rules
• Bugs in UI
• Stability issues

Qualys VMDR by Qualys

Foster City, CA | 1999 | www.qualys.com

A security-focused software as a service (SaaS) product.

Key Features

• Key partnerships with public cloud providers
• Enterprise-grade solution that caters to complex environments
• Advanced automation and orchestration features (Qualys Flow)
• Real-time scanning
• Great management of remote and mobile devices
• Clear advice on vulnerability remediation
• Overwhelming feature set for basic users
• Complex interface requiring more experienced engineers