# Best Risk-Based Vulnerability Management Software - Page 6 *By [Brandon Summers-Miller](https://research.g2.com/insights/author/brandon-summers-miller)* Risk-based vulnerability management software is used to identify and prioritize vulnerabilities based on customizable risk factors. These tools are more advanced than traditional vulnerability management solutions, as they assist in the prioritization of issues and execution of remedies based on the results of machine learning algorithms. Companies use risk-based vulnerability management solutions to analyze entire organizations’ IT systems, cloud services, and/or applications and identify priorities. Instead of manually identifying vulnerabilities and remediating them in order of discovery, an organization can automate that process to remediate vulnerabilities impacting critical business components first. From there, they can address issues as the system has ordered by impact and remediation time. Companies can customize these priorities as they see fit by weighing risk factors differently. Risk-based vulnerability management solutions are primarily used by IT professionals and security staff. These teams will integrate system and application information, outline priorities, and analyze assets. Automation within these tools saves significant time; furthermore, addressing critical vulnerabilities first can significantly reduce the likelihood of security incidents, failover, and data loss. There is some overlap between risk-based vulnerability management solutions and [security risk analysis software](https://www.g2.com/categories/security-risk-analysis), but there are a few key differences. Security risk analysis tools provide similar capabilities in identifying vulnerabilities and other security risks. But security risk analysis tools, aside from a few outlier products, will not utilize machine learning and automation to assist in the prioritization and execution of vulnerability remediation. To qualify for inclusion in the Risk-Based Vulnerability Management category, a product must: - Integrate threat intelligence and contextual data for analysis - Analyze applications, networks, and cloud services for vulnerabilities - Utilize risk factors and machine learning to prioritize vulnerabilities ## How Many Risk-Based Vulnerability Management Software Products Does G2 Track? **Total Products under this Category:** 194 ### Category Stats (May 2026) - **Average Rating**: 4.51/5 (↓0.01 vs Apr 2026) - **New Reviews This Quarter**: 49 - **Buyer Segments**: Enterprise 44% │ Small-Business 30% │ Mid-Market 27% - **Top Trending Product**: ManageEngine Vulnerability Manager Plus (+0.167) *Last updated: May 18, 2026* ## How Does G2 Rank Risk-Based Vulnerability Management Software Products? **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 4,500+ Authentic Reviews - 194+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Which Risk-Based Vulnerability Management Software Is Best for Your Use Case? - **Leader:** [Arctic Wolf](https://www.g2.com/products/arctic-wolf/reviews) - **Highest Performer:** [RiskProfiler - External Threat Exposure Management](https://www.g2.com/products/riskprofiler-external-threat-exposure-management/reviews) - **Easiest to Use:** [RiskProfiler - External Threat Exposure Management](https://www.g2.com/products/riskprofiler-external-threat-exposure-management/reviews) - **Top Trending:** [Pentera](https://www.g2.com/products/pentera/reviews) - **Best Free Software:** [Cisco Vulnerability Management (formerly Kenna.VM)](https://www.g2.com/products/cisco-vulnerability-management-formerly-kenna-vm/reviews) --- **Sponsored** ### Intruder Intruder is an exposure management platform for scaling to mid-market businesses. Over 3000 companies - across all industries - use Intruder to find critical exposures, respond faster and prevent breaches. Unifying Attack Surface Management, Vulnerability Management and Cloud security into one powerful, easy to use platform, Intruder simplifies the complex task of securing an ever-expanding attack surface. Recognizing no two business are alike, Intruder provides real-time, accurate scanning combined with intelligent risk prioritization, ensuring businesses focus on the exposures that are most relevant to them. And our proactive approach limits the window of risk, continuously monitoring for new threats while eliminating the noise that slows teams down. Whether you're an IT Manager, in DevOps or a CISO, Intruder's easy setup and context-driven approach will free you up to focus on exposures that cause real breaches, not just technical vulnerabilities. Keeping you one step ahead of attackers. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=2246&secure%5Bdisplayable_resource_id%5D=1006450&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=neighbor_category&secure%5Bplacement_resource_ids%5D%5B%5D=1423&secure%5Bplacement_resource_ids%5D%5B%5D=1519&secure%5Bplacement_resource_ids%5D%5B%5D=2832&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=27706&secure%5Bresource_id%5D=2246&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Frisk-based-vulnerability-management%3Fpage%3D8&secure%5Btoken%5D=6173441ba5789720a5ec1f83d5c5b90e90844058a354420272ea3586370740ad&secure%5Burl%5D=https%3A%2F%2Fwww.intruder.io%2F%3Futm_source%3Dg2%26utm_medium%3Dp_referral%26utm_campaign%3Dglobal%7Cfixed%7Cg2_clicks_2025&secure%5Burl_type%5D=free_trial) --- ## What Are the Top-Rated Risk-Based Vulnerability Management Software Products in 2026? ### 1. [Blue Lava, Inc.](https://www.g2.com/products/blue-lava-inc/reviews) Built with, by, and for the CISO Community, Blue Lava’s Security Program Management platform (SPM™) empowers security leaders with a system of record to continuously measure, optimize, and communicate the business value of security. Reporting is tailored for Board and C-Suite communications including the alignment of security initiatives to business areas, coverage against frameworks like NIST-CSF, risk-based project prioritization, peer benchmarking, and progress against targets over time. For a demo please visit: https://bluelava.io/contact/ Learn how you can prepare the Board and C-Suite for the SEC regulations promising to place increased scrutiny on cyber risk and governance disclosure. Download our FREE SEC Cybersecurity Toolkit here: https://bluelava.io/is-your-company-ready-for-the-new-sec-cybersecurity-rules/ **Who Is the Company Behind Blue Lava, Inc.?** - **Seller:** [Blue Lava](https://www.g2.com/sellers/blue-lava) - **Year Founded:** 2018 - **HQ Location:** N/A - **Twitter:** @bluelavainc (50 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/blue-lava (2 employees on LinkedIn®) ### 2. [BoostSecurity](https://www.g2.com/products/boostsecurity/reviews) BoostSecurity is a developer-first DevSecOps automation platform designed to seamlessly integrate security into the software development lifecycle. It enables organizations to detect, prioritize, and remediate security vulnerabilities across code, open-source dependencies, container images, and CI/CD pipelines. By automating security checks and providing actionable insights, BoostSecurity ensures the continuous integrity of the software supply chain from development to production. Key Features and Functionality: - Rapid Deployment: Initiate an effective DevSecOps program in under 15 minutes, allowing for immediate identification and resolution of vulnerabilities. - Comprehensive Security Coverage: Addresses a wide range of security concerns, including stored secrets, SCM/CI/CD misconfigurations, SAST, IaC, container scans, and third-party OSS library vulnerabilities. - Developer-Centric Workflows: Integrates seamlessly into existing development processes, providing out-of-the-box high-fidelity rules that enable vulnerability remediation as code is written, on pull requests, before merging into main branches. - Unified Control Pane: Offers a single interface for managing tools, policies, and reporting requirements, simplifying risk, audit, governance, and compliance reporting across the software supply chain. - Scalable Policy Engine: Features a powerful, flexible, and customizable policy engine for workflows, rules, and scanners, ensuring adaptability to various organizational needs. Primary Value and Problem Solved: BoostSecurity empowers organizations to ship secure software at DevOps velocity without compromising development speed or requiring additional personnel. By automating security processes and integrating them into existing workflows, it bridges the gap between development and security teams, fostering trust and collaboration. This approach not only enhances the security posture of applications but also reduces the overall cost of ownership by simplifying the AppSec tech stack and eliminating the need for multiple disparate tools. **Who Is the Company Behind BoostSecurity?** - **Seller:** [BoostSecurity](https://www.g2.com/sellers/boostsecurity) - **Year Founded:** 2020 - **HQ Location:** Montreal, Quebec, Canada - **LinkedIn® Page:** https://www.linkedin.com/company/boostsecurity-io (29 employees on LinkedIn®) ### 3. [Clear GRC](https://www.g2.com/products/clear-grc/reviews) Clear GRC is a customized platform which encompasses activities such as corporate governance, IT risk management and corporate compliance conforming to stated requirements. The objective of Clear GRC is to demystify the complex siloed IT processes into the integrated system and to provide with scalable platform to efficiently manage highly evolving Information systems security, regulatory, privacy and compliance requirements. Clear GRC helps in stabilizing the complex IT processes by providing a holistic view of the organization’s information security posture and enabling management to make informed decisions on resource allocations and managing risks. Clear GRC provides high level of consistency through improved alignment of objectives with mission, vision, and value of the organization resulting in efficient governance. **Who Is the Company Behind Clear GRC?** - **Seller:** [Clear Infosec](https://www.g2.com/sellers/clear-infosec) - **Year Founded:** 2017 - **HQ Location:** Hoboken, US - **LinkedIn® Page:** https://www.linkedin.com/company/clearinfosec/ (3 employees on LinkedIn®) ### 4. [cloudDFN cDFN WatchTower](https://www.g2.com/products/clouddfn-cdfn-watchtower/reviews) cDFN WatchTower is a CAASM (Cyber Asset Attack Surface Management) solution that integrates risk-based vulnerability management, external attack surface monitoring, dark web surveillance, vendor risk management, and compliance oversight into a single platform. It empowers organizations to proactively identify and address vulnerabilities, secure external assets, monitor potential threats on the dark web, and ensure compliance with industry standards. By consolidating these critical functions, businesses can reduce security gaps, streamline risk management, and enhance overall cybersecurity posture. **Average Rating:** 5.0/5.0 **Total Reviews:** 1 **Who Is the Company Behind cloudDFN cDFN WatchTower?** - **Seller:** [cloudDFN](https://www.g2.com/sellers/clouddfn) - **Year Founded:** 2019 - **HQ Location:** Thane, IN - **LinkedIn® Page:** https://www.linkedin.com/company/clouddfn (12 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 100% Small-Business #### What Are cloudDFN cDFN WatchTower's Pros and Cons? **Pros:** - Dark Web Monitoring (1 reviews) - Helpful (1 reviews) - Monitoring (1 reviews) - Monitoring Efficiency (1 reviews) - Response Time (1 reviews) **Cons:** - Complex Navigation (1 reviews) - Dashboard Issues (1 reviews) - Difficult Navigation (1 reviews) - Poor Navigation (1 reviews) - UX Improvement (1 reviews) ### 5. [Cogent Security](https://www.g2.com/products/cogent-security/reviews) Cogent Security builds an AI and machine learning-based cybersecurity platform to enhance threat detection and response, and provides streamlined security workflows that allow faster risk reduction and free up critical resources. **Who Is the Company Behind Cogent Security?** - **Seller:** [Cogent Security, Inc.](https://www.g2.com/sellers/cogent-security-inc) - **Year Founded:** 2024 - **HQ Location:** San Francisco, US - **LinkedIn® Page:** https://www.linkedin.com/company/cogentsecurity/ (46 employees on LinkedIn®) ### 6. [Conviso](https://www.g2.com/products/conviso/reviews) The Conviso Platform is a complete Application Security Posture Management (ASPM) solution that centralizes visibility, correlation, and prioritization of vulnerabilities across the software development lifecycle. It integrates with your existing SAST, DAST, SCA, IaC, and CI/CD tools, automates triage, and provides a unified view of risk — helping security and development teams work together to reduce complexity and strengthen AppSec maturity. **Who Is the Company Behind Conviso?** - **Seller:** [Conviso Application Security](https://www.g2.com/sellers/conviso-application-security) - **Year Founded:** 2008 - **HQ Location:** Curitiba, BR - **LinkedIn® Page:** https://www.linkedin.com/company/convisoappsec (81 employees on LinkedIn®) ### 7. [Covail Vulnerability Management](https://www.g2.com/products/covail-vulnerability-management/reviews) The Covail Vulnerability Management Solution provides you with an easy-to-understand and easy-to-use method of mitigating cyber-attacks through network assessments, vulnerability tracking, risk prioritization, and actionable reporting. **Who Is the Company Behind Covail Vulnerability Management?** - **Seller:** [Covail](https://www.g2.com/sellers/covail) - **Year Founded:** 2014 - **HQ Location:** Columbus, US - **LinkedIn® Page:** http://www.linkedin.com/company/covail (4 employees on LinkedIn®) ### 8. [Criminal IP ASM](https://www.g2.com/products/criminal-ip-asm/reviews) Criminal IP Attack Surface Management solution that helps you proactively understand your cyber space's security posture by automatically detecting and monitoring all your cyber assets, while leveraging the OSINT, AI and ML capabilities of the Criminal IP search engine in accurately assessing the risks and vulnerabilities associated with each asset on daily basis. With a single domain registration, gain true visibility into your attack surface. -Get detailed information on the risks and vulnerabilities that target your assets (IPs/Domains) with free access to the Criminal IP search engine. **Who Is the Company Behind Criminal IP ASM?** - **Seller:** [AI Spera](https://www.g2.com/sellers/ai-spera) - **Year Founded:** 2017 - **HQ Location:** Las Vegas, US - **LinkedIn® Page:** https://www.linkedin.com/company/aispera (27 employees on LinkedIn®) ### 9. [CSH Vulnerability Management Platform](https://www.g2.com/products/csh-vulnerability-management-platform/reviews) CSH Vulnerability Management Platform is a comprehensive SaaS solution that helps system administrators and security professionals with the tools they need to identify, prioritize, and mitigate vulnerabilities across their infrastructure. Designed with a risk-based approach, our platform enables users to focus on the most critical security issues first, ensuring that resources are allocated efficiently to protect valuable assets. Our solution gathers in-depth information on vulnerabilities, installed software, and potentially insecure configurations using both agent-based and agentless approaches. With data collected from your infrastructure, our multi-user, unified dashboard provides a centralized view of all findings, allowing your team to assess and address vulnerabilities in real time. The dashboard’s intuitive layout makes it easy for users of any experience level to navigate and collaborate effectively, supporting both individual and team workflows. For enhanced security, CSH Vulnerability Management Platform also offers automated external port and vulnerability scans, configurable to recur at intervals that best suit your organization’s needs. These proactive scans help to identify potential exposures on your network perimeter, alerting you to any new or recurring vulnerabilities that may pose a risk to your environment. With flexible, scalable licensing options, you can purchase the exact number of licenses you need for your current infrastructure and expand as your organization grows. The CSH Vulnerability Management Platform seamlessly integrates into existing workflows, offering robust reporting features, customizable alerts, and support for third-party tools. By providing timely, actionable insights and a holistic view of your security posture, CSH Vulnerability Management Platform helps your team stay a step ahead in the rapidly evolving landscape of cybersecurity threats. **Who Is the Company Behind CSH Vulnerability Management Platform?** - **Seller:** [Cybersecurity Help](https://www.g2.com/sellers/cybersecurity-help) - **Year Founded:** 2015 - **HQ Location:** Brno, CZ - **LinkedIn® Page:** https://www.linkedin.com/company/cyber-security-help (4 employees on LinkedIn®) ### 10. [Cybellum Security Suite](https://www.g2.com/products/cybellum-security-suite/reviews) Cybellum empowers automotive OEMs and suppliers to identify and remediate security risks at scale, throughout the entire vehicle life cycle. Our agentless solution scans embedded software components without needing access to their source code, exposing all cyber vulnerabilities. Manufacturers can then take immediate actions and eliminate any cyber risk in the development and production process, before any harm is done, while continuously monitor for emerging threats impacting vehicles on the road. Cybellum already partners with 10 leading OEMs and Tier-1 suppliers worldwide. **Who Is the Company Behind Cybellum Security Suite?** - **Seller:** [Cybellum](https://www.g2.com/sellers/cybellum) - **Year Founded:** 2016 - **HQ Location:** Tel Aviv, IL - **LinkedIn® Page:** https://www.linkedin.com/company/10289161 (45 employees on LinkedIn®) ### 11. [Cylerian Unified Cybersecurity Platform](https://www.g2.com/products/cylerian-unified-cybersecurity-platform/reviews) Cylerian is the Intelligence Engineering Platform for the modern SOC, designed to bridge the gap between Security, Observability, and Operations. Traditional security operations are bogged down by fragmented tools—separate agents for EDR, SIEM, and RMM that don’t talk to each other. Cylerian solves this by providing a unified cloud-native platform that orchestrates the entire lifecycle of an incident, from detection to remediation. Built on a high-performance, AI-native architecture, Cylerian empowers security teams to: See Everything: Achieve ultimate observability with a unified data fabric that ingests logs, flows, and telemetry across endpoints, cloud, and networks. Act Instantly: Move beyond passive alerting. Cylerian’s agent provides the "hands" to fix what it finds, enabling automated patching, software deployment, and threat remediation without complex scripting. Simplify Operations: Replace costly, disjointed stacks (SIEM + EDR + RMM + SOAR) with one cohesive solution. Whether you are an MSP looking to scale efficiently or an enterprise seeking robust cyber resilience, Cylerian delivers enterprise-grade security and compliance tools (like File Integrity Monitoring and Compliance Tracking) with the ease of use of a modern SaaS platform. **Average Rating:** 5.0/5.0 **Total Reviews:** 2 **How Do G2 Users Rate Cylerian Unified Cybersecurity Platform?** - **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.3/10) **Who Is the Company Behind Cylerian Unified Cybersecurity Platform?** - **Seller:** [Cylerian](https://www.g2.com/sellers/cylerian) - **Year Founded:** 2018 - **HQ Location:** Jersey City, US - **LinkedIn® Page:** https://www.linkedin.com/company/cylerian/ (17 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 50% Mid-Market, 50% Small-Business #### What Are Cylerian Unified Cybersecurity Platform's Pros and Cons? **Pros:** - Integrations (1 reviews) - Remediation Automation (1 reviews) - Risk Management (1 reviews) - Vulnerability Detection (1 reviews) **Cons:** - Learning Curve (1 reviews) - Training Issues (1 reviews) ### 12. [Darktrace / CLOUD](https://www.g2.com/products/darktrace-cloud/reviews) Darktrace / CLOUD is a Cloud-Native Application Protection Platform (CNAPP) with advanced real-time Cloud Detection and Response (CDR) to protect runtime environments from active threats. It secures modern hybrid and multi-cloud environments by combining posture management, runtime threat detection, cloud-native response, and automated cloud investigations in a single AI-driven platform. As organizations scale across AWS, Azure, Google Cloud, SaaS, containers, and serverless architectures, static posture checks and alert-heavy tools are no longer enough. Darktrace / CLOUD continuously understands how your cloud environment behaves and automatically stops threats as they unfold. 1. Stop Active Cloud Threats in Real Time with AI-Driven CDR Darktrace delivers true Cloud Detection and Response in live production environments. Its Self-Learning AI monitors identity behavior, workload activity, and network connections to detect the most subtle indicators of account compromise, privilege escalation, insider threats, ransomware, and novel attacks. When real threats emerge, it can take precise, proportionate action to contain them immediately, minimizing business disruption. 2. Maintain Continuous Cloud Visibility, Posture Assurance, and Risk Reduction Darktrace combines continuous cloud monitoring with Cloud Security Posture Management (CSPM) capabilities to dynamically map architecture, identities (human and non-human), services, containers, and configurations. It identifies misconfigurations, vulnerabilities, toxic combinations of privileges, and exploitable attack paths, not just static compliance gaps. This ensures organizations maintain real-time visibility and awareness of risk as cloud environments evolve. 3. Accelerate Incident Response with Automated Cloud Investigations at Scale Darktrace integrates with any detection source and your existing security stack to perform automated investigations at cloud speed and scale. When suspicious activity is detected, Darktrace automatically collects and analyzes forensic evidence across logs, configurations, disk, memory, and ephemeral workloads. Full attacker timelines are generated in minutes, enabling rapid root-cause analysis, confident remediation, and audit-ready evidence without manual data gathering. While many CNAPP solutions focus primarily on posture or fragmented point capabilities, Darktrace / CLOUD unifies prevention, real-time detection, response, and automated investigation in one continuous AI-driven workflow, delivering protection that adapts as fast as the cloud itself. AI-Driven Automation from Detection to Investigation Self-Learning AI detects known, unknown, and novel threats while autonomous response and automated investigations dramatically reduce analyst workload and stop threats automatically. Unmatched Cloud Coverage with Breadth and Depth Darktrace unifies CSPM, identity analytics, runtime CDR, and forensic depth across IaaS, PaaS, SaaS, containers, and serverless environments to deliver protection at cloud speed and scale. True Hybrid, Cross-Domain Protection The platform correlates live activity across cloud, SaaS, on-premises, and network environments to uncover and contain lateral, cross-domain attacks. Flexible Deployment for Enterprise Reality With agentless API integrations and optional agent-based telemetry, Darktrace supports SaaS, hosted, and on-prem deployments, delivering rapid time-to-value while meeting regulatory and operational requirements. **Average Rating:** 4.5/5.0 **Total Reviews:** 1 **Who Is the Company Behind Darktrace / CLOUD?** - **Seller:** [Darktrace](https://www.g2.com/sellers/darktrace) - **Company Website:** https://www.darktrace.com - **Year Founded:** 2013 - **HQ Location:** Cambridgeshire, England - **Twitter:** @Darktrace (18,178 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5013440/ (2,548 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 100% Mid-Market ### 13. [Derive](https://www.g2.com/products/derive-derive/reviews) Derive is the cybersecurity risk and operations platform that helps teams quantify risk, prioritize actions, and prove impact. Built on our Peer Risk Benchmarks – the most complete real-world dataset of cyber losses – Derive shows which risks matter most, what actions reduce loss, and where to invest next. The platform replaces legacy GRC tools with three integrated modules: Risk: Quantify and prioritize risk in dollars using real-world data Governance: Centralize controls, owners, assets, and frameworks Operations: Built-in workflows for user reviews, third-party and AI risk, IR/BC/DR, and more Unlike static tools or compliance checklists, Derive is dynamic. Risk updates in real time as your team acts. Every task is ranked by measurable risk reduction – so you know exactly what to do next. **Who Is the Company Behind Derive?** - **Seller:** [Derive](https://www.g2.com/sellers/derive-e5e39e3e-b88a-4901-b39d-92701a84965c) - **Year Founded:** 2023 - **HQ Location:** Richmond, US - **LinkedIn® Page:** https://linkedin.com/company/deriverisk (3 employees on LinkedIn®) ### 14. [DragonSoft DVM](https://www.g2.com/products/dragonsoft-dvm/reviews) Vulnerability assessment software with network scanning, vulnerabilities evaluation, risk assessment, reporting and remediation. **Who Is the Company Behind DragonSoft DVM?** - **Seller:** [DragonSoft Security Associates](https://www.g2.com/sellers/dragonsoft-security-associates) - **Year Founded:** 2002 - **HQ Location:** Hsinchu, TW - **Twitter:** @dragonsoft_tw (22 Twitter followers) - **LinkedIn® Page:** http://www.linkedin.com/company/dragonsoft (21 employees on LinkedIn®) ### 15. [Empirical Security](https://www.g2.com/products/empirical-security/reviews) Empirical Security builds a cybersecurity platform to deliver AI-driven vulnerability management by modeling both global and enterprise-specific threat landscapes, enabling security teams in enterprises to reduce alert noise, prioritize critical threats, and make data-informed decisions. **Who Is the Company Behind Empirical Security?** - **Seller:** [Empirical Security](https://www.g2.com/sellers/empirical-security) - **Year Founded:** 2024 - **HQ Location:** Chicago - **LinkedIn® Page:** https://www.linkedin.com/company/empiricalsecurity/ (13 employees on LinkedIn®) ### 16. [Eracent SBOM-HQ](https://www.g2.com/products/eracent-sbom-hq/reviews) SBOM-HQ™ - from Eracent SBOM-HQ™ provides a well-rounded set of data, reporting and analysis features that help organizations minimize risks and comply with cyber mandates and directives. While SBOM-HQ™ provides value to in-house and commercial application development teams, it is also unique in its approach to meeting the requirements of organizations that purchase or subscribe to software from numerous publishers. These “software consumers” will have to manage dozens, hundreds, or even thousands of SBOMs for products that they use, and this is impractical or impossible to do one SBOM at a time. SBOM-HQ™ is based around a centralized, single-source repository of libraries, components, and other related data from SBOMs. It dramatically reduces response time when a vulnerability is reported since it eliminates the need to review SBOMs individually. How does SBOM-HQ™ work? Customers upload their SBOM files via the user interface. During this straightforward process, users can assign related information that can be used to support reporting, filters, data access, and more. This information includes Publisher, Line of Business, Application Component, and more. SBOM-HQ™ “deconstructs” each uploaded SBOM and records the software product to which the SBOM belongs and all the SBOM’s content. This results in an index of components and libraries mapped to products. If a vulnerability is reported by NIST or another organization, customers get an immediate report of every product in use in their organization that includes the affected component or library. SBOM-HQ™ is continuously monitored and updated, and it leverages vulnerability data from NIST and other trusted global sources. It uses this data to display risk scores, levels of criticality, and more. SBOM-HQ™ also provides visibility into license types for each component and library, reducing the risk of unknowingly using a library that has excessive restrictions when less risky options are available. The system offers version tracking – the version in use, newer available versions, and version history – as well as lifecycle dates that support obsolescence management. The dedicated open source library within Eracent’s IT-Pedia® product data library provides a solid foundation for SBOM-HQ™’s analysis and reporting. Who can benefit from using SBOM-HQ? SBOM-HQ is designed to support all teams engaged in the use and operation of software. DevOps – SBOM-HQ integrates into CI/CD to generate and enrich SBOMs with real time risk data, ensuring secure and compliant releases. Procurement – SBOM-HQ equips procurement teams with SBOM-driven insights into software quality and licensing risks, enabling smarter vendor selection and safer software purchases. CyberSec teams – SBOM-HQ evaluates cyber security aspects of purchased software and monitors new vulnerabilities that appear. ITOps – SBOM-HQ exposes software weaknesses and helps mitigate the risks. Legal and Licensing teams – SBOM-HQ delivers clear visibility into open source licenses, flags conflicts early, and provides audit-ready compliance reports. Why SBOM-HQ? SBOM-HQ is designed to support software buyers and users, not just software publishers. While most SBOM solutions stop at the software development life cycle, SBOM-HQ goes further. It empowers software consumers to continuously monitor not only what they build, but also what they buy - from design and procurement, through integration, all the way to production in their own data centers. With SBOM-HQ, transparency extends beyond development, delivering visibility and control across the entire software supply chain. To learn more about SBOM-HQ™, register for a free trial at sbomhq.com or contact Eracent today! **Who Is the Company Behind Eracent SBOM-HQ?