# Best Risk-Based Vulnerability Management Software for Small Business *By [Brandon Summers-Miller](https://research.g2.com/insights/author/brandon-summers-miller)* Products classified in the overall Risk-Based Vulnerability Management category are similar in many regards and help companies of all sizes solve their business problems. However, small business features, pricing, setup, and installation differ from businesses of other sizes, which is why we match buyers to the right Small Business Risk-Based Vulnerability Management to fit their needs. Compare product ratings based on reviews from enterprise users or connect with one of G2's buying advisors to find the right solutions within the Small Business Risk-Based Vulnerability Management category. In addition to qualifying for inclusion in the Risk-Based Vulnerability Management Software category, to qualify for inclusion in the Small Business Risk-Based Vulnerability Management Software category, a product must have at least 10 reviews left by a reviewer from a small business. ## How Many Risk-Based Vulnerability Management Software Products Does G2 Track? **Total Products under this Category:** 194 ### Category Stats (May 2026) - **Average Rating**: 4.51/5 (↓0.01 vs Apr 2026) - **New Reviews This Quarter**: 49 - **Buyer Segments**: Enterprise 44% │ Small-Business 30% │ Mid-Market 27% - **Top Trending Product**: ManageEngine Vulnerability Manager Plus (+0.167) *Last updated: May 18, 2026* ## How Does G2 Rank Risk-Based Vulnerability Management Software Products? **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 4,500+ Authentic Reviews - 194+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. --- **Sponsored** ### Upwind Upwind is the runtime-first cloud security platform that secures your deployments, configurations, and applications by providing real-time visibility from the inside out. We’ve built a unified fabric that maps your environment as it runs - revealing what’s truly at risk, what’s actively happening, and how to respond quickly and effectively. With Upwind, security, dev, and ops teams move faster, stay focused, and fix risks that matter most. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=2246&secure%5Bdisplayable_resource_id%5D=2246&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=2246&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=1333227&secure%5Bresource_id%5D=2246&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Frisk-based-vulnerability-management%3Fpage%3D4&secure%5Btoken%5D=5a52c0ece704a9c11a4bafc36474f0395e8a6b9151656fae16844e0b60678ea9&secure%5Burl%5D=https%3A%2F%2Fwww.upwind.io&secure%5Burl_type%5D=custom_url) --- ## What Are the Top-Rated Risk-Based Vulnerability Management Software Products in 2026? ### 1. [Cortex Cloud](https://www.g2.com/products/cortex-cloud/reviews) Cortex Cloud by Palo Alto Networks, the next version of Prisma Cloud, understands a unified security approach is essential for effectively addressing AppSec, CloudSec, and SecOps. Connecting cloud security and SOC workflows enables teams to achieve holistic visibility, trace risk across the lifecycle, and correlate real-time threat activity with development and runtime contexts. Cortex Cloud is a unified platform built on three core pillars: data integration, AI-driven intelligence, and automation. Now you can safeguard applications, data, and infrastructure across multicloud and hybrid environments with a unified data model that consolidates telemetry from code, runtime, identity, and endpoints, all into a single data source. Empower teams with precise, AI-powered insights and 2200+ machine learning models to identify and stop zero-day threats with real-time advanced threat detection and response. And automate with 1000+ prebuilt playbooks across your cloud stack to reduce manual workloads, accelerate remediations, and cut response times tenfold. Cortex Cloud delivers more than tools—it transforms how organizations secure their cloud environments. **Average Rating:** 4.1/5.0 **Total Reviews:** 110 **How Do G2 Users Rate Cortex Cloud?** - **Has the product been a good partner in doing business?:** 8.0/10 (Category avg: 9.3/10) - **Reporting:** 7.8/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 7.5/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.1/10 (Category avg: 8.8/10) **Who Is the Company Behind Cortex Cloud?** - **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks) - **Company Website:** https://www.paloaltonetworks.com - **Year Founded:** 2005 - **HQ Location:** Santa Clara, CA - **Twitter:** @PaloAltoNtwks (128,910 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (21,355 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 38% Enterprise, 31% Mid-Market #### What Are Cortex Cloud's Pros and Cons? **Pros:** - Ease of Use (49 reviews) - Features (45 reviews) - Security (43 reviews) - Visibility (38 reviews) - Cloud Integration (34 reviews) **Cons:** - Expensive (31 reviews) - Difficult Learning (30 reviews) - Learning Curve (29 reviews) - Pricing Issues (24 reviews) - Complex Setup (21 reviews) ### 2. [Tenable Vulnerability Management](https://www.g2.com/products/tenable-vulnerability-management/reviews) Tenable Vulnerability Management provides a risk-based approach to identifying, prioritizing, and remediating vulnerabilities across your entire attack surface. Powered by Nessus technology and AI-driven analytics, it goes beyond CVSS scores to assess exploitability, asset criticality, and business impact—so you can focus on what matters most. With continuous visibility, automated scanning, and real-time risk insights, security teams can quickly expose and close critical vulnerabilities before they’re exploited. Advanced asset identification ensures accurate tracking in dynamic environments, while intuitive dashboards, comprehensive reporting, and seamless third-party integrations help streamline workflows. As a cloud-based solution, Tenable Vulnerability Management scales with your organization, empowering security teams to maximize efficiency, reduce risk, and improve resilience against evolving threats. **Average Rating:** 4.5/5.0 **Total Reviews:** 112 **How Do G2 Users Rate Tenable Vulnerability Management?** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.3/10) - **Reporting:** 8.1/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.2/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.8/10 (Category avg: 8.8/10) **Who Is the Company Behind Tenable Vulnerability Management?** - **Seller:** [Tenable](https://www.g2.com/sellers/tenable) - **Company Website:** https://www.tenable.com/ - **HQ Location:** Columbia, MD - **Twitter:** @TenableSecurity (87,731 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,339 employees on LinkedIn®) - **Ownership:** NASDAQ: TENB **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 55% Enterprise, 34% Mid-Market #### What Are Tenable Vulnerability Management's Pros and Cons? **Pros:** - Ease of Use (8 reviews) - Scanning Efficiency (8 reviews) - Features (6 reviews) - Automated Scanning (5 reviews) - Vulnerability Identification (5 reviews) **Cons:** - Expensive (4 reviews) - Inadequate Reporting (4 reviews) - Limited Reporting (4 reviews) - Pricing Issues (4 reviews) - Complexity (3 reviews) ### 3. [Qualys VMDR](https://www.g2.com/products/qualys-vmdr/reviews) Qualys VMDR is an all-in-one risk-based vulnerability management solution that quantifies cyber risk. It gives organizations unprecedented insights into their risk posture and provides actionable steps to reduce risk. It also gives cybersecurity and IT teams a shared platform to collaborate, and the power to quickly align and automate no-code workflows to respond to threats with automated remediation and integrations with ITSM solutions such as ServiceNow. **Average Rating:** 4.4/5.0 **Total Reviews:** 164 **How Do G2 Users Rate Qualys VMDR?** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.3/10) - **Reporting:** 8.3/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.7/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.5/10 (Category avg: 8.8/10) **Who Is the Company Behind Qualys VMDR?** - **Seller:** [Qualys](https://www.g2.com/sellers/qualys) - **Year Founded:** 1999 - **HQ Location:** Foster City, CA - **Twitter:** @qualys (34,240 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/8561/ (3,564 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Security Engineer - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 51% Enterprise, 28% Mid-Market #### What Are Qualys VMDR's Pros and Cons? **Pros:** - Vulnerability Detection (2 reviews) - Vulnerability Identification (2 reviews) - Alerting System (1 reviews) - Automation (1 reviews) - Cloud Integration (1 reviews) **Cons:** - Complexity (1 reviews) - Complex Reporting (1 reviews) - Complex Setup (1 reviews) - Difficult Learning (1 reviews) - Feature Complexity (1 reviews) ### 4. [RiskProfiler - External Threat Exposure Management](https://www.g2.com/products/riskprofiler-external-threat-exposure-management/reviews) RiskProfiler is an advanced cybersecurity platform purpose-built for Continuous Threat Exposure Management (CTEM). It unifies external, cloud, vendor, and brand risk intelligence into a single ecosystem—providing organizations with real-time visibility, contextual threat insights, and actionable remediation guidance. Through its integrated suite, External Attack Surface Managemnet, Third\_party Risk Management, Cloud Attack Surface Management, and Brand Risk Protection; the platform continuously discovers, classifies, and evaluates external-facing assets and risks across the internet, multi-cloud environments, and third-party ecosystems. Powered by AI-enabled risk questionnaires, RiskProfiler automates the exchange, validation, and scoring of security assessments, dramatically accelerating third-party due diligence and compliance validation. The platform’s context-enriched graph engine correlates vulnerabilities, exposures, and configurations with real-world threat data, revealing how attackers might exploit an organization’s digital footprint. Its newly enhanced Cyber Threat Intelligence (CTI) module provides live insights into industry-specific attack trends, threat actor profiles, and evolving TTPs, directly embedded within the dashboard. By analyzing CVEs, IOCs, and exploit patterns, it maps these to relevant assets and potential attack paths, enabling focused, prioritized mitigation. From identifying exposed cloud resources across AWS, Azure, and Google Cloud to uncovering brand impersonation, phishing campaigns, or logo abuse, RiskProfiler delivers unified visibility and continuous monitoring that extends beyond the perimeter. It helps organizations anticipate, contextualize, and neutralize threats before they turn into breaches, transforming exposure management into a truly intelligent, predictive defense capability. **Average Rating:** 4.9/5.0 **Total Reviews:** 118 **How Do G2 Users Rate RiskProfiler - External Threat Exposure Management?