SWOT analysis of vulnerability management vendors

On July 29, 2009, in Security, by Lawrence Pingree

Best Enterprise Vulnerability Management Product: Rapid 7 NeXpose

Summary
After reviewing the top players in my select list, it is my opinion that the vendor who is the most feature rich, low cost and safest deployment option currently available is the Rapid 7 appliance. Qualys is my second choice based on the same criteria and mostly due to my favoring onsite deployment. Finally with McAfee and they come in last for me mostly due to their lack of web and database scanning.
I just jotted down SWOT thoughts on the following vendors so if there are any corrections please send me them via my blog’s contact form.

Vendors I Selected for the SWOT

  • Rapid 7
  • Qualys
  • McAfee, Inc.

Rapid 7 – NeXpose

Strengths
- Highly focused on just vulnerability management
- Quick deployment
- Fast customer adoption (high growth)
- Recent infusion of growth capital (VC funding)
- Enterprise ticketing integration
- Web application scanning
- Database scanning
- VMware capability
- Onsite deployment
- Low cost (depreciable)

Weaknesses
- Small company
- Limited policy compliance functionality (ITGRC)
- Operations cost (management, power, rack space etc)
- Small research team
- Small support team

Opportunities
- Take greater market share as larger vendors lag
- Expansion to policy management (ITGRC)
- Expand distribution channel
- Integration with 3rd party blocking technology (web app firewalls)
- Integrate web app scanning ticketing to development bug tracking systems

Threats
- Company aquisition
- Alternative technologies are developed
- Large players address weaknesses

Qualys – QualysGuard Enterprise

Strengths
- SaaS and cloud adoption increasing
- Web application security
- Database security
- Quick deployment
- Enterprise ticket integration
- Highly focused on vulnerability management

Weaknesses
- SaaS only (high cost for onsite deployment option)
- High ongoing fees (non depreciable)
- Lower ROI due to continuous yearly subscription model
- Limited database scanning support

Opportunities
- Commitment to on site deployment option
- Reduce yearly subscription renewals to address ROI argument
- Move more towards SaaS based ITGRC platform
- Integrate web app scanning ticketing to development bug tracking systems

Threats
- ITGRC vendors expand to Vulnerability management space
- Smaller (more nimble companies) develop better functionality
- Larger players lower pricing further
- Larger players match SaaS offering

McAfee – McAfee Vulnerability Manager

Strengths
- Large market share
- Countermeasure awareness
- Vmware option available
- Foundstone research heritage
- Instant new threat assessment reporting
- Onsite deployment option

Weaknesses
- Limited web application scanning
- Limited database scanning
- Countermeasure awareness limitations (competitor products?)
- Console strategy unknown (epo?)
- Some functionality requires separate console

Opportunities
- SaaS expansion to include ticketing and policy compliance (ITGRC)
- Consolidate existing SaaS offerings under one single website console.
- Consolidate separately managed products into EPO (i.e. Vuln manager, Risk and compliance manager and remediation manager)

Threats
- Poor execution of consolidated console strategy
- Possibility of Acquisition
- Reduced revenue due to commoditization

Note:  The results of this analysis are not quantitative in nature and are only opinions of the author and no other associations, organizations or persons.



Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Tagged with: