Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went.
Alternative video link (for Russia): https://vk.com/video-149273431_456239136
September was quite a busy month for me.
I participated in two educational activities. The first one is an on-line cyber security course for my alma mater, Bauman Moscow State Technical University.
Continue readingI recently read Forrester’s 20-page report “The Total Economic Impact™ Of Rapid7 InsightVM“. It is about the Cost Savings And Business Benefits that Vulnerability Management solution can bring to the organizations.
In short, I didn’t like everything related to money. It seems like juggling with numbers, useless and boring. But I really liked the quotes from customers who criticized existing Vulnerability Management solutions, especially the low quality of the remediation data. These are the real pain points of Vulnerability Management process.
Forrester interviewed five existing customers of Rapid7 and created a “composite organization”.
This “composite organization” has 12,000 IT assets and spends $223,374 per year on Rapid7 InsightVM ($670,123 for 3 years) including integrations and trainings costs. That means $18 per host. Well, quite a lot, especially when compared to unlimited Nessus Professional for just $2,390 per year. A wonderland of Enterprise Vulnerability Management. 🙂
Continue readingHere I combined two posts [1.2] from my telegram channel about comparisons of Vulnerability Management products that were recently published in October 2019. One of them was more marketing, published by Forrester, the other was more technical and published by Principled Technologies.
I had some questions for both of them. It’s also great that the Forrester report made Qualys, Tenable and Rapid7 leaders and Principled Technologies reviewed the Knowledge Bases of the same three vendors.
Let’s start with Forrester.
Continue readingLast week, March 14, Forrester presented new report about Vulnerability Risk Management (VRM) market. You can purchase it on official site for $2495 USD or get a free reprint on Rapid7 site. Thanks, Rapid7! I’ve read it and what to share my impressions.
I was most surprised by the leaders of the “wave”. Ok, Rapid7 and Qualys, but BeyondTrust and NopSec? That’s unusual. As well as seeing Tenable out of the leaders. 🙂
The second thing is the set of products. We can see there traditional Vulnerability Management/Scanners vendors, vendors that make offline analysis of configuration files and vendors who analyse imported raw vulnerability scan data. I’m other words, it’s barely comparable products and vendors.
A top consulting company, Forrester Research, recently published report “Vendor Landscape: Vulnerability Management, 2017“. You can read for free by filling a small form on Tenable web site.
What’s interesting in this document? First of all, Josh Zelonis and co-authors presented their version of VM products evolution. It consists of this steps (I have reformulated them a bit for the copyright reasons) :
As you see, the last one is about containerization. And it is now presented only in Tenable.io/FlawCheck. 😉
Tenable Network Security published Forrester report on Vulnerability Management in APAC (China: 25%, Singapore: 25%, Japan: 25%, ANZ: 25%). Everything is pretty bad. The majority of the respondents scan their systems periodically (annually). Key challenges: the difficulty of remediation and prioritization. It seems that 30% respondents don’t even have automatically updatable Security Content in their VM solution.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.