** - **Has the product been a good partner in doing business?:** 9.9/10 (Category avg: 9.3/10) - **Reporting:** 9.9/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.9/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.9/10 (Category avg: 8.8/10) **Who Is the Company Behind RiskProfiler - External Threat Exposure Management?** - **Seller:** [Riskprofiler](https://www.g2.com/sellers/riskprofiler) - **Company Website:** https://riskprofiler.io/ - **Year Founded:** 2019 - **HQ Location:** Rock Hill , US - **Twitter:** @riskprofilerio (211 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/riskprofiler (28 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer, Security Consultant - **Top Industries:** Information Technology and Services, Design - **Company Size:** 66% Mid-Market, 33% Small-Business #### What Are RiskProfiler - External Threat Exposure Management's Pros and Cons? **Pros:** - Risk Management (70 reviews) - Features (32 reviews) - Customer Support (31 reviews) - Ease of Use (30 reviews) - Easy Setup (29 reviews) **Cons:** - Learning Curve (17 reviews) - Complexity (16 reviews) - Difficult Learning (16 reviews) - Learning Difficulty (10 reviews) - Complex Setup (8 reviews) ### 5. [Microsoft Defender Vulnerability Management](https://www.g2.com/products/microsoft-defender-vulnerability-management/reviews) Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices. Leveraging Microsoft threat intelligence, breach likelihood predictions, business contexts, and devices assessments, Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk. Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation. Defender Vulnerability Management is available for cloud workloads and endpoints. Defender for Endpoint Plan 2 customers can access advanced vulnerability management capabilities with the Defender Vulnerability Management add-on, now generally available. **Average Rating:** 4.4/5.0 **Total Reviews:** 34 **How Do G2 Users Rate Microsoft Defender Vulnerability Management?** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.3/10) - **Reporting:** 8.7/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.8/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.8/10 (Category avg: 8.8/10) **Who Is the Company Behind Microsoft Defender Vulnerability Management?** - **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft) - **Year Founded:** 1975 - **HQ Location:** Redmond, Washington - **Twitter:** @microsoft (13,101,622 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (227,697 employees on LinkedIn®) - **Ownership:** MSFT **Who Uses This Product?** - **Top Industries:** Computer & Network Security - **Company Size:** 41% Small-Business, 35% Enterprise ### 6. [VulScan](https://www.g2.com/products/vulscan/reviews) Automated Vulnerability Scanning. Affordably Priced For Everyone! With almost 70 new hidden vulnerabilities identified every day, you would need to be a super hero with X-ray vision to find them all. Or, you can let VulScan do it for you. VulScan is purpose-built for MSPs and for IT Departments that handle their own IT security. It has all the features you need for both internal and external vulnerability management, but without all the complexity found in older solutions. Best of all, VulScan is priced so that cost is no longer a barrier to scanning as many assets as you need, as frequently as you want. That’s why our slogan is “Vulnerability Management For The Rest of Us! VulScan is an affordable cloud-based vulnerability management platform. It includes the software needed to spin up an unlimited number of virtual network scanner appliances using Hyper-V or VMWare, and a cloud-based portal to control the scanners and manage the discovered issues. For internal network scanning, the appliances can be installed on any existing computer that has excess capacity on the network, or installed on a dedicated box to be permanently installed. You can add multiple scanners and configure them each to scan separate parts of the network to get even faster results pushed into the same client site dashboard at no additional cost. For external scanning, the appliances are installed on the MSP’s data center or other remote location and “pointed” to the public facing IP addresses of the target network. **Average Rating:** 4.1/5.0 **Total Reviews:** 120 **How Do G2 Users Rate VulScan?** - **Has the product been a good partner in doing business?:** 8.2/10 (Category avg: 9.3/10) - **Reporting:** 7.2/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 7.6/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 7.5/10 (Category avg: 8.8/10) **Who Is the Company Behind VulScan?** - **Seller:** [Kaseya](https://www.g2.com/sellers/kaseya) - **Company Website:** https://www.kaseya.com/ - **Year Founded:** 2000 - **HQ Location:** Miami, FL - **Twitter:** @KaseyaCorp (17,425 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/kaseya/ (5,512 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 67% Small-Business, 32% Mid-Market #### What Are VulScan's Pros and Cons? **Pros:** - Ease of Use (42 reviews) - Features (20 reviews) - Reporting (17 reviews) - Reporting Features (17 reviews) - Scanning Efficiency (17 reviews) **Cons:** - Inadequate Reporting (10 reviews) - UX Improvement (10 reviews) - Difficult Setup (8 reviews) - Limited Reporting (8 reviews) - Poor Customer Support (8 reviews) ### 7. [vRx by Vicarius](https://www.g2.com/products/vrx-by-vicarius/reviews) vRx by Vicarius goes beyond patch management to offer the most advanced vulnerability remediation solution in the market. vRx offers 3 built-in methods to keep you covered at all times: 1) Automated Patching: vRx catalogs all your apps and finds the patches they need, and applies them - automatically and on the schedule or frequency of your choosing. 