# Best Risk-Based Vulnerability Management Software *By [Brandon Summers-Miller](https://research.g2.com/insights/author/brandon-summers-miller)* Risk-based vulnerability management software is used to identify and prioritize vulnerabilities based on customizable risk factors. These tools are more advanced than traditional vulnerability management solutions, as they assist in the prioritization of issues and execution of remedies based on the results of machine learning algorithms. Companies use risk-based vulnerability management solutions to analyze entire organizations’ IT systems, cloud services, and/or applications and identify priorities. Instead of manually identifying vulnerabilities and remediating them in order of discovery, an organization can automate that process to remediate vulnerabilities impacting critical business components first. From there, they can address issues as the system has ordered by impact and remediation time. Companies can customize these priorities as they see fit by weighing risk factors differently. Risk-based vulnerability management solutions are primarily used by IT professionals and security staff. These teams will integrate system and application information, outline priorities, and analyze assets. Automation within these tools saves significant time; furthermore, addressing critical vulnerabilities first can significantly reduce the likelihood of security incidents, failover, and data loss. There is some overlap between risk-based vulnerability management solutions and [security risk analysis software](https://www.g2.com/categories/security-risk-analysis), but there are a few key differences. Security risk analysis tools provide similar capabilities in identifying vulnerabilities and other security risks. But security risk analysis tools, aside from a few outlier products, will not utilize machine learning and automation to assist in the prioritization and execution of vulnerability remediation. To qualify for inclusion in the Risk-Based Vulnerability Management category, a product must: - Integrate threat intelligence and contextual data for analysis - Analyze applications, networks, and cloud services for vulnerabilities - Utilize risk factors and machine learning to prioritize vulnerabilities ## Category Overview **Total Products under this Category:** 194 ## Trust & Credibility Stats **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 4,400+ Authentic Reviews - 194+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Best Risk-Based Vulnerability Management Software At A Glance - **Leader:** [Arctic Wolf](https://www.g2.com/products/arctic-wolf/reviews) - **Highest Performer:** [RiskProfiler - External Threat Exposure Management](https://www.g2.com/products/riskprofiler-external-threat-exposure-management/reviews) - **Easiest to Use:** [RiskProfiler - External Threat Exposure Management](https://www.g2.com/products/riskprofiler-external-threat-exposure-management/reviews) - **Top Trending:** [Pentera](https://www.g2.com/products/pentera/reviews) - **Best Free Software:** [Cisco Vulnerability Management (formerly Kenna.VM)](https://www.g2.com/products/cisco-vulnerability-management-formerly-kenna-vm/reviews) --- **Sponsored** ### Upwind Upwind is the runtime-first cloud security platform that secures your deployments, configurations, and applications by providing real-time visibility from the inside out. We’ve built a unified fabric that maps your environment as it runs - revealing what’s truly at risk, what’s actively happening, and how to respond quickly and effectively. With Upwind, security, dev, and ops teams move faster, stay focused, and fix risks that matter most. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=2246&secure%5Bdisplayable_resource_id%5D=2246&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=page_category&secure%5Bplacement_resource_ids%5D%5B%5D=2246&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=1333227&secure%5Bresource_id%5D=2246&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Frisk-based-vulnerability-management%3Fpage%3D8&secure%5Btoken%5D=abec228abe580ee909937518cca507102f87455ebc896bde5b8eafed721eec89&secure%5Burl%5D=https%3A%2F%2Fwww.upwind.io&secure%5Burl_type%5D=custom_url&secure%5Bvisitor_segment%5D=180) --- ## Top-Rated Products (Ranked by G2 Score) ### 1. [Arctic Wolf](https://www.g2.com/products/arctic-wolf/reviews) Arctic Wolf® is the market leader in security operations. Using the cloud-native Arctic Wolf® Platform, we help organizations end cyber risk by providing security operations as a concierge service. Arctic Wolf solutions include Arctic Wolf® Managed Detection and Response (MDR), Managed Risk, and Managed Security Awareness —each delivered by the industry’s original Concierge Security® Team. Highly-trained Concierge Security experts work as an extension of internal teams to provide 24x7 monitoring, detection, and response, as well as ongoing risk management to give organizations the protection, resilience and guidance they need to defend against cyber threats. Visit arcticwolf.com to get the latest industry resources and learn more about our solutions. **Average Rating:** 4.7/5.0 **Total Reviews:** 275 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.3/10) - **Reporting:** 9.5/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.6/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.6/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Arctic Wolf Networks](https://www.g2.com/sellers/arctic-wolf-networks) - **Company Website:** https://www.arcticwolf.com - **Year Founded:** 2012 - **HQ Location:** Eden Prairie, MN - **Twitter:** @AWNetworks (4,497 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2760138/ (3,382 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** IT Manager, IT Director - **Top Industries:** Hospital & Health Care, Information Technology and Services - **Company Size:** 71% Mid-Market, 20% Enterprise #### Pros & Cons **Pros:** - Customer Support (58 reviews) - Threat Detection (47 reviews) - Cybersecurity (28 reviews) - Ease of Use (27 reviews) - Alerts (22 reviews) **Cons:** - Expensive (10 reviews) - False Positives (7 reviews) - Learning Curve (7 reviews) - Cybersecurity Risks (6 reviews) - Dashboard Issues (5 reviews) ### 2. [Tenable Vulnerability Management](https://www.g2.com/products/tenable-vulnerability-management/reviews) Tenable Vulnerability Management provides a risk-based approach to identifying, prioritizing, and remediating vulnerabilities across your entire attack surface. Powered by Nessus technology and AI-driven analytics, it goes beyond CVSS scores to assess exploitability, asset criticality, and business impact—so you can focus on what matters most. With continuous visibility, automated scanning, and real-time risk insights, security teams can quickly expose and close critical vulnerabilities before they’re exploited. Advanced asset identification ensures accurate tracking in dynamic environments, while intuitive dashboards, comprehensive reporting, and seamless third-party integrations help streamline workflows. As a cloud-based solution, Tenable Vulnerability Management scales with your organization, empowering security teams to maximize efficiency, reduce risk, and improve resilience against evolving threats. **Average Rating:** 4.5/5.0 **Total Reviews:** 112 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.3/10) - **Reporting:** 8.1/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.2/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.8/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Tenable](https://www.g2.com/sellers/tenable) - **Company Website:** https://www.tenable.com/ - **HQ Location:** Columbia, MD - **Twitter:** @TenableSecurity (87,651 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,357 employees on LinkedIn®) - **Ownership:** NASDAQ: TENB **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 55% Enterprise, 34% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (12 reviews) - Scanning Efficiency (10 reviews) - Vulnerability Identification (10 reviews) - Automated Scanning (7 reviews) - Features (7 reviews) **Cons:** - Expensive (6 reviews) - Pricing Issues (6 reviews) - Complexity (5 reviews) - Inadequate Reporting (5 reviews) - Limited Reporting (5 reviews) ### 3. [HackerOne Platform](https://www.g2.com/products/hackerone-hackerone-platform/reviews) HackerOne is a global leader in Continuous Threat Exposure Management (CTEM). The HackerOne Platform unites agentic AI solutions with the ingenuity of the world’s largest community of security researchers to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems. Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming, and code security, HackerOne delivers measurable, continuous reduction of cyber risk for enterprises. Industry leaders, including Anthropic, Crypto.com, General Motors, Goldman Sachs, Lufthansa, Uber, UK Ministry of Defence, and the U.S. Department of Defense, trust HackerOne to safeguard their digital ecosystems. HackerOne was recognized in Gartner’s Emerging Tech Impact Radar: AI Cybersecurity Ecosystem report for its leadership in AI Security Testing and has been named a Most Loved Workplace for Young Professionals (2024). **Average Rating:** 4.5/5.0 **Total Reviews:** 64 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 9.3/10) **Seller Details:** - **Seller:** [HackerOne](https://www.g2.com/sellers/hackerone) - **Company Website:** https://hackerone.com - **Year Founded:** 2012 - **HQ Location:** San Francisco, California - **Twitter:** @Hacker0x01 (335,787 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/hackerone/ (6,444 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 42% Mid-Market, 41% Enterprise #### Pros & Cons **Pros:** - Ease of Use (19 reviews) - Helpful (12 reviews) - Collaboration (11 reviews) - Security Protection (11 reviews) - Customer Support (10 reviews) **Cons:** - Complexity Issues (5 reviews) - Expensive (5 reviews) - Time Management (5 reviews) - Poor Customer Support (4 reviews) - Poor Interface Design (4 reviews) ### 4. [Recorded Future](https://www.g2.com/products/recorded-future/reviews) Recorded Future is the world’s largest threat intelligence company. Recorded Future’s Intelligence Cloud provides end-to-end intelligence across adversaries, infrastructure, and targets. Indexing the internet across the open web, dark web, and technical sources, Recorded Future provides real-time visibility into an expanding attack surface and threat landscape, empowering clients to act with speed and confidence to reduce risk and securely drive business forward. Headquartered in Boston with offices and employees around the world, Recorded Future works with over 1,900 businesses and government organizations across 80 countries to provide real-time, unbiased and actionable intelligence. Learn more at recordedfuture.com. **Average Rating:** 4.6/5.0 **Total Reviews:** 218 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.1/10 (Category avg: 9.3/10) - **Reporting:** 8.4/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.9/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.8/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Recorded Future](https://www.g2.com/sellers/recorded-future) - **Company Website:** https://www.recordedfuture.com - **Year Founded:** 2009 - **HQ Location:** Somerville, US - **Twitter:** @RecordedFuture (108,193 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/678036/ (1,149 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Threat Intelligence Analyst, Cyber Threat Intelligence Analyst - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 68% Enterprise, 19% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (100 reviews) - Features (96 reviews) - Threat Intelligence (68 reviews) - Threat Detection (65 reviews) - Insights (64 reviews) **Cons:** - Complexity (38 reviews) - Expensive (36 reviews) - Learning Curve (30 reviews) - Insufficient Information (26 reviews) - Difficult Learning (25 reviews) ### 5. [RiskProfiler - External Threat Exposure Management](https://www.g2.com/products/riskprofiler-external-threat-exposure-management/reviews) RiskProfiler is an advanced cybersecurity platform purpose-built for Continuous Threat Exposure Management (CTEM). It unifies external, cloud, vendor, and brand risk intelligence into a single ecosystem—providing organizations with real-time visibility, contextual threat insights, and actionable remediation guidance. Through its integrated suite, External Attack Surface Managemnet, Third\_party Risk Management, Cloud Attack Surface Management, and Brand Risk Protection; the platform continuously discovers, classifies, and evaluates external-facing assets and risks across the internet, multi-cloud environments, and third-party ecosystems. Powered by AI-enabled risk questionnaires, RiskProfiler automates the exchange, validation, and scoring of security assessments, dramatically accelerating third-party due diligence and compliance validation. The platform’s context-enriched graph engine correlates vulnerabilities, exposures, and configurations with real-world threat data, revealing how attackers might exploit an organization’s digital footprint. Its newly enhanced Cyber Threat Intelligence (CTI) module provides live insights into industry-specific attack trends, threat actor profiles, and evolving TTPs, directly embedded within the dashboard. By analyzing CVEs, IOCs, and exploit patterns, it maps these to relevant assets and potential attack paths, enabling focused, prioritized mitigation. From identifying exposed cloud resources across AWS, Azure, and Google Cloud to uncovering brand impersonation, phishing campaigns, or logo abuse, RiskProfiler delivers unified visibility and continuous monitoring that extends beyond the perimeter. It helps organizations anticipate, contextualize, and neutralize threats before they turn into breaches, transforming exposure management into a truly intelligent, predictive defense capability. **Average Rating:** 4.9/5.0 **Total Reviews:** 118 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.9/10 (Category avg: 9.3/10) - **Reporting:** 9.9/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.9/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.9/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Riskprofiler](https://www.g2.com/sellers/riskprofiler) - **Company Website:** https://riskprofiler.io/ - **Year Founded:** 2019 - **HQ Location:** Rock Hill , US - **Twitter:** @riskprofilerio (211 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/riskprofiler (28 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer, Security Consultant - **Top Industries:** Information Technology and Services, Design - **Company Size:** 66% Mid-Market, 33% Small-Business #### Pros & Cons **Pros:** - Risk Management (70 reviews) - Features (32 reviews) - Customer Support (31 reviews) - Ease of Use (30 reviews) - Easy Setup (29 reviews) **Cons:** - Learning Curve (17 reviews) - Complexity (16 reviews) - Difficult Learning (16 reviews) - Learning Difficulty (10 reviews) - Complex Setup (8 reviews) ### 6. [Cortex Cloud](https://www.g2.com/products/cortex-cloud/reviews) Cortex Cloud by Palo Alto Networks, the next version of Prisma Cloud, understands a unified security approach is essential for effectively addressing AppSec, CloudSec, and SecOps. Connecting cloud security and SOC workflows enables teams to achieve holistic visibility, trace risk across the lifecycle, and correlate real-time threat activity with development and runtime contexts. Cortex Cloud is a unified platform built on three core pillars: data integration, AI-driven intelligence, and automation. Now you can safeguard applications, data, and infrastructure across multicloud and hybrid environments with a unified data model that consolidates telemetry from code, runtime, identity, and endpoints, all into a single data source. Empower teams with precise, AI-powered insights and 2200+ machine learning models to identify and stop zero-day threats with real-time advanced threat detection and response. And automate with 1000+ prebuilt playbooks across your cloud stack to reduce manual workloads, accelerate remediations, and cut response times tenfold. Cortex Cloud delivers more than tools—it transforms how organizations secure their cloud environments. **Average Rating:** 4.1/5.0 **Total Reviews:** 110 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.0/10 (Category avg: 9.3/10) - **Reporting:** 7.8/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 7.5/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.1/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks) - **Company Website:** https://www.paloaltonetworks.com - **Year Founded:** 2005 - **HQ Location:** Santa Clara, CA - **Twitter:** @PaloAltoNtwks (128,788 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (21,355 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 38% Enterprise, 31% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (49 reviews) - Features (45 reviews) - Security (43 reviews) - Visibility (38 reviews) - Cloud Integration (34 reviews) **Cons:** - Expensive (31 reviews) - Difficult Learning (30 reviews) - Learning Curve (29 reviews) - Pricing Issues (24 reviews) - Complex Setup (21 reviews) ### 7. [Check Point Exposure Management](https://www.g2.com/products/check-point-exposure-management/reviews) Exposure Management isn’t just a buzzword, it’s the future of cybersecurity. Attackers move fast, exploiting misconfigurations, leaked credentials, and control gaps before patch cycles even start. Traditional tools give you dashboards and alerts, but visibility without action is just noise. Check Point’s latest innovation changes the game. By combining billions of internal telemetry points from Check Point’s global footprint with billions of external signals from the open, deep, and dark web via Cyberint, we deliver a Unified Intelligence Fabric that provides complete clarity across your attack surface. The industry is moving from fragmented feeds to real context on what’s an actual priority. Further prioritization is enabled through active validation of the threats, confirmation of compensating controls and deduplication of alerts between tools. Then, with Veriti’s safe-by-design remediation, we’re not just assigning tickets to the ether. Fixes are actually implemented. Every fix is validated before enforcement, meaning exposures are remediated without downtime, and risk reduction becomes measurable. Gartner predicts organizations adopting CTEM with mobilization will see 50% fewer successful attacks by 2028, and we’re leading that charge with action, not just tickets. Ready to see how exposure management done right looks? Get a 15-minute demo and experience preemptive security in action \> https://l.cyberint.com/em-demo **Average Rating:** 4.6/5.0 **Total Reviews:** 168 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.3/10) - **Reporting:** 9.0/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.3/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.0/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Check Point Software Technologies](https://www.g2.com/sellers/check-point-software-technologies) - **Company Website:** https://www.checkpoint.com/ - **Year Founded:** 1993 - **HQ Location:** Redwood City, CA - **Twitter:** @CheckPointSW (70,998 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/check-point-software-technologies/ (8,356 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Threat Analyst, Cyber Security Analyst - **Top Industries:** Banking, Financial Services - **Company Size:** 69% Enterprise, 20% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (64 reviews) - Threat Intelligence (63 reviews) - Threat Detection (52 reviews) - Insights (41 reviews) - Customer Support (39 reviews) **Cons:** - Inefficient Alerts (21 reviews) - False Positives (15 reviews) - Inefficient Alert System (15 reviews) - Integration Issues (11 reviews) - Limited Features (11 reviews) ### 8. [YesWeHack](https://www.g2.com/products/yeswehack/reviews) YesWeHack is a leading Offensive Security and Exposure Management platform delivering integrated, API-based solutions to secure organisations’ growing attack surfaces. Its human-in-the-loop model combines Bug Bounty (leveraging a global community of 135,000+ skilled ethical hackers), Autonomous Pentesting, Continuous Pentesting and unified vulnerability management to deliver agile, exhaustive security testing at scale. Customers include Louis Vuitton, Ferrero, the European Commission, Tencent and L’Oréal Groupe. ISO 27001-certified, CREST-accredited, and EU-hosted with full GDPR compliance. YesWeHack #1 Bug Bounty Platform in Europe **Average Rating:** 4.8/5.0 **Total Reviews:** 31 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.9/10 (Category avg: 9.3/10) - **Reporting:** 9.2/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.3/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.0/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [YesWeHack](https://www.g2.com/sellers/yeswehack) - **Company Website:** https://www.yeswehack.com/ - **Year Founded:** 2015 - **HQ Location:** Paris, France - **LinkedIn® Page:** https://www.linkedin.com/company/yes-we-hack/ (577 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer & Network Security - **Company Size:** 45% Enterprise, 32% Small-Business #### Pros & Cons **Pros:** - Ease of Use (15 reviews) - Customer Support (10 reviews) - Features (9 reviews) - Reporting Quality (7 reviews) - Team Quality (7 reviews) **Cons:** - Expensive (2 reviews) - Poor Interface Design (2 reviews) - Limited Scope (1 reviews) - Missing Features (1 reviews) - Pricing Issues (1 reviews) ### 9. [vRx by Vicarius](https://www.g2.com/products/vrx-by-vicarius/reviews) vRx by Vicarius goes beyond patch management to offer the most advanced vulnerability remediation solution in the market. vRx offers 3 built-in methods to keep you covered at all times: 1) Automated Patching: vRx catalogs all your apps and finds the patches they need, and applies them - automatically and on the schedule or frequency of your choosing. 2) Scripting: For more complex vulnerabilities or configuration based vulnerabilities, vRx includes a fully fledged scripting engine. 3) Patchless Protection: x\_protect or patchless protection is a compensating control that reduces the risk of an affected app even when a patch is not yet developed or cannot be deployed vRx helps 500+ customers across 50 countries find AND immediately remediate vulns that impact their business. **Average Rating:** 4.9/5.0 **Total Reviews:** 61 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.3/10) - **Reporting:** 8.7/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.2/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.6/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Vicarius](https://www.g2.com/sellers/vicarius) - **Company Website:** https://www.vicarius.io/ - **Year Founded:** 2016 - **HQ Location:** New York, New York - **Twitter:** @vicariusltd (2,028 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/vicarius/ (114 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 44% Mid-Market, 32% Small-Business #### Pros & Cons **Pros:** - Ease of Use (24 reviews) - Automation (21 reviews) - Patch Management (19 reviews) - Vulnerability Identification (18 reviews) - Features (17 reviews) **Cons:** - Missing Features (10 reviews) - Inadequate Reporting (4 reviews) - Complexity (3 reviews) - Dashboard Issues (3 reviews) - Inaccurate Information (3 reviews) ### 10. [ServiceNow Security Operations](https://www.g2.com/products/servicenow-security-operations/reviews) ServiceNow Security Operations is a sophisticated software solution designed to enhance threat and vulnerability management as well as incident response for organizations. By leveraging artificial intelligence, this platform empowers security teams to operate more efficiently and effectively, allowing for streamlined collaboration across IT, security, and risk management departments. The primary goal of ServiceNow Security Operations is to simplify complex security processes while minimizing risks associated with cybersecurity threats. Targeted at security teams within organizations of various sizes, ServiceNow Security Operations addresses the need for a cohesive approach to managing security incidents and vulnerabilities. It is particularly beneficial for organizations that utilize multiple security tools, as it integrates security and vulnerability data from these existing systems. This integration enables teams to respond to threats more rapidly by automating critical workflows and processes, thus reducing the manual effort traditionally required in incident response. Key features of ServiceNow Security Operations include intelligent workflows that automate routine tasks, allowing security professionals to focus on more strategic initiatives. The platform’s AI-driven capabilities facilitate the automatic correlation of threat intelligence from diverse sources, such as the MITRE ATT&CK framework. This feature enhances situational awareness and enables teams to prioritize threats effectively based on real-time data. Additionally, the ability to take action within other security or IT management tools from a centralized console streamlines operations, ensuring that teams can respond to incidents without unnecessary delays. Moreover, the use of digital security workflows and orchestration significantly accelerates tasks such as analysis, prioritization, and remediation. By automating these processes, organizations can not only improve their response times but also enhance their overall cybersecurity posture. The integration of AI-driven automation within the ServiceNow AI Platform® further strengthens the platform's capabilities, enabling organizations to drive cyber resilience and reduce their exposure to potential threats. In summary, ServiceNow Security Operations is a comprehensive solution that addresses the complexities of modern cybersecurity challenges. By automating and simplifying threat and vulnerability management, it empowers security teams to respond more effectively, thereby enhancing the overall security framework of an organization. **Average Rating:** 4.4/5.0 **Total Reviews:** 37 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.7/10 (Category avg: 9.3/10) - **Reporting:** 8.9/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.4/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.4/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [ServiceNow](https://www.g2.com/sellers/servicenow) - **Company Website:** https://www.servicenow.com/ - **Year Founded:** 2004 - **HQ Location:** Santa Clara, CA - **Twitter:** @servicenow (54,215 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/29352/ (32,701 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 54% Enterprise, 21% Small-Business #### Pros & Cons **Pros:** - Integration Capabilities (11 reviews) - Integration Support (10 reviews) - Ease of Use (9 reviews) - Integrations (8 reviews) - Incident Management (7 reviews) **Cons:** - Difficult Setup (4 reviews) - Integration Issues (4 reviews) - Licensing Issues (3 reviews) - Complexity (2 reviews) - Difficult Customization (2 reviews) ### 11. [Qualys VMDR](https://www.g2.com/products/qualys-vmdr/reviews) Qualys VMDR is an all-in-one risk-based vulnerability management solution that quantifies cyber risk. It gives organizations unprecedented insights into their risk posture and provides actionable steps to reduce risk. It also gives cybersecurity and IT teams a shared platform to collaborate, and the power to quickly align and automate no-code workflows to respond to threats with automated remediation and integrations with ITSM solutions such as ServiceNow. **Average Rating:** 4.4/5.0 **Total Reviews:** 164 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.3/10) - **Reporting:** 8.3/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.7/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.5/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Qualys](https://www.g2.com/sellers/qualys) - **Year Founded:** 1999 - **HQ Location:** Foster City, CA - **Twitter:** @qualys (34,191 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/8561/ (3,564 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Engineer - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 51% Enterprise, 28% Mid-Market #### Pros & Cons **Pros:** - Customer Support (2 reviews) - Features (2 reviews) - Vulnerability Detection (2 reviews) - Vulnerability Identification (2 reviews) - Alerting System (1 reviews) **Cons:** - Complexity (2 reviews) - Complex Reporting (1 reviews) - Complex Setup (1 reviews) - Difficult Learning (1 reviews) - Feature Complexity (1 reviews) ### 12. [Tenable Security Center](https://www.g2.com/products/tenable-security-center/reviews) Tenable Security Center (formerly Tenable.sc) is the industry's most comprehensive risk-based vulnerability management (RBVM) solution, enabling you to: • See all your vulnerabilities and continuously assess all assets the moment they join the network -- including transient devices that aren’t regularly connected • Predict what matters by understanding vulnerabilities in the context of business risk, as well as the criticality of affected assets • Act on each high priority vulnerability to effectively manage risk, and measure KPIs to effectively communicate effectiveness Legacy vulnerability management tools weren't designed to handle the modern attack surface and the growing number of threats that come with them. Instead, they’re limited to a theoretical view of risk, leading security teams to waste the majority of their time chasing after the wrong issues while missing many of the most critical vulnerabilities that pose the greatest risk to the business. By taking a risk-based approach to vulnerability management, Tenable.sc enables security teams to focus on the vulnerabilities and assets that matter most, so they can address the organization’s true business risk instead of wasting their valuable time on vulnerabilities that have a low likelihood of being exploited. Tenable delivers the most comprehensive risk-based vulnerability management solution available to help you prioritize your remediation efforts, so you can take decisive action to reduce the greatest amount of business risk with the least amount of effort. **Average Rating:** 4.6/5.0 **Total Reviews:** 73 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.3/10) - **Reporting:** 8.6/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.5/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.4/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Tenable](https://www.g2.com/sellers/tenable) - **HQ Location:** Columbia, MD - **Twitter:** @TenableSecurity (87,651 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,357 employees on LinkedIn®) - **Ownership:** NASDAQ: TENB **Reviewer Demographics:** - **Top Industries:** Computer & Network Security, Banking - **Company Size:** 59% Enterprise, 24% Mid-Market #### Pros & Cons **Pros:** - Features (2 reviews) - Compliance Management (1 reviews) - Customer Support (1 reviews) - Cybersecurity (1 reviews) - Dashboard Design (1 reviews) **Cons:** - Complexity (1 reviews) - Complex Queries (1 reviews) - Complex Setup (1 reviews) - Difficult Setup (1 reviews) - Integration Issues (1 reviews) ### 13. [Bitsight](https://www.g2.com/products/bitsight/reviews) Bitsight is the global leader in cyber risk intelligence, leveraging advanced AI to empower organizations with precise insights derived from the industry’s most extensive external cybersecurity dataset. With more than 3,500 customers and over 68,000 organizations active on its platform, Bitsight delivers real-time visibility into cyber risk and threat exposure, enabling teams to rapidly identify vulnerabilities, detect emerging threats, prioritize remediation, and mitigate risks across their extended attack surface. Bitsight proactively uncovers security gaps across infrastructure, cloud environments, digital identities, and third- and fourth-party ecosystems. From security operations and governance teams to executive boardrooms, Bitsight provides the unified intelligence backbone required to confidently manage cyber risk and address exposures before they impact performance. **Average Rating:** 4.5/5.0 **Total Reviews:** 75 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.3/10) - **Reporting:** 7.4/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 7.4/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 7.9/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Bitsight](https://www.g2.com/sellers/bitsight) - **Company Website:** https://www.bitsight.com/ - **Year Founded:** 2011 - **HQ Location:** Boston, MA - **Twitter:** @BitSight (4,497 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/bitsight/ (740 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Hospital & Health Care - **Company Size:** 72% Enterprise, 23% Mid-Market #### Pros & Cons **Pros:** - Security (15 reviews) - Risk Management (14 reviews) - Ease of Use (13 reviews) - Features (11 reviews) - Customer Support (9 reviews) **Cons:** - Missing Features (6 reviews) - Lack of Clarity (5 reviews) - Poor Notifications (4 reviews) - Slow Performance (4 reviews) - Delay Issues (3 reviews) ### 14. [Pentera](https://www.g2.com/products/pentera/reviews) Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale. Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited. Its customers include Casey's General Stores, Emeria, LuLu International Exchange, IP Telecom PT, BrewDog, City National Bank, Schmitz Cargobull, and MBC Group. Pentera is backed by leading investors such as K1 Investment Management, Insight Partners, Blackstone, Evolution Equity Partners, and AWZ. Visit https://pentera.io for more information. **Average Rating:** 4.5/5.0 **Total Reviews:** 141 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.3/10) - **Reporting:** 8.0/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.3/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.4/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Pentera](https://www.g2.com/sellers/pentera) - **Company Website:** https://pentera.io/ - **Year Founded:** 2015 - **HQ Location:** Boston, MA - **Twitter:** @penterasec (3,327 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/penterasecurity/ (486 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Banking, Information Technology and Services - **Company Size:** 51% Enterprise, 40% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (9 reviews) - Vulnerability Identification (8 reviews) - Automation (7 reviews) - Customer Support (7 reviews) - Security (6 reviews) **Cons:** - Inadequate Reporting (3 reviews) - Access Control (2 reviews) - False Positives (2 reviews) - Limited Reporting (2 reviews) - Missing Features (2 reviews) ### 15. [HeroDevs](https://www.g2.com/products/herodevs/reviews) HeroDevs Never-Ending Support provides secure drop-in replacements and updates for end-of-life open source libraries, protecting businesses from vulnerabilities in deprecated software. Our team delivers proactive security updates—often before CVEs are publicly disclosed—and maintains continuous monitoring of your technology stack to identify potential threats before they impact your systems. Our solution eliminates the need for costly, time-consuming rewrites when open source libraries reach end-of-life by extending support indefinitely. HeroDevs' expert engineers maintain your existing codebase with security patches, bug fixes, and compatibility updates, allowing your development team to focus on innovation rather than remediation. This approach preserves your investment in current applications while ensuring they remain secure and compliant. HeroDevs partners directly with your security and development teams to rapidly assess vulnerabilities, prioritize remediation efforts, and implement fixes with minimal disruption. Our service includes detailed reporting on security posture, comprehensive documentation of all changes, and dedicated technical support from engineers specialized in your specific technologies. By extending the life of critical open source components, we help organizations maintain business continuity while significantly reducing security risks and compliance concerns. Keep your business secure and your applications running without costly rewrites or risky exposure. **Average Rating:** 4.7/5.0 **Total Reviews:** 18 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.5/10 (Category avg: 9.3/10) - **Reporting:** 7.5/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.3/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.3/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [HeroDevs](https://www.g2.com/sellers/herodevs) - **Year Founded:** 2018 - **HQ Location:** Sandy, Utah - **Twitter:** @herodevs (2,683 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/herodevs (100 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 61% Mid-Market, 39% Small-Business #### Pros & Cons **Pros:** - Customer Support (10 reviews) - Integrations (7 reviews) - Ease of Use (6 reviews) - Security (6 reviews) - Authentication Security (5 reviews) **Cons:** - Expensive (4 reviews) - Dashboard Issues (2 reviews) - Missing Features (2 reviews) - Additional Costs (1 reviews) - Complex Implementation (1 reviews) ### 16. [Cisco Vulnerability Management (formerly Kenna.VM)](https://www.g2.com/products/cisco-vulnerability-management-formerly-kenna-vm/reviews) Cisco Vulnerability Management (formerly Kenna.VM), the original SaaS risk-based vulnerability management platform, prioritizes vulnerabilities that pose a real risk, enabling Security and IT teams to focus their limited resources and remediate more efficiently. Cisco’s data science-driven prioritization evaluates both enterprise data and a wealth of data on real-world exploit activity and translates that context into actionable intelligence to guide remediation. **Average Rating:** 4.3/5.0 **Total Reviews:** 200 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 9.3/10) - **Reporting:** 8.5/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.7/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.1/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Cisco](https://www.g2.com/sellers/cisco) - **Year Founded:** 1984 - **HQ Location:** San Jose, CA - **Twitter:** @Cisco (721,495 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/cisco/ (95,742 employees on LinkedIn®) - **Ownership:** NASDAQ:CSCO **Reviewer Demographics:** - **Who Uses This:** Software Engineer - **Top Industries:** Information Technology and Services, Financial Services - **Company Size:** 76% Enterprise, 17% Mid-Market ### 17. [ZeroFox](https://www.g2.com/products/zerofox/reviews) ZeroFox is the solution used to illuminate threat actor intent, mitigate threats and exposures, remove threats from the internet, and preemptively safeguard your reputation. ZeroFox uniquely fuses the core capabilities of Cyber Threat Intelligence, Brand and Domain Protection, Attack Surface Intelligence, Executive Protection and Physical Security Intelligence in one platform packed with intelligence you’ll actually use. ZeroFox defends your business from the everyday attacks that impact revenue, erode trust, and frustrate teams by: Discovering exposed assets, brands, domains, accounts, and emerging threats Validating the risks that matter most to you and your digital estate Disrupting attacks before they harm your business, your customers, and your people Our continuous cycle—Discover, Validate, Disrupt—delivers outcomes and helps organizations achieve deeper threat contextualization, faster detection and response times, and longer-term cost savings by anticipating, understanding, and mitigating external digital threats at scale. Join thousands of customers, including some of the largest public sector organizations and leaders in finance, media, technology, retail, and healthcare, and let ZeroFox deliver timely, personal, and usable intelligence so you can stay ahead of what’s next and reclaim what’s right. **Average Rating:** 4.4/5.0 **Total Reviews:** 129 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.3/10) - **Reporting:** 9.0/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.8/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.0/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [ZeroFox](https://www.g2.com/sellers/zerofox) - **Company Website:** https://www.zerofox.com - **Year Founded:** 2013 - **HQ Location:** Baltimore, MD - **Twitter:** @ZeroFOX (5,206 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2890672 (885 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Financial Services, Banking - **Company Size:** 45% Enterprise, 28% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (35 reviews) - Protection (32 reviews) - Threat Detection (28 reviews) - Alert Notifications (23 reviews) - Alerts (22 reviews) **Cons:** - Inefficient Alerts (24 reviews) - False Alarms (16 reviews) - Slow Performance (14 reviews) - False Positives (12 reviews) - Inefficient Alert System (11 reviews) ### 18. [Titania Nipper](https://www.g2.com/products/titania-nipper/reviews) Award-winning Risk-Based Vulnerability Management. Nipper solutions analyze network device configurations in the way Advances Persistent Threat (APT) groups do, to identify misconfigurations that could create attack paths. This analysis offers unparalleled, pen-tester accuracy, finding critical vulnerabilities in firewalls, routers, switches that other tools simply cannot see. Our solutions then prioritize the biggest risks to your business and provide device-specific remediation guidance, right down to specific command line prompts.  By analyzing device configurations against key compliance standards and security frameworks (including STIGs/CIS Benchmarks/PCI DSS/CMMC/CORA/NIST SP 800-53), Nipper solutions tell you precisely which devices are at risk of failing, how significant that risk is, and how you can solve it, with auditor-ready reports. Whether your focus is taking pragmatic, risk-based security measures to minimize known vulnerabilities or ensuring compliance with industry security standards, Nipper solutions provide the targeted insights you need. No other security provider looks at the network in the same way. That’s why Nipper can uniquely provide the network configuration coverage that organizations urgently require. 30+ U.S. federal agencies and 800+ organizations globally trust Nipper solutions to deliver vulnerability analysis and compliance automation while supporting air-gapped environments, sovereign cloud requirements, and complex regulated infrastructures. **Average Rating:** 4.3/5.0 **Total Reviews:** 24 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.0/10 (Category avg: 9.3/10) - **Reporting:** 9.3/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 2.5/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.3/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Titania](https://www.g2.com/sellers/titania) - **Company Website:** https://www.titania.com - **Year Founded:** 2009 - **HQ Location:** London, GB - **Twitter:** @TitaniaLtd (2,828 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/titania-ltd/ (99 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 46% Enterprise, 21% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (10 reviews) - Reporting Quality (6 reviews) - Scanning Efficiency (4 reviews) - Vulnerability Detection (4 reviews) - Clear Interface (3 reviews) **Cons:** - Licensing Issues (3 reviews) - False Positives (2 reviews) - Lack of Cloud Support (2 reviews) - Limited Compatibility (2 reviews) - Limited Scope (2 reviews) ### 19. [Semperis Purple Knight](https://www.g2.com/products/semperis-purple-knight/reviews) Community-driven hybrid Active Directory security assessment tool. Purple Knight is an identity system security assessment tool used by thousands of organizations to quickly identify vulnerabilities in AD, Entra ID, and Okta environments and receive prioritized, expert remediation guidance. **Average Rating:** 4.7/5.0 **Total Reviews:** 11 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.9/10 (Category avg: 9.3/10) - **Reporting:** 8.7/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.2/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.0/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Semperis](https://www.g2.com/sellers/semperis) - **Company Website:** https://www.semperis.com - **Year Founded:** 2015 - **HQ Location:** Hoboken, New Jersey - **Twitter:** @SemperisTech (10,097 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/semperis/ (620 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 45% Mid-Market, 45% Small-Business #### Pros & Cons **Pros:** - Cybersecurity (4 reviews) - Ease of Use (4 reviews) - Data Discovery (3 reviews) - Detailed Explanation (3 reviews) - Implementation Ease (2 reviews) **Cons:** - Information Management (2 reviews) - Lack of Automation (2 reviews) - Difficult Learning (1 reviews) - Difficult Setup (1 reviews) - Inadequate Reporting (1 reviews) ### 20. [PlexTrac](https://www.g2.com/products/plextrac/reviews) PlexTrac is the leading AI-powered platform for pentest reporting and threat exposure management, trusted by Fortune 500 companies and top security providers. Built to help cybersecurity teams continuously manage and reduce threat exposure, PlexTrac centralizes security data, streamlines reporting, prioritizes risk, and automates remediation workflows—empowering teams to drive measurable risk reduction. The platform is ideal for enterprises & service providers looking to deliver a Continuous Threat Exposure Management (CTEM) framework across their business. With our suite of solutions, you can consolidate security data from tools and manual testing, automatically prioritize risks based on business impact, and automate remediation and retesting workflows for ongoing, more effective threat management. **Average Rating:** 4.8/5.0 **Total Reviews:** 15 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.3/10) - **Reporting:** 9.9/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 6.9/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.6/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [PlexTrac](https://www.g2.com/sellers/plextrac) - **Company Website:** https://plextrac.com/ - **Year Founded:** 2016 - **HQ Location:** Boise, Idaho - **Twitter:** @plextrac (1,658 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/19015522 (85 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Consulting - **Company Size:** 40% Enterprise, 40% Small-Business #### Pros & Cons **Pros:** - Features (7 reviews) - Customer Support (6 reviews) - Ease of Use (6 reviews) - Reporting Efficiency (6 reviews) - Integrations (5 reviews) **Cons:** - Missing Features (2 reviews) - Complexity (1 reviews) - Complex Setup (1 reviews) - Difficult Learning (1 reviews) - Inadequate Reporting (1 reviews) ### 21. [Microsoft Defender Vulnerability Management](https://www.g2.com/products/microsoft-defender-vulnerability-management/reviews) Defender Vulnerability Management delivers asset visibility, intelligent assessments, and built-in remediation tools for Windows, macOS, Linux, Android, iOS, and network devices. Leveraging Microsoft threat intelligence, breach likelihood predictions, business contexts, and devices assessments, Defender Vulnerability Management rapidly and continuously prioritizes the biggest vulnerabilities on your most critical assets and provides security recommendations to mitigate risk. Reduce risk with continuous vulnerability assessment, risk-based prioritization, and remediation. Defender Vulnerability Management is available for cloud workloads and endpoints. Defender for Endpoint Plan 2 customers can access advanced vulnerability management capabilities with the Defender Vulnerability Management add-on, now generally available. **Average Rating:** 4.4/5.0 **Total Reviews:** 34 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.6/10 (Category avg: 9.3/10) - **Reporting:** 8.7/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.8/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.8/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft) - **Year Founded:** 1975 - **HQ Location:** Redmond, Washington - **Twitter:** @microsoft (13,114,353 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (227,697 employees on LinkedIn®) - **Ownership:** MSFT **Reviewer Demographics:** - **Top Industries:** Computer & Network Security - **Company Size:** 41% Small-Business, 35% Enterprise ### 22. [SAFE](https://www.g2.com/products/safe-security-safe/reviews) SAFE has reinvented cyber risk management with Agentic AI. The company helps CISOs, TPRM, and GRC leaders become strategic business partners by automating the understanding, prioritization and management of cyber risk—accelerating AI adoption and digital transformation. SAFE is the #1 platform to unify the management of all cyber risks—enterprise, third-party, and AI-related—and deliver autonomous cyber risk management through a fleet of specialized AI agents. Its platform replaces manual effort with agentic automation, backed by the world’s most trusted risk standards. Trusted by hundreds of global organizations, SAFE has more than doubled revenue three years in a row and raised $100M+ to fuel the future of cyber risk automation. **Average Rating:** 4.4/5.0 **Total Reviews:** 59 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 8.5/10 (Category avg: 9.3/10) - **Reporting:** 7.4/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 8.1/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.8/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Safe Security](https://www.g2.com/sellers/safe-security) - **Company Website:** https://safe.security - **Year Founded:** 2012 - **HQ Location:** Palo Alto, US - **Twitter:** @safecrq (3,258 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/safesecurity-inc/ (1,208 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Hospital & Health Care - **Company Size:** 73% Enterprise, 13% Mid-Market #### Pros & Cons **Pros:** - Risk Management (24 reviews) - Customer Support (13 reviews) - Features (11 reviews) - Integrations (11 reviews) - Ease of Use (10 reviews) **Cons:** - Missing Features (10 reviews) - Information Management (3 reviews) - Integration Issues (3 reviews) - Limited Customization (3 reviews) - Confusing Interface (2 reviews) ### 23. [InsightVM (Nexpose)](https://www.g2.com/products/insightvm-nexpose/reviews) InsightVM is Rapid7’s vulnerability risk management offering that advances security through cross-department clarity, a deeper understanding of risk, and measurable progress. By informing and aligning technical teams, security teams can remediate vulnerabilities and build Security into the core of the organization. With InsightVM, security teams can: Gain Clarity Into Risk and Across Teams Better understand the risk in your modern environment so you can work in lockstep with technical teams. Extend Security’s Influence Align traditionally siloed teams and drive impact with the shared view and common language of InsightVM. See Shared Progress Take a proactive approach to security with tracking and metrics that create accountability and recognize progress. **Average Rating:** 4.4/5.0 **Total Reviews:** 69 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.3/10) - **Reporting:** 8.4/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.1/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 8.9/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [Rapid7](https://www.g2.com/sellers/rapid7) - **Year Founded:** 2000 - **HQ Location:** Boston, MA - **Twitter:** @rapid7 (124,150 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/39624/ (3,249 employees on LinkedIn®) - **Ownership:** NASDAQ:RPD **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 51% Enterprise, 32% Mid-Market #### Pros & Cons **Pros:** - Automation (4 reviews) - Vulnerability Identification (4 reviews) - Asset Management (3 reviews) - Features (3 reviews) - Prioritization (3 reviews) **Cons:** - Complexity (3 reviews) - Performance Issues (2 reviews) - Resource Limitations (2 reviews) - Resource Management (2 reviews) - Time-Consuming (2 reviews) ### 24. [ThreatMon](https://www.g2.com/products/threatmon/reviews) ThreatMon is an AI-powered cyber risk intelligence platform designed to assist organizations in detecting, analyzing, and responding to external cyber threats that may impact their digital assets, brand reputation, and third-party ecosystem. This comprehensive solution provides real-time visibility into an organization’s attack surface exposure, the evolving threat landscape, and overall cyber risk posture, all accessible from a single, unified platform. The platform is particularly beneficial for security and risk management teams who require a holistic view of their cyber environment. ThreatMon integrates various functionalities including attack surface management, threat intelligence, dark web monitoring, fraud detection, surface web monitoring, and supply chain risk intelligence. This integration eliminates the need for multiple, disconnected tools, streamlining the process of threat detection and risk assessment. By consolidating these capabilities, ThreatMon allows organizations to efficiently manage their cyber risk landscape while reducing operational complexity. Key features of ThreatMon include the ability to discover exposed assets, detect phishing attempts, monitor for brand impersonation, and track leaked credentials and data breaches. Additionally, it provides insights into threat actors and assesses vendor and third-party risks, which is crucial for organizations that rely on a complex ecosystem of partners and suppliers. The platform’s built-in governance, risk, and compliance (GRC) capabilities further enhance its utility by mapping compliance requirements and generating executive-level reports. This functionality translates technical findings into actionable business-level insights, enabling stakeholders to make informed decisions regarding their cyber risk management strategies. By unifying external exposure monitoring, threat intelligence, fraud detection, supply chain risk visibility, and governance-level reporting, ThreatMon empowers both security operations teams and executives to understand, prioritize, and respond to cyber risks more effectively. This shift from fragmented, reactive security measures to a proactive, intelligence-driven approach allows organizations to better safeguard their assets and maintain their reputation in an increasingly complex digital landscape. With ThreatMon, organizations can enhance their overall security posture and foster a culture of proactive risk management, ensuring they remain resilient against evolving cyber threats. **Average Rating:** 4.9/5.0 **Total Reviews:** 26 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.3/10) - **Reporting:** 9.8/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 10.0/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.5/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [ThreatMon](https://www.g2.com/sellers/threatmon) - **Company Website:** https://threatmon.io/ - **Year Founded:** 2022 - **HQ Location:** Sterling VA - **Twitter:** @MonThreat (16,369 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/threatmon/ (34 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer & Network Security - **Company Size:** 38% Enterprise, 38% Mid-Market #### Pros & Cons **Pros:** - Monitoring (10 reviews) - Threat Detection (10 reviews) - Ease of Use (7 reviews) - Detailed Analysis (6 reviews) - Threat Intelligence (6 reviews) **Cons:** - Excessive Notifications (4 reviews) - Information Overload (4 reviews) - Limited Features (4 reviews) - Inefficient Alerts (3 reviews) - Inefficient Alert System (3 reviews) ### 25. [SecOps Solution](https://www.g2.com/products/secops-solution/reviews) SecOps Solution is a next-gen, agentless patch and vulnerability management platform that helps organizations fix vulnerabilities fast — without agents, manual effort, or complex setups. We automate patching across operating systems and third-party applications, including remote and on-prem devices — all in a fraction of the time traditional tools take. **Average Rating:** 4.8/5.0 **Total Reviews:** 38 **User Satisfaction Scores:** - **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.3/10) - **Reporting:** 9.6/10 (Category avg: 8.8/10) - **Vulnerability Intelligence:** 9.7/10 (Category avg: 8.7/10) - **Risk-Prioritization:** 9.7/10 (Category avg: 8.8/10) **Seller Details:** - **Seller:** [SecOps Solution](https://www.g2.com/sellers/secops-solution) - **Year Founded:** 2021 - **HQ Location:** Mountain View, California, USA - **Twitter:** @secopsolution (36 Twitter followers) - **LinkedIn® Page:** http://www.linkedin.com/company/secopsolution (7 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Computer Software, Financial Services - **Company Size:** 71% Small-Business, 24% Mid-Market #### Pros & Cons **Pros:** - Patch Management (6 reviews) - Customer Support (5 reviews) - Reporting (5 reviews) - Detailed Explanation (4 reviews) - Reporting Efficiency (4 reviews) ## Parent Category [Vulnerability Management Software](https://www.g2.com/categories/vulnerability-management) ## Related Categories - [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner) - [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools) - [ Attack Surface Management Software](https://www.g2.com/categories/attack-surface-management)