Tag Archives: Tripwire

Vulnerability Management vendors and massive Malware attacks (following the Bad Rabbit)

After the latest Bad Rabbit ransomware attack all Top VM vendors Qualys, Tenable, Rapid7 wrote blog posts on this topic on the same day. Two days later Tripwire also published own  review. Why do they care? They do not make antiviruses, endpoint protection or firewalls – the common tools against this kind of threats. So, what’s the point?

VM vendors BadRabbit

Well, they do it is obviously to promote their products and services. But how exactly?

Continue reading

My comments on Forrester’s “Vulnerability Management vendor landscape 2017”

A top consulting company, Forrester Research, recently published report “Vendor Landscape: Vulnerability Management, 2017“. You can read for free by filling a small form on Tenable web site.

Forrester Vendor Landscape: Vulnerability Management, 2017

What’s interesting in this document? First of all, Josh Zelonis and co-authors presented their version of VM products  evolution. It consists of this steps (I have reformulated them a bit for the copyright reasons) :

  1. Initial fear of automated vulnerability assessment tools
  2. Mid-1990s and first productized offerings
  3. Authenticated scanning dramatically improved accuracy of scans
  4. Application scanning (DAST)
  5. Security assessment of software containers and DevOps in general.

As you see, the last one is about containerization. And it is now presented only in Tenable.io/FlawCheck. 😉

Continue reading

Gartner’s view on Vulnerability Management market

Not so long time ago Gartner’s report “Vulnerability Management an essential piece of the security puzzle” has become publicly available. Now you can read it for free by filling out a questionnaire on F-Secure website.

Gartner VM Market Guide

At the bottom of the document there is a reference to Gartner G00294756 from 05 December 2016. This document is quite fresh, especially for not very dynamic VM market ;-), and pretty expensive. Thanks for F-secure, we can read it now for free. If you are wondering why this anti-virus company is sponsoring Gartner VM reports: year ago they have bought Finnish VM vendor nScence, and I even did a small review of this product (F-Secure Radar Vulnerability Management solution, F-Secure Radar basic reporting, F-Secure Radar ticketing, F-Secure API for scanning).

Talking about the document, I would like, firstly, to thank Gartner. Do you know who writes most articles about VM? Of course, VM vendors. And we all understand that their main goal is to promote their own products. Reports of independent consulting firms, primarily IDC, Forrester and Gartner, allow us to get some balanced view from the side. It is very important.

Here I would like to comment some theses of the text.

Continue reading