2) Scripting: For more complex vulnerabilities or configuration based vulnerabilities, vRx includes a fully fledged scripting engine. 3) Patchless Protection: x\_protect or patchless protection is a compensating control that reduces the risk of an affected app even when a patch is not yet developed or cannot be deployed vRx helps 500+ customers across 50 countries find AND immediately remediate vulns that impact their business. **Average Rating:** 4.9/5.0 **Total Reviews:** 61 **How Do G2 Users Rate vRx by Vicarius?** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.3/10) - **Reporting:** 8.7/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.2/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.6/10 (Category avg: 8.8/10) **Who Is the Company Behind vRx by Vicarius?** - **Seller:** [Vicarius](https://www.g2.com/sellers/vicarius) - **Company Website:** https://www.vicarius.io/ - **Year Founded:** 2016 - **HQ Location:** New York, New York - **Twitter:** @vicariusltd (2,022 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/vicarius/ (114 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 44% Mid-Market, 32% Small-Business #### What Are vRx by Vicarius's Pros and Cons? **Pros:** - Ease of Use (24 reviews) - Automation (21 reviews) - Patch Management (19 reviews) - Vulnerability Identification (18 reviews) - Features (17 reviews) **Cons:** - Missing Features (10 reviews) - Inadequate Reporting (4 reviews) - Complexity (3 reviews) - Dashboard Issues (3 reviews) - Inaccurate Information (3 reviews) ### 8. [Arctic Wolf](https://www.g2.com/products/arctic-wolf/reviews) Arctic Wolf® is the market leader in security operations. Using the cloud-native Arctic Wolf® Platform, we help organizations end cyber risk by providing security operations as a concierge service. Arctic Wolf solutions include Arctic Wolf® Managed Detection and Response (MDR), Managed Risk, and Managed Security Awareness —each delivered by the industry’s original Concierge Security® Team. Highly-trained Concierge Security experts work as an extension of internal teams to provide 24x7 monitoring, detection, and response, as well as ongoing risk management to give organizations the protection, resilience and guidance they need to defend against cyber threats. Visit arcticwolf.com to get the latest industry resources and learn more about our solutions. **Average Rating:** 4.7/5.0 **Total Reviews:** 275 **How Do G2 Users Rate Arctic Wolf?** - **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.3/10) - **Reporting:** 9.5/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.6/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.6/10 (Category avg: 8.8/10) **Who Is the Company Behind Arctic Wolf?** - **Seller:** [Arctic Wolf Networks](https://www.g2.com/sellers/arctic-wolf-networks) - **Company Website:** https://www.arcticwolf.com - **Year Founded:** 2012 - **HQ Location:** Eden Prairie, MN - **Twitter:** @AWNetworks (4,502 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2760138/ (3,382 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** IT Manager, IT Director - **Top Industries:** Hospital & Health Care, Information Technology and Services - **Company Size:** 71% Mid-Market, 20% Enterprise #### What Are Arctic Wolf's Pros and Cons? **Pros:** - Customer Support (58 reviews) - Threat Detection (47 reviews) - Cybersecurity (28 reviews) - Ease of Use (27 reviews) - Alerts (22 reviews) **Cons:** - Expensive (10 reviews) - False Positives (7 reviews) - Learning Curve (7 reviews) - Cybersecurity Risks (6 reviews) - Dashboard Issues (5 reviews) ### 9. [Cyrisma](https://www.g2.com/products/cyrisma/reviews) Cyrisma helps MSPs and MSSPs turn cyber risk and compliance into revenue. Its unified platform combines vulnerability management, data and asset discovery, compliance tracking, secure configuration, and dark web monitoring into one continuous experience - enabling partners to identify, prioritize, and remediate cyber risk efficiently. With executive-ready reporting, risk monetization insights, and elegant visuals, Cyrisma helps MSPs demonstrate measurable value, strengthen client relationships, and scale their security services profitably. **Average Rating:** 4.6/5.0 **Total Reviews:** 60 **How Do G2 Users Rate Cyrisma?** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.3/10) - **Reporting:** 8.2/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.8/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.6/10 (Category avg: 8.8/10) **Who Is the Company Behind Cyrisma?