Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe
  • Twitter
  • Facebook
  • LinkedIn

Cut Through the Marketing Hype: Determine Which Vulnerability Assessment Tool Is Right for Your Organization


Cut Through the Marketing Hype: Determine Which Vulnerability Assessment Tool Is Right for Your Organization


Not all scanning solutions are created equal…

The vulnerability assessment market has changed dramatically over the past several years. A growing number of vendors who once provided scan tools that merely identified vulnerabilities across your network now enable you to proactively assess those vulnerabilities in terms of the risk they pose to your business.

And it doesn't just stop at scanning vendors. Many vendors offering tools such as security information and event management (SIEM), endpoint detection and response (EDR) and managed detection and response (MDR) have added vulnerability assessment capabilities to their offerings, as well.

The problem is, there's no one clear definition of what it means to assess and manage vulnerabilities. Not all vendors take a risk-based approach. And of those that do, there's certainly no universal agreement on the best way to quantify that risk, which leads to muddled attempts to effectively prioritize remediation efforts. As a result, many security professionals struggle to navigate the wide range of vendor offerings, and to separate the marketing hype from what will truly make them more efficient and effective.

When evaluating any of these products, it's essential to understand how each will help you prioritize the vulnerabilities that pose the greatest risk to your organization. Are they simply taking and repackaging Common Vulnerability Scoring System (CVSS) base scores, or are they adding context using a variety of sources? Do they use data science and machine learning to automate the process of analyzing vast amounts of security data to arrive at a conclusion? Do they take asset criticality into account — and if so, to what extent? The goal is to help you more efficiently manage cyber risk across your attack surface, so you want a solution that can help you get there.

To help you determine what to look for, there's a Gartner research report that we think you'll find valuable: Market Guide for Vulnerability Assessment.

As the report points out, Vulnerability Prioritization Technology (VPT) "saves significant time over trying to do this analysis manually. It also provides better insight and context because acting on these prioritized results will substantially reduce an organization's attack surface, with the least amount of time and the most efficient use of staff resources."

Of course, the vulnerability assessment solution, itself, isn't enough. You want it to integrate with other critical components of your security stack. By integrating with your IT services module (ITSM), configuration management database (CMDB), ticketing and workflow management systems, and even your SIEM and security orchestration, automation, and response (SOAR) solutions, your entire security program can run far more efficiently and maximize your team's effectiveness.

And, finally, the vulnerability assessment solution you choose should be built to support new, emerging and even future technologies. Think of it this way: If your vulnerability assessment tool can only discover and assess physical, on-premises assets today, what use will it be moving forward? Even if you add visibility into cloud assets, you're still behind the curve when it comes to the most dynamic aspects of your network, including containers, web apps, and operational technology environments. You need the ability to expand your scanning program to future environments and asset types, as technology and business needs evolve.

According to the Gartner report, "prioritization by a VA vendor can be a good starting point for small and midsize clients using a homogeneous environment of a VA vendor for security testing. Also, buying an add-on product from the same vendor helps vendor consolidation, and sometimes cost, with less effort placed on new training and tool deployment. This is a key area of innovation that end users are strongly advised to seek out in their procurement cycles and prioritize in the future." We believe that Tenable's comprehensive family of solution offerings, including Tenable.ep, Tenable.io, Tenable Lumin, Tenable.ad and Tenable.ot deliver the breadth of coverage you need to assess your entire attack surface, and the depth of vulnerability prioritization technology to help you reduce the greatest amount of risk with the least amount of resources.

We believe that the 2021 Gartner Market Guide for Vulnerability Assessment can help provide the information you need to make a more informed decision. 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

Gartner Market Guide for Vulnerability Assessment, Shilpi Handa, Craig Lawson, Mitchell Schneider, 25 June, 2021

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.