The risk-based vulnerability management tools provide IT security teams with an automated, continuous ability to identify, prioritize, and resolve cyber-based vulnerabilities based on the relative risk they present to a particular organization.
According to NIST, defines vulnerability management as an “Information Security Continuous Monitoring” (ISCM) capability that identifies vulnerabilities (common vulnerabilities, and exposures (CVEs),) on devices that could be used by attackers to compromise the device and then use it to spread compromise across the network.”
There are so many vulnerabilities in large, complex, and interconnected computing environments enterprises cannot implement all software patches or other remediations promptly if any.
It is necessary to perform complex triage, which quickly identifies and escalates vulnerabilities that pose the greatest risk to an organization’s specific circumstances. Automated tools with machine learning capabilities (ML) are required to do this. Leading vulnerability management software vendors are adapting to incorporate risk-based solutions in their products.
These providers can be either larger vendors who offer risk-based VMs as modules within large cyber platforms (e.g. for cloud security or endpoint/extended response) or specialists in the VM field.
Gartner projects that the risk-based VM sector will reach $ million by 2022. Depending on the definition of VM, other analysts have also estimated that the market for broader VMs has passed the $2 billion mark by 2022. IDC based on a 16% annual growth rate, estimates that the device-based VM marketplace will reach $1.7 billion by 2020. This would bring it to $2.2 billion in 2022.
What are risk-based vulnerability management tools?
Analyst firms have changed their focus and terminology since the IDC released its 2020 growth estimate. Some firms lump together vulnerability management and security information event management (SIEM). Others expanded the definition of vulnerability management, coining the term “attack surface management” or ASM. Others focus on endpoint management and not vulnerabilities in general. It is safe to estimate that the market is valued at around $2 billion per year.
8 Key features of vulnerability management software
Balbix lists these eight features of risk-based vulnerability management:
- Automated discovery and inventorying of all IT assets, users, and applications
- Visibility on all types of assets, including BYOD and IoT. Cloud and third-party assets.
- Beyond scanning for vulnerabilities in unpatched programs, coverage of attack vectors
- Monitoring all assets in real-time and continuously across all attack vectors
- Understanding the context and business risks for each asset
- Ability to create a complete image using artificial Intelligence (AI), and ML to analyze large amounts of data from thousands of observations
- Prioritized list of security measures based on a thorough assessment of the business risk
- Prescriptive solutions to address
Robust reporting that combines an organization’s compliance profile is another requirement for modern risk-based virtual machines.
Top 10 risk-based vulnerability management tools
1. Rapid7 InsightVM
Rapid7’s cloud-based InsightVM product allows for real-time network scanning. InsightVM is a module of the larger Insight platform that includes cloud Security, application security, threat intelligence, orchestration, and automation.
InsightVM integrates with the larger platform. Its unique features include prioritization and risk scoring from 1-10 instead of the usual 1-10. Automatic pen testing is also included in the solution. This is a good choice for people who need a complete security program, rather than just vulnerability management. It does the vulnerability function very well.
Rapid7 InsightVM receives high marks from TrustRadius and IDC. According to IDC, the company holds a 15% share of the device VM market. Its ease of use, consistency in scanning, and the results it provides are all appreciated by users. Some users have concerns about integration and deployment issues, support responsiveness, slowness to provide updates, and scanning takes longer than necessary.
2. Arctic Wolf Managed Risis
Arctic Wolf Managed risk assists organizations in assessing, assessing, and defending against digital risks. It provides a holistic view of attack surface coverage across networks and endpoints, as well as the cloud. It is targeted at mid-sized organizations that wish to outsource large parts of their security management to external providers.
Its Concierge Security Team is one of its differentiators. This team gives organizations instant access to security professionals they may not be able to hire or retain. Every customer is assigned a security specialist who assists in identifying vulnerabilities, areas of credential vulnerability, and system misconfiguration problems.
Gartner Peer Insights rated Arctic Wolf Managed risk as the second-highest vulnerability management tool user rating. G2 also gave it a high rating. The Concierge Security Team was highly praised by users for its responsiveness and value. Some users complained about not receiving enough feedback on the specific causes of vulnerabilities. However, the team resolved them without IT being aware.
3. CrowdStrike Falcon Spotlight
CrowdStrike Falcon Spotlight forms part of a larger Falcon Suite that also includes EDR, antivirus, and threat hunting/intelligence. The Spotlight section offers:
- Automated assessment of vulnerabilities on and off the network
- Reduced time to respond, and real-time visibility into threats and vulnerabilities
- Falcon Spotlight’s ExPRT.AI rating allows you to predict and prioritize which vulnerabilities will most likely affect your organization.
- Vulnerability and patching orchestration
Its integration with CrowdStrike Security Cloud, and its built-in artificial intelligence, which ties vulnerability assessment and threat intelligence together in real-time, are its key differentiators. A single lightweight agent architecture is also available.
Its Gartner Peer Insights ratings are higher than other products on the list. TrustRadius also rated Falcon Spotlight highly. Users find it simple to use and easy to install. They also like the fact that it provides clear directions and quickly highlights problems. It is easy to integrate with other CrowdStrike tools and has a low overhead. Some users were disappointed in the limitations of scanning security applications for misconfigurations.
4. Tenable IO
TenableIO provides insight into all assets, vulnerabilities, and the entire attack surface. Tenable acquired a number of products that included Active Directory-specific offerings and on-premises solutions to complement its Tenable One exposure-management platform.
Tenable IO is a cloud-based solution that helps IT improve the effectiveness of vulnerability management activities. Tenable also offers additional tools like the Nessus vulnerability assessment software. Tenable boasts over 40,000 users worldwide, including 60% of the Fortune 500.
Tenable Community is one of the distinguishing factors. This community allows users to help each other with problems. Active and passive scanning, and visibility for both on-prem as well as the cloud, including virtual machines and cloud instances, are also available. Cloud Connectors provide continuous visibility and assessment of public cloud environments such as Amazon Web Services (AWS), Google Cloud Platform, and (MS Azure) Microsoft Cloud Platform.
According to IDC, Tenable holds a 25% market share. Tenable’s scanning engines are praised by users for being powerful and efficient and having granular site capabilities. Tenable IO is also highly praised for its ability to calculate risk scores. Support is lacking, scanning speeds can sometimes be slow and the interface can be confusing for some.
5. Qualys VMDR
Qualys VMDR (Vulnerability management, detection, and response) automatically detects and inventories all hardware and software assets in an environment. The cloud-based app constantly assesses and applies threat intelligence in order to prioritize and correct exploitable vulnerabilities. The company recently purchased AI and ML capabilities from Blue Hexagon. It also upgraded its risk assessment capabilities and has improved attack surface management features.
The key difference is real-time threat intelligence, which can be linked to machine learning, to manage and respond to evolving threats. The solution automatically detects and deploys any new patch to the asset. It also lists critical misconfigurations. It is applicable to mobile devices, as well as operating systems and applications. It provides virtual scanners, network analysis, and other tools all in one app that is unified through orchestration workflows.
TrustRadius, IDC, and G2 highly rate the product. IDC numbers indicate that Qualys holds about 20% of the market. Its vulnerability signature databases are well-respected by users. Its ability to detect and respond in real-time to configuration and vulnerabilities, its ability to organize security policies, and its excellent reporting and alerting capabilities are also highlighted by users.
However, some users feel that the cloud and hypervisor assessment support could have been better. Some users felt it was difficult to get technical support and documentation.
Also read: Top 8 Encryption Software for 2022
6. Cisco’s Kenna Security
In mid-2021 Cisco purchased Kenna Security. It has added the risk-based security management product, to its security offerings that include its SecureX platform.
Kenna is a full-stack, risk-based VM that can be used most frequently in an enterprise environment. It provides extensive integrations to cross-platform environments and detailed reporting capabilities.
G2 and Gartner reviewers give Kenna high marks. They praise the platform’s capabilities and the support they received. To keep with the larger-environment focus, some people find it difficult to use and confusing software to learn, However, its visualization capabilities get high marks.
7. Frontline Vulnerability Manager
Frontline Vulnerability Management by Digital Defense, which is owned by Fortra (formerly Help Systems), is a SaaS-based vulnerability management and threat management platform. It provides discovery and analysis as well as scanning technology that is based on fingerprinting and cross-context auditing in order to identify trends in vulnerabilities. It is available on AWS so those who already use it may enjoy the convenience and integration benefits.
Differentiators include the adoption of agreed-upon criteria for sorting, filtering, and prioritizing responses and remediation and the ability to scale to hundreds of thousands of assets with a single subscription.
Gartner Peer Insights and G2 have rated Frontline highly. Frontline. Cloud integrates with Frontline. Cloud to bring additional security tools to the table. Users love the variety of features it offers. Some users find its feature list too limited. This is a good choice for large and mid-sized organizations, as well as SMBs.
The Tanium Core Platform is more than just vulnerability management. It contains 11 modules that cover almost every aspect of endpoint protection and management. We include it because it is particularly useful in managing vulnerabilities. It’s especially useful for large companies and mid-market businesses.
The platform’s breadth and real-time visibility to all assets on it are the key differentiators. Queries can be asked in plain English, so scripting is unnecessary.
It was well-received by Gartner Peer Insights as well as G2. It is often called the “Swiss Army knife” of security and endpoint management by users. It is easy to use and deploy patches or other remediation measures throughout the company. Some people find it too complicated, requires too much customization, and lacks comprehensive reporting capabilities. It can be costly because it contains so many features. Some organizations may not be able to afford it, particularly if they are only looking for vulnerability management functions.
9. Microsoft Defender Vulnerability Management
Microsoft Defender Vulnerability management is an innovative offering that forms part of the Microsoft Defender range. It covers vulnerability assessments, inventory, and discovery of Windows assets and non-Windows assets.
Coverage for browser extensions and network shares are two of the differentiators. CIS security assessment is another. It is integrated with Microsoft’s vast threat intelligence network and proprietary algorithms that calculate exposure scores for remediation schedules.
Forrester research praised it as a solution that is well-suited for environments that are focused on Windows and Microsoft tools. It is easy to integrate with other Microsoft tools. When Microsoft shops add Defender to their security tools, they often receive substantial discounts.
It is important to note that this product targets the most critical assets and vulnerabilities. This may not be enough if you consider that bad guys are now attacking multiple vulnerabilities simultaneously, not just high-priority items that get the most attention from security personnel.
10. Syxsense Enterprise
Syxsense was originally developed as a patch management tool. It has since evolved to include IT management and vulnerability scanning capabilities. It recently added integrated remediation capabilities and mobile device management (MDM) to its platform. Syxsense Enterprise combines all of these features into one console.
Differentiators include the possibility to automate remediation workflows, patch supersedence, and patch rollback. They also encompass mobile devices, as well as laptops and servers.
Gartner Peer Insights is not likely to pay much attention to its expansion from vulnerability patching to comprehensive vulnerability management. Capterra gave it a high rating recently, calling it a rising favorite and a notable product. The company has taken longer than other vendors to release Windows 11 capabilities.