** - **Seller:** [Eracent](https://www.g2.com/sellers/eracent) - **Year Founded:** 2000 - **HQ Location:** Riegelsville, Pennsylvania - **Twitter:** @eracent (142 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/15155 (82 employees on LinkedIn®) ### 17. [ESOF - Enterprise Security in One Framework](https://www.g2.com/products/esof-enterprise-security-in-one-framework/reviews) An insight into next generations security orchestra platform - Enterprise Security in One Framework **Who Is the Company Behind ESOF - Enterprise Security in One Framework?** - **Seller:** [TAC Security](https://www.g2.com/sellers/tac-security-df469530-1206-42a7-a0dd-122505e73691) - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/No-Linkedin-Presence-Added-Intentionally-By-DataOps (1 employees on LinkedIn®) ### 18. [Farsight](https://www.g2.com/products/farsight/reviews) Don’t base your vulnerability prioritization on assumptions. Use predictive threat intelligence to make smarter and faster decisions on what to remediate, and when. Powered by Cyr3con threat intelligence, our unique risk-based vulnerability management solution Farsight helps you prioritize vulnerabilities in the context of exploitability for faster remediation. Our risk rating integrates seamlessly with our internal and external network security solutions by ranking and predicting the most aggressive vulnerabilities, and when you should patch them. By combining hacker centric behavioral data with historical data, our risk rating saves security teams time from tedious manual analysis of vulnerability data by focusing remediation efforts on vulnerabilities that are most likely to be exploited in the wild. This enables organizations to trim off weeks of exposure time and stay ahead of imminent threats with confidence. **Who Is the Company Behind Farsight?** - **Seller:** [Outpost24](https://www.g2.com/sellers/outpost24) - **HQ Location:** Karlskrona, SE - **LinkedIn® Page:** http://www.linkedin.com/company/outpost24 (252 employees on LinkedIn®) ### 19. [Fluid Attacks Continuous Hacking](https://www.g2.com/products/fluid-attacks-continuous-hacking/reviews) Implement Fluid Attacks' comprehensive, AI-powered solution into your SDLC and develop secure software without delays. As an all-in-one solution, Fluid Attacks accurately finds and helps you remediate vulnerabilities throughout the SDLC and ensures secure software development. The solution integrates its AI, automated tool, and team of pentesters to perform SAST, SCA, DAST, CSPM, SCR, PtaaS and RE to help you improve your security posture. This way, Fluid Attacks delivers accurate knowledge of the security status of your application. This means security goes alongside innovation without hindering your speed. Fluid Attacks provides you with expert knowledge about vulnerabilities and support options that enable you to remediate the security issues in your application. **Who Is the Company Behind Fluid Attacks Continuous Hacking?** - **Seller:** [Fluid Attacks](https://www.g2.com/sellers/fluid-attacks) - **Year Founded:** 2001 - **HQ Location:** San Francisco, US - **LinkedIn® Page:** https://www.linkedin.com/company/fluidattacks/ (136 employees on LinkedIn®) - **Phone:** +14154042154 ### 20. [HACK-X NODE](https://www.g2.com/products/hack-x-node/reviews) HACK-X NODE is a Risk and Vulnerability Management PTaaS product delivering on-demand, continuous and scalable Security Assessments with a unique blend of automated scanning and in-depth manual penetration testing. HACK-X NODE is disrupting the traditional VAPT method by its unique auto-configuration feature and making the entire process very seamless. This product is one stop solution for all VAPT needs: Web Application Android Application iOS Application Network **Who Is the Company Behind HACK-X NODE?** - **Seller:** [HACK-X Security](https://www.g2.com/sellers/hack-x-security) - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/No-Linkedin-Presence-Added-Intentionally-By-DataOps (1 employees on LinkedIn®) ### 21. [HCL BigFix SaaS Remediate](https://www.g2.com/products/hcl-bigfix-saas-remediate/reviews) HCL BigFix SaaS Remediate is developed by HCLSoftware, a division of HCLTech and a global enterprise software company with offices and labs worldwide. HCLSoftware serves more than 20,000 organizations, including a majority of the Fortune 100 and nearly half of the Fortune 500, across cybersecurity, digital transformation, data analytics, and AI and automation. The BigFix platform has been a trusted name in endpoint management for over two decades. HCL BigFix SaaS Remediate is the cloud-native evolution of that platform — purpose-built to bring enterprise-grade vulnerability remediation to organizations that need immediate time-to-value without the burden of on-premises infrastructure. The platform is cloud-hosted, requires no hardware or server setup on the customer side, and provisions a fully functional instance within minutes of registration. HCL BigFix SaaS Remediate automates the entire vulnerability remediation lifecycle from a single cloud console. Its remediation engine is