SWOT analysis of vulnerability management vendors

Best Enterprise Vulnerability Management Product: Rapid 7 NeXpose

After reviewing the top players in my select list, it is my opinion that the vendor who is the most feature rich, low cost and safest deployment option currently available is the Rapid 7 appliance. Qualys is my second choice based on the same criteria and mostly due to my favoring onsite deployment. Finally with McAfee and they come in last for me mostly due to their lack of web and database scanning.
I just jotted down SWOT thoughts on the following vendors so if there are any corrections please send me them via my blog’s contact form.

Vendors I Selected for the SWOT

  • Rapid 7
  • Qualys
  • McAfee, Inc.

Rapid 7 – NeXpose

– Highly focused on just vulnerability management
– Quick deployment
– Fast customer adoption (high growth)
– Recent infusion of growth capital (VC funding)
– Enterprise ticketing integration
– Web application scanning
– Database scanning
– VMware capability
– Onsite deployment
– Low cost (depreciable)

– Small company
– Limited policy compliance functionality (ITGRC)
– Operations cost (management, power, rack space etc)
– Small research team
– Small support team

– Take greater market share as larger vendors lag
– Expansion to policy management (ITGRC)
– Expand distribution channel
– Integration with 3rd party blocking technology (web app firewalls)
– Integrate web app scanning ticketing to development bug tracking systems

– Company aquisition
– Alternative technologies are developed
– Large players address weaknesses

Qualys – QualysGuard Enterprise

– SaaS and cloud adoption increasing
– Web application security
– Database security
– Quick deployment
– Enterprise ticket integration
– Highly focused on vulnerability management

– SaaS only (high cost for onsite deployment option)
– High ongoing fees (non depreciable)
– Lower ROI due to continuous yearly subscription model
– Limited database scanning support

– Commitment to on site deployment option
– Reduce yearly subscription renewals to address ROI argument
– Move more towards SaaS based ITGRC platform
– Integrate web app scanning ticketing to development bug tracking systems

– ITGRC vendors expand to Vulnerability management space
– Smaller (more nimble companies) develop better functionality
– Larger players lower pricing further
– Larger players match SaaS offering

McAfee – McAfee Vulnerability Manager

– Large market share
– Countermeasure awareness
– Vmware option available
– Foundstone research heritage
– Instant new threat assessment reporting
– Onsite deployment option

– Limited web application scanning
– Limited database scanning
– Countermeasure awareness limitations (competitor products?)
– Console strategy unknown (epo?)
– Some functionality requires separate console

– SaaS expansion to include ticketing and policy compliance (ITGRC)
– Consolidate existing SaaS offerings under one single website console.
– Consolidate separately managed products into EPO (i.e. Vuln manager, Risk and compliance manager and remediation manager)

– Poor execution of consolidated console strategy
– Possibility of Acquisition
– Reduced revenue due to commoditization

Note:  The results of this analysis are not quantitative in nature and are only opinions of the author and no other associations, organizations or persons.


Edgeos managed security whitelabel service

Apparently Nessus has really hit the mainstream with this company (Edgeos) offering “managed” security to other security vendors that wish to provide managed scanning services. Interesting, but again kinda scary to host your vulnerability data off-site like that. Apparently hosting your vulnerability data is really catching on as lots of major companies seem to be doing it. Cloud based scanning services were also just released by Rapid7, a strong new vulnerability vendor that has been doing quite well to compete against Qualys and McAfeeSecure (aka Hackersafe).


Top 5 requirements for vulnerability management products

1. Web application security scanning
2. Enterprise (closed loop) helpdesk ticket integration
3. Breadth and coverage of vulnerabilities (active research).
4. Low cost & low maintenance
5. Single enterprise vulnerability management console


Trust and how it affects all of us

Have you ever wondered what affect trust has on our society? Recently I have been thinking about how in modern America we have transitioned from a very wholesome trusting society to one which is suspicious of everyone.


THEN: Speaking to an unknown party and saying hello was a common and accepted practice and welcomed.

NOW: saying hello to someone results in fear, many will ignore you or think you are insane or that you want something from them.

Isn’t it a sad state of affairs that we live this way? My advice, say “hello” sometime, it may be that one person you meet that opens possibilities you could have never imagined. Be a little paranoid but the real truth is most are not out to get you.



IBM Proventia gets egg on face…

It appears that once again a big behoemouth is sometimes difficult to work with in the latest vulnerabilities found in the IBM proventia product suite by Thierry Zoller, at times it even seems downright argumentative and the funny thing is that Thierry was just trying to help disclose the appropriate information to them so they could fix the problem.

Check the whittled down transcript provided by Theirry via SecurityFocus.com


TV Spamming – The next generation digital TV problem

Today, most existing TV’s are real time streams from streaming servers, and digital content providers such as comcast etc are touting their On Demand programming. With this new change to digital media I can see it clearly that most of us in the very near future will watch TV in a completely on demand state where advertisements are built into the content when requested for delivery to the TV Digital Media endpoint. I can picture going home at the end of the day and selecting the News category and then the local news and then watching the 6 o clock news at 8pm. Its already happening, and its just one step away from being exploited by something entirely more sinister.

Crime Growth on the Internet
I have a friend of mine that works for Microsoft and he works on the security mechanisms of digital content delivery for a day that the existing TV goes into the totally delivered content mode rather than ad hoc content mode. It made me think about how the internet started out. In the beginning there was almost no crime and the internet was educational and informational in nature. As it was slowly adopted by the mainstream it enticed criminals to jump onto the bandwagon. Some are saying that cybercrime is now over a $100 billion industry towering over even illegal drug sales (although I’m not sure if this is true or not).

The Digital Content Problem
Initially, a television was a purpose built appliance that sat in the home and just read analog input from the cable or air networks and displayed the content to users which is a pretty simple technology by today’s standards. What is changing is the complexity and intelligence of the in-house endpoints.  Rapidly approaching is the day that these systems get to the point where they will be completely network capable computing devices. DVR’s are already computers with Custom operating systems and many consumers are already modifying (hacking) and installing programs onto them.

This leads me to my next two questions:

Why not Infect them?

Are digital television worms on the horizon?

I can see a time very shortly ahead in which worms and viruses are sent out over the TV content networks. These new infections would be copying digital sound and video and automatically infecting the digital devices that process the content. I can see them even splicing in their own manipulated content into the video stream located on the DVR unit to change the content to “spam” the end user. I can see a time where cybercriminals will begin using another customer’s processing units to upload and download software from the infected digital TV systems. They could distribute copywritten movies for free or steal content from those who have purchased the content. They could then begin sharing it amoungst groups of others.
So all that being said, I dub thee “TV Spamming” and “Video Spamming” We”ve seen it at the post office, we’ve seen it in your email box so why is it that much of a stretch to see it on the TV screen propogated through a vulnerability on the DVR and blasted across the entire Television network?

TV Spamming:
The act of surrupticiously utilizing a digital video recorder or media center processing device to “splice” content and deliver unwanted custom video and audio to end users.


Advanced & Persistent Security