Tag Archives: market

SWOT analysis of vulnerability management vendors

Best Enterprise Vulnerability Management Product: Rapid 7 NeXpose

Summary
After reviewing the top players in my select list, it is my opinion that the vendor who is the most feature rich, low cost and safest deployment option currently available is the Rapid 7 appliance. Qualys is my second choice based on the same criteria and mostly due to my favoring onsite deployment. Finally with McAfee and they come in last for me mostly due to their lack of web and database scanning.
I just jotted down SWOT thoughts on the following vendors so if there are any corrections please send me them via my blog’s contact form.

Vendors I Selected for the SWOT

  • Rapid 7
  • Qualys
  • McAfee, Inc.

Rapid 7 – NeXpose

Strengths
– Highly focused on just vulnerability management
– Quick deployment
– Fast customer adoption (high growth)
– Recent infusion of growth capital (VC funding)
– Enterprise ticketing integration
– Web application scanning
– Database scanning
– VMware capability
– Onsite deployment
– Low cost (depreciable)

Weaknesses
– Small company
– Limited policy compliance functionality (ITGRC)
– Operations cost (management, power, rack space etc)
– Small research team
– Small support team

Opportunities
– Take greater market share as larger vendors lag
– Expansion to policy management (ITGRC)
– Expand distribution channel
– Integration with 3rd party blocking technology (web app firewalls)
– Integrate web app scanning ticketing to development bug tracking systems

Threats
– Company aquisition
– Alternative technologies are developed
– Large players address weaknesses

Qualys – QualysGuard Enterprise

Strengths
– SaaS and cloud adoption increasing
– Web application security
– Database security
– Quick deployment
– Enterprise ticket integration
– Highly focused on vulnerability management

Weaknesses
– SaaS only (high cost for onsite deployment option)
– High ongoing fees (non depreciable)
– Lower ROI due to continuous yearly subscription model
– Limited database scanning support

Opportunities
– Commitment to on site deployment option
– Reduce yearly subscription renewals to address ROI argument
– Move more towards SaaS based ITGRC platform
– Integrate web app scanning ticketing to development bug tracking systems

Threats
– ITGRC vendors expand to Vulnerability management space
– Smaller (more nimble companies) develop better functionality
– Larger players lower pricing further
– Larger players match SaaS offering

McAfee – McAfee Vulnerability Manager

Strengths
– Large market share
– Countermeasure awareness
– Vmware option available
– Foundstone research heritage
– Instant new threat assessment reporting
– Onsite deployment option

Weaknesses
– Limited web application scanning
– Limited database scanning
– Countermeasure awareness limitations (competitor products?)
– Console strategy unknown (epo?)
– Some functionality requires separate console

Opportunities
– SaaS expansion to include ticketing and policy compliance (ITGRC)
– Consolidate existing SaaS offerings under one single website console.
– Consolidate separately managed products into EPO (i.e. Vuln manager, Risk and compliance manager and remediation manager)

Threats
– Poor execution of consolidated console strategy
– Possibility of Acquisition
– Reduced revenue due to commoditization

Note:  The results of this analysis are not quantitative in nature and are only opinions of the author and no other associations, organizations or persons.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

About Me

About the Author

Lawrence Pingree (aka Larry Pingree)

CISSP, CCSA, CCSE CCSI, ICE, ICI, NSA

Lawrence has many years of experience in engineering, technical architecture, networking, security policies, procedures, systems analysis and auditing in organizations of varying sizes. Throughout his career, Lawrence has engaged in extensive consulting engagements for a wide-range of organizations,and he is an active member of  a number of non-profit organizations.  A founding board member of the Digital Forensics Association,  he served as Vice President. Today he is a Research Vice President and Market Analyst at Gartner, Inc. At Gartner, Lawrence works as a strategic advisor who engages with hundreds of different organizations worldwide. He enjoys helping individuals become more successful in their businesses. In his spare time enjoys trading his money through exchange traded funds on the stock market, hiking, nature and performance cars.