powered by 500,000+ pre-tested Fixes — pre-built, pre-validated remediation scripts maintained by HCL BigFix — covering 120+ operating system versions and 700+ third-party applications, delivering a 98%+ first-pass patch success rate. The CyberFOCUS Analytics engine integrates CISA's Known Exploited Vulnerabilities (KEV) catalog and MITRE ATT&CK adversary data to shift prioritization from theoretical CVSS scores to vulnerabilities actively being exploited in the wild — enabling teams to remediate CISA KEVs up to 100x faster than manual processes. The Integrated Vulnerability Remediation (IVR) capability ingests scan findings from Tenable and automatically correlates each CVE with the most appropriate available fix using the BigFix supersedence engine, eliminating manual correlation entirely. For zero-days and non-patch scenarios, the platform supports custom scripts, registry edits, and configuration changes targeted to specific device groups before vendor patches are available. Protection Level Agreements (PLAs) allow teams to define remediation performance targets and track results — patch success rates, mean time to remediate, and compliance percentages — continuously across shared dashboards visible to IT, security, and executive stakeholders. The core problem HCL BigFix SaaS Remediate solves is the remediation gap — the weeks or months that pass between a vulnerability being discovered and it actually being fixed. Most organizations have scanners that generate findings; far fewer have a reliable, automated system to act on those findings at speed and scale. BigFix SaaS Remediate closes that gap by connecting detection directly to execution. IT teams stop managing manual patch cycles across fragmented tools. Security teams stop watching findings age in backlogs. Leadership gains board-reportable metrics that prove risk is being reduced — not just monitored. The Platform delivers measurable impact from day one: one global manufacturing customer discovered over 8,000 vulnerabilities their existing scanner had missed within hours of deployment. A 14-day fully functional free trial is available with no credit card required, no feature restrictions, and 24/7 support. **Who Is the Company Behind HCL BigFix SaaS Remediate?** - **Seller:** [HCL Technologies](https://www.g2.com/sellers/hcl-technologies) - **Year Founded:** 1999 - **HQ Location:** Noida, Uttar Pradesh - **Twitter:** @hcltech (425,429 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1756/ (251,431 employees on LinkedIn®) - **Ownership:** NSE - National Stock Exchange of India ### 22. [Humanize Salience](https://www.g2.com/products/humanize-salience/reviews) Humanize Salience is the N1 quantified cyber risk management solution translated for C-level executives. Our solution helps organizations to proactively assess the hidden risks of cyber vulnerabilities through leveraging advanced MetaDiscovering, MetaTreats Analysis, and modeling techniques. We use quantification models to estimate the range of probabilities and impacts of potential security events so that business leaders can be aware of the likelihood and impact of compliance and financial risks. **Who Is the Company Behind Humanize Salience?** - **Seller:** [Humanize](https://www.g2.com/sellers/humanize) - **Year Founded:** 2021 - **HQ Location:** San Francisco, US - **LinkedIn® Page:** https://www.linkedin.com/company/humanize-inc (6 employees on LinkedIn®) ### 23. [Inspectiv](https://www.g2.com/products/inspectiv/reviews) Inspectiv is an all-in-one AppSec testing platform that simplifies the process of discovering, validating, and remediating vulnerabilities. By offering penetration testing, bug bounty programs, dynamic application security testing (DAST), and vulnerability disclosure (VDP) in a single solution, organizations can reduce risk, maintain compliance, and strengthen their security posture. With streamlined management, minimal operational overhead, and predictable pricing, Inspectiv delivers impactful results that make security testing more efficient and effective. **Who Is the Company Behind Inspectiv?** - **Seller:** [Inspectiv](https://www.g2.com/sellers/inspectiv) - **HQ Location:** Culver City, US - **LinkedIn® Page:** https://www.linkedin.com/company/inspectiv (55 employees on LinkedIn®) ### 24. [iSecurity Assessment](https://www.g2.com/products/isecurity-assessment/reviews) iSecurity Assessment is a Windows-based program for in-depth analysis of the full scope of the iSeries server (System i or AS/400) security strengths and weaknesses, pinpointing the security risks which should be addressed. The output is a detailed report, grading each facet of iBM i security, with full explanations. **Who Is the Company Behind iSecurity Assessment?** - **Seller:** [iSecurity Field Encryption](https://www.g2.com/sellers/isecurity-field-encryption) - **Year Founded:** 1983 - **HQ Location:** Nanuet, NY - **Twitter:** @razleesecurity (495 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/raz-lee-security/ (20 employees on LinkedIn®) ### 25. [Ivanti Neurons for ