Tag Archives: Forrester

I looked at the Forrester Wave on ASM for Q3 2024

I looked at the Forrester Wave on ASM for Q3 2024

I looked at the Forrester Wave on ASM for Q3 2024. The reprint was posted by Trend Micro. Forrester understands ASM to be something that evolved from EASM or CAASM. “Attack surface management […] gives you a depiction of what is attackable and whether it’s being monitored and hardened appropriately”. The goal is to provide a complete cyber asset inventories. So is this a kind of view on Asset Management from the information security side (like Qualys CSAM)? 🤔

CrowdStrike, Palo Alto Networks and Trend Micro are among the Leaders. And traditional vendors with vulnerability detection expertise either in Strong Perfomers (Qualys, Tenable), or even in Contenders (Rapid7).

IMHO, this happened because the assessment focused on CAASM, not EASM features. For example, there is nothing about vulnerability detection for network perimeter. And the criteria are rather vague, like “Cyber ​​asset inventory: asset contextualization” or “Srategy: Vision”. 😉

На русском

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM. Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went.

Alternative video link (for Russia): https://vk.com/video-149273431_456239136

September was quite a busy month for me.

Continue reading

Forrester report for Rapid7: number juggling and an excellent overview of Vulnerability Management problems

Forrester report for Rapid7: number juggling and an excellent overview of Vulnerability Management problems. I recently read Forrester’s 20-page report “The Total Economic Impact™ Of Rapid7 InsightVM“. It is about the Cost Savings And Business Benefits that Vulnerability Management solution can bring to the organizations.

Forrester report for Rapid7

In short, I didn’t like everything related to money. It seems like juggling with numbers, useless and boring. But I really liked the quotes from customers who criticized existing Vulnerability Management solutions, especially the low quality of the remediation data. These are the real pain points of Vulnerability Management process.

How did Forrester count money?

Forrester interviewed five existing customers of Rapid7 and created a “composite organization”.

This “composite organization” has 12,000 IT assets and spends $223,374 per year on Rapid7 InsightVM ($670,123 for 3 years) including integrations and trainings costs. That means $18 per host. Well, quite a lot, especially when compared to unlimited Nessus Professional for just $2,390 per year. A wonderland of Enterprise Vulnerability Management. 🙂

Continue reading

Vulnerability Management Product Comparisons (October 2019)

Vulnerability Management Product Comparisons (October 2019). Here I combined two posts [1.2] from my telegram channel about comparisons of Vulnerability Management products that were recently published in October 2019. One of them was more marketing, published by Forrester, the other was more technical and published by Principled Technologies.

Vulnerability Management Product Comparisons (October 2019)

I had some questions for both of them. It’s also great that the Forrester report made Qualys, Tenable and Rapid7 leaders and Principled Technologies reviewed the Knowledge Bases of the same three vendors.

Let’s start with Forrester.

Continue reading

My short review of “The Forrester Wave: Vulnerability Risk Management, Q1 2018”

My short review of “The Forrester Wave: Vulnerability Risk Management, Q1 2018”. Last week, March 14, Forrester presented new report about Vulnerability Risk Management (VRM) market. You can purchase it on official site for $2495 USD or get a free reprint on Rapid7 site. Thanks, Rapid7! I’ve read it and what to share my impressions.

Forrester VRM report2018

I was most surprised by the leaders of the “wave”. Ok, Rapid7 and Qualys, but BeyondTrust and NopSec? That’s unusual. As well as seeing Tenable out of the leaders. 🙂

The second thing is the set of products. We can see there traditional Vulnerability Management/Scanners vendors, vendors that make offline analysis of configuration files and vendors who analyse imported raw vulnerability scan data. I’m other words, it’s barely comparable products and vendors.

Continue reading

My comments on Forrester’s “Vulnerability Management vendor landscape 2017”

My comments on Forrester’s “Vulnerability Management vendor landscape 2017”. A top consulting company, Forrester Research, recently published report “Vendor Landscape: Vulnerability Management, 2017“. You can read for free by filling a small form on Tenable web site.

Forrester Vendor Landscape: Vulnerability Management, 2017

What’s interesting in this document? First of all, Josh Zelonis and co-authors presented their version of VM products  evolution. It consists of this steps (I have reformulated them a bit for the copyright reasons) :

  1. Initial fear of automated vulnerability assessment tools
  2. Mid-1990s and first productized offerings
  3. Authenticated scanning dramatically improved accuracy of scans
  4. Application scanning (DAST)
  5. Security assessment of software containers and DevOps in general.

As you see, the last one is about containerization. And it is now presented only in Tenable.io/FlawCheck. 😉

Continue reading

Vulnerability Management in APAC

Vulnerability Management in APAC. Tenable Network Security published Forrester report on Vulnerability Management in APAC (China: 25%, Singapore: 25%, Japan: 25%, ANZ: 25%). Everything is pretty bad. The majority of the respondents scan their systems periodically (annually). Key challenges: the difficulty of remediation and prioritization. It seems that 30% respondents don’t even have automatically updatable Security Content in their VM solution.
Forrester Vulnerability Management in APAC