** - **Seller:** [Cyrisma](https://www.g2.com/sellers/cyrisma) - **Company Website:** https://www.cyrisma.com/ - **Year Founded:** 2018 - **HQ Location:** Rochester, NY - **Twitter:** @Cyrisma_USA (43 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/cyrisma/ (15 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** CEO - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 75% Small-Business, 22% Mid-Market #### What Are Cyrisma's Pros and Cons? **Pros:** - Time-saving (13 reviews) - Ease of Use (12 reviews) - Customer Support (10 reviews) - Features (9 reviews) - Vulnerability Identification (9 reviews) **Cons:** - Missing Features (4 reviews) - Not User-Friendly (4 reviews) - Integration Issues (3 reviews) - Limited Flexibility (3 reviews) - Poor Customer Support (3 reviews) ### 10. [SecOps Solution](https://www.g2.com/products/secops-solution/reviews) SecOps Solution is a next-gen, agentless patch and vulnerability management platform that helps organizations fix vulnerabilities fast — without agents, manual effort, or complex setups. We automate patching across operating systems and third-party applications, including remote and on-prem devices — all in a fraction of the time traditional tools take. **Average Rating:** 4.8/5.0 **Total Reviews:** 40 **How Do G2 Users Rate SecOps Solution?** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.3/10) - **Reporting:** 9.6/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.7/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.7/10 (Category avg: 8.8/10) **Who Is the Company Behind SecOps Solution?** - **Seller:** [SecOps Solution](https://www.g2.com/sellers/secops-solution) - **Year Founded:** 2021 - **HQ Location:** Mountain View, California, USA - **Twitter:** @secopsolution (36 Twitter followers) - **LinkedIn® Page:** http://www.linkedin.com/company/secopsolution (7 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 70% Small-Business, 25% Mid-Market #### What Are SecOps Solution's Pros and Cons? **Pros:** - Patch Management (6 reviews) - Customer Support (4 reviews) - Detailed Explanation (4 reviews) - Reporting (4 reviews) - Reporting Efficiency (4 reviews) ### 11. [Cisco Vulnerability Management (formerly Kenna.VM)](https://www.g2.com/products/cisco-vulnerability-management-formerly-kenna-vm/reviews) Cisco Vulnerability Management (formerly Kenna.VM), the original SaaS risk-based vulnerability management platform, prioritizes vulnerabilities that pose a real risk, enabling Security and IT teams to focus their limited resources and remediate more efficiently. Cisco’s data science-driven prioritization evaluates both enterprise data and a wealth of data on real-world exploit activity and translates that context into actionable intelligence to guide remediation. **Average Rating:** 4.3/5.0 **Total Reviews:** 200 **How Do G2 Users Rate Cisco Vulnerability Management (formerly Kenna.VM)?** - **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 9.3/10) - **Reporting:** 8.5/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.7/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.1/10 (Category avg: 8.8/10) **Who Is the Company Behind Cisco Vulnerability Management (formerly Kenna.VM)?** - **Seller:** [Cisco](https://www.g2.com/sellers/cisco) - **Year Founded:** 1984 - **HQ Location:** San Jose, CA - **Twitter:** @Cisco (721,410 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/cisco/ (95,742 employees on LinkedIn®) - **Ownership:** NASDAQ:CSCO **Who Uses This Product?** - **Who Uses This:** Software Engineer - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 76% Enterprise, 17% Mid-Market ### 12. [RidgeBot](https://www.g2.com/products/ridgebot/reviews) RidgeBot by Ridge Security is a leading agentic AI-driven offensive security platform, supporting continuous threat management programs. It enables CISOs to minimize cyber risks by continuously validating the cybersecurity posture and controls protecting attack surfaces against increasingly sophisticated and frequent attacks. RidgeBot automatically tests an organization’s entire IP-based environment, including network infrastructure, applications, websites, IoT, and OT, using ethical hacking techniques to pinpoint the most critical vulnerabilities. It's dynamic AI-powered decision-making supports DevSecOps, compliance, incident response verification, and custom attack simulations. RidgeBot maintains a library of over 36,000 plugins to launch complex penetration tests and attack simulations, with detailed reporting of results and remediation recommendations. **Average Rating:** 4.5/5.0 **Total Reviews:** 94 **How Do G2 Users Rate RidgeBot?** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.3/10) - **Reporting:** 8.7/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.0/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.1/10 (Category avg: 8.8/10) **Who Is the Company Behind RidgeBot?** - **Seller:** [Ridge Security Technology](https://www.g2.com/sellers/ridge-security-technology) - **Company Website:** https://ridgesecurity.ai/ - **Year Founded:** 2020 - **HQ Location:** Santa Clara, California - **Twitter:** @RidgeSecurityAI (1,290 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/ridge-security/ (43 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 52% Small-Business, 44% Mid-Market #### What Are RidgeBot's Pros and Cons? **Pros:** - Automation (16 reviews) - Ease of Use (15 reviews) - Pentesting Efficiency (12 reviews) - Vulnerability Identification (12 reviews) - Efficiency (9 reviews) **Cons:** - Complexity (4 reviews) - Complex Setup (4 reviews) - Missing Features (4 reviews) - Poor Customer Support (3 reviews) - Poor Documentation (3 reviews) ### 13. [Saner CVEM](https://www.g2.com/products/saner-cvem/reviews) SecPod SanerCyberhygiene platform is a continuous vulnerability and exposure management solution built for the modern IT security landscape. IT and Security teams of small, mid-size, and large enterprises use the Saner platform to go beyond traditional vulnerability management practices and get complete visibility and control over the organization’s attack surface. The platform works on a single light-weight multifunctional agent and is hosted on the cloud. Saner is powered by its homegrown, world’s largest SCAP feed with over 190,000+ vulnerability checks. SanerNow allows you to manage multiple use-cases as below from a single console without traversing across a maze of tools. • Run the fastest scans to discover IT assets, vulnerabilities, misconfigurations, and other security risk exposures • Remediate vulnerabilities on time with integrated patching • Adhere with industry compliance benchmarks like HIPAA, PCI, ISO, and NIST • Fix misconfigurations and harden systems • Automate end-to-end tasks and make the process simple and hassle-free **Average Rating:** 4.5/5.0 **Total Reviews:** 72 **How Do G2 Users Rate Saner CVEM?** - **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.3/10) - **Reporting:** 8.3/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.4/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.1/10 (Category avg: 8.8/10) **Who Is the Company Behind Saner CVEM?** - **Seller:** [SecPod](https://www.g2.com/sellers/secpod-b11d8014-d8ec-46e7-9e81-c0d14919fbfc) - **Company Website:** https://www.secpod.com/ - **Year Founded:** 2008 - **HQ Location:** Redwood City, California - **Twitter:** @secpod (542 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/secpod-technologies/ (171 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 41% Small-Business, 38% Mid-Market #### What Are Saner CVEM's Pros and Cons? **Pros:** - Security (13 reviews) - Features (11 reviews) - Integrations (8 reviews) - Compliance Management (7 reviews) - Customer Support (7 reviews) **Cons:** - Integration Issues (5 reviews) - Limited Features (4 reviews) - Slow Performance (4 reviews) - Slow Scanning (4 reviews) - Limited Cloud Integration (3 reviews) ### 14. [Palo Alto Cortex XSIAM](https://www.g2.com/products/palo-alto-cortex-xsiam/reviews) Product Description: Palo Alto Networks' Cortex XSIAM is an AI-driven security operations platform designed to transform traditional Security Operations Centers by integrating and automating key functions such as data centralization, threat detection, and incident response. By leveraging machine learning and automation, it enables organizations to detect and respond to threats more efficiently, reducing manual workloads and improving overall security posture. Key Features and Functionality: - Data Centralization: Aggregates data from various sources into a unified platform, providing comprehensive visibility across the enterprise. - AI-Powered Threat Detection: Utilizes machine learning algorithms to identify anomalies and potential threats in real-time. - Automated Incident Response: Streamlines response processes through automation, enabling rapid mitigation of security incidents. - Integrated SOC Capabilities: Combines functions such as Extended Detection and Response , Security Orchestration, Automation, and Response , Attack Surface Management , and Security Information and Event Management into a cohesive platform, eliminating the need for multiple disparate tools. - Scalability: Designed to handle large volumes of data and adapt to the evolving needs of modern enterprises. Primary Value and Problem Solved: Cortex XSIAM addresses the challenges of disjointed data, weak threat defense, and heavy reliance on manual work in traditional SOCs. By centralizing data and automating security operations, it simplifies processes, enhances threat detection accuracy, and accelerates incident response times. This transformation enables organizations to proactively outpace threats, reduce operational costs, and achieve a more robust security posture. **Average Rating:** 4.4/5.0 **Total Reviews:** 61 **How Do G2 Users Rate Palo Alto Cortex XSIAM?** - **Has the product been a good partner in doing business?:** 8.4/10 (Category avg: 9.3/10) - **Reporting:** 10.0/10 (Category avg: 8.8/10) **Who Is the Company Behind Palo Alto Cortex XSIAM?** - **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks) - **Year Founded:** 2005 - **HQ Location:** Santa Clara, CA - **Twitter:** @PaloAltoNtwks (128,910 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (21,355 employees on LinkedIn®) - **Ownership:** NYSE: PANW **Who Uses This Product?** - **Who Uses This:** Information Security Engineer - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 48% Enterprise, 29% Mid-Market #### What Are Palo Alto Cortex XSIAM's Pros and Cons? **Pros:** - Log Management (13 reviews) - Dashboard Design (11 reviews) - Real-time Monitoring (11 reviews) - Simple (11 reviews) - Dashboard Customization (9 reviews) **Cons:** - Resource Intensive (9 reviews) - Complex Setup (8 reviews) - Cost (7 reviews) - Dashboard Issues (7 reviews) - Difficult Setup (7 reviews) ### 15. [CloudBees](https://www.g2.com/products/cloudbees/reviews) The Complete DevOps solution. CloudBees empowers your software delivery teams to transform your business. CloudBees solution brings together development, operations, IT, security, and business teams to: Create fast with scalable repeatable workflows. Continuously improve customer experiences by progressively delivering features with speed and control. Command everything with higher-order visibility, management, and intelligence across tools, teams, pipelines, and process... all at enterprise scale. **Average Rating:** 4.4/5.0 **Total Reviews:** 591 **How Do G2 Users Rate CloudBees?** - **Has the product been a good partner in doing business?:** 8.5/10 (Category avg: 9.3/10) - **Reporting:** 9.6/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.8/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.8/10 (Category avg: 8.8/10) **Who Is the Company Behind CloudBees?** - **Seller:** [CloudBees](https://www.g2.com/sellers/cloudbees) - **Company Website:** https://www.cloudbees.com - **Year Founded:** 2010 - **HQ Location:** San Jose, CA - **Twitter:** @CloudBees (39,211 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1189836/ (506 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** Software Engineer, DevOps Engineer - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 48% Enterprise, 41% Mid-Market #### What Are CloudBees's Pros and Cons? **Pros:** - Features (5 reviews) - Reliability (5 reviews) - Customization (4 reviews) - Ease of Use (4 reviews) - Integrations (4 reviews) **Cons:** - Complex Interface (2 reviews) - Complexity (2 reviews) - Complex Setup (2 reviews) - Complex User Interface (2 reviews) - Configuration Issues (2 reviews) ### 16. [BugBase](https://www.g2.com/products/bugbase-bugbase/reviews) BugBase is a Continuous Vulnerability Assessment Platform that conducts comprehensive security operations such as bug bounty programs and next-gen pentesting (VAPT) to assist startups and enterprises in effectively identifying, managing and mitigating vulnerabilities. **Average Rating:** 4.5/5.0 **Total Reviews:** 46 **How Do G2 Users Rate BugBase?** - **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.3/10) - **Reporting:** 9.1/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.2/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.4/10 (Category avg: 8.8/10) **Who Is the Company Behind BugBase?** - **Seller:** [BugBase](https://www.g2.com/sellers/bugbase) - **Year Founded:** 2021 - **HQ Location:** Singapore, US - **Twitter:** @BugBase (1,667 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/bugbase/ (39 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer & Network Security, Computer Software - **Company Size:** 58% Small-Business, 21% Enterprise #### What Are BugBase's Pros and Cons? **Pros:** - Ease of Use (25 reviews) - User Interface (13 reviews) - Cybersecurity (10 reviews) - Features (10 reviews) - Easy Integrations (9 reviews) **Cons:** - Slow Performance (9 reviews) - Expensive (6 reviews) - Difficult Setup (5 reviews) - Learning Curve (5 reviews) - Poor Customer Support (4 reviews) ### 17. [Fortra VM](https://www.g2.com/products/fortra-vm/reviews) Fortra VM is a proactive, risk-based vulnerability management solution that helps organizations identify, assess, and prioritize security weaknesses across their infrastructure. Beyond basic scanning, Fortra VM provides contextual risk prioritization through its Security GPA rating system, Peer Insight for industry benchmarking, and threat ranking to identify exploitation vectors that are used in real world attacks. Conveniently delivered via SAAS, Fortra VM creates easily understood reporting for efficient and effective remediation. **Average Rating:** 4.3/5.0 **Total Reviews:** 67 **How Do G2 Users Rate Fortra VM?** - **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.3/10) - **Reporting:** 8.6/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.6/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.7/10 (Category avg: 8.8/10) **Who Is the Company Behind Fortra VM?** - **Seller:** [Fortra](https://www.g2.com/sellers/fortra) - **Year Founded:** 1982 - **HQ Location:** Eden Prairie, Minnesota - **Twitter:** @fortraofficial (2,770 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/fortra (1,738 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Financial Services, Banking - **Company Size:** 45% Mid-Market, 35% Small-Business #### What Are Fortra VM's Pros and Cons? **Pros:** - Reliability (2 reviews) - Customer Support (1 reviews) - Data Security (1 reviews) - Ease of Use (1 reviews) - Incident Management (1 reviews) ### 18. [IBM QRadar EDR](https://www.g2.com/products/ibm-qradar-edr/reviews) IBM Security QRadar EDR (formerly ReaQta) combines automation and dashboards to minimize analyst workloads, detect anomalous endpoint behavior and remediate threats in near real time. IBM Security QRadar EDR is available on AWS Marketplace. With visibility across endpoints, it combines expected features, like MITRE ATT&CK mapping and attack visualizations, with dual-engine AI and automation. For teams that need extended support, managed detection and response (MDR) services offers 24/7 monitoring and response to help keep users protected. IBM Security QRadar EDR (formerly ReaQta) can be deployed as SaaS, on-premises and in air-gapped environments. For more information, visit https://www.ibm.com/products/qradar-edr **Average Rating:** 4.2/5.0 **Total Reviews:** 45 **How Do G2 Users Rate IBM QRadar EDR?** - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.3/10) - **Reporting:** 9.5/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.3/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.5/10 (Category avg: 8.8/10) **Who Is the Company Behind IBM QRadar EDR?** - **Seller:** [IBM](https://www.g2.com/sellers/ibm) - **Year Founded:** 1911 - **HQ Location:** Armonk, New York, United States - **Twitter:** @IBMSecurity (74,796 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1009/ (324,553 employees on LinkedIn®) - **Ownership:** SWX:IBM **Who Uses This Product?** - **Top Industries:** Computer & Network Security - **Company Size:** 45% Small-Business, 40% Mid-Market #### What Are IBM QRadar EDR's Pros and Cons? **Pros:** - Threat Detection (23 reviews) - Ease of Use (20 reviews) - Cybersecurity (16 reviews) - Detection Efficiency (9 reviews) - Protection (8 reviews) **Cons:** - Expensive (17 reviews) - Difficult Learning (11 reviews) - Resource Intensive (9 reviews) - False Positives (7 reviews) - High Resource Usage (7 reviews) ### 19. [Tenable Security Center](https://www.g2.com/products/tenable-security-center/reviews) Tenable Security Center (formerly Tenable.sc) is the industry's most comprehensive risk-based vulnerability management (RBVM) solution, enabling you to: • See all your vulnerabilities and continuously assess all assets the moment they join the network -- including transient devices that aren’t regularly connected • Predict what matters by understanding vulnerabilities in the context of business risk, as well as the criticality of affected assets • Act on each high priority vulnerability to effectively manage risk, and measure KPIs to effectively communicate effectiveness Legacy vulnerability management tools weren't designed to handle the modern attack surface and the growing number of threats that come with them. Instead, they’re limited to a theoretical view of risk, leading security teams to waste the majority of their time chasing after the wrong issues while missing many of the most critical vulnerabilities that pose the greatest risk to the business. By taking a risk-based approach to vulnerability management, Tenable.sc enables security teams to focus on the vulnerabilities and assets that matter most, so they can address the organization’s true business risk instead of wasting their valuable time on vulnerabilities that have a low likelihood of being exploited. Tenable delivers the most comprehensive risk-based vulnerability management solution available to help you prioritize your remediation efforts, so you can take decisive action to reduce the greatest amount of business risk with the least amount of effort. **Average Rating:** 4.6/5.0 **Total Reviews:** 73 **How Do G2 Users Rate Tenable Security Center?** - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.3/10) - **Reporting:** 8.6/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.5/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.4/10 (Category avg: 8.8/10) **Who Is the Company Behind Tenable Security Center?** - **Seller:** [Tenable](https://www.g2.com/sellers/tenable) - **HQ Location:** Columbia, MD - **Twitter:** @TenableSecurity (87,731 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,339 employees on LinkedIn®) - **Ownership:** NASDAQ: TENB **Who Uses This Product?** - **Top Industries:** Computer & Network Security, Banking - **Company Size:** 59% Enterprise, 24% Mid-Market #### What Are Tenable Security Center's Pros and Cons? **Pros:** - Features (2 reviews) - Compliance Management (1 reviews) - Customer Support (1 reviews) - Cybersecurity (1 reviews) - Dashboard Design (1 reviews) **Cons:** - Complexity (1 reviews) - Complex Queries (1 reviews) - Complex Setup (1 reviews) - Difficult Setup (1 reviews) - Integration Issues (1 reviews) ### 20. [HostedScan.com](https://www.g2.com/products/hostedscan-com/reviews) HostedScan provides 24x7 alerts and detection for security vulnerabilities. Industry-standard, open-source, vulnerability scans. Automated alerts when something changes. Manage target list manually or import automatically from providers, such as AWS, DigitalOcean, and Linode, with read-only access. Manage and audit risks with dashboarding and reporting. **Average Rating:** 4.3/5.0 **Total Reviews:** 13 **How Do G2 Users Rate HostedScan.com?** - **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.3/10) - **Reporting:** 8.3/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 7.5/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 7.5/10 (Category avg: 8.8/10) **Who Is the Company Behind HostedScan.com?** - **Seller:** [HostedScan](https://www.g2.com/sellers/hostedscan) - **Year Founded:** 2019 - **HQ Location:** Seattle, Washington - **Twitter:** @hostedscan (59 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/69116669 (4 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 85% Small-Business, 15% Mid-Market ## What Is Risk-Based Vulnerability Management Software? [Vulnerability Management Software](https://www.g2.com/categories/vulnerability-management) ## What Software Categories Are Similar to Risk-Based Vulnerability Management Software? - [Threat Intelligence Software](https://www.g2.com/categories/threat-intelligence) - [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner) - [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools) - [Dark Web Monitoring Tools](https://www.g2.com/categories/dark-web-monitoring) - [ Attack Surface Management Software](https://www.g2.com/categories/attack-surface-management) - [Exposure Management Platforms](https://www.g2.com/categories/exposure-management-platforms) - [Digital Risk Protection (DRP) Platforms](https://www.g2.com/categories/digital-risk-protection-drp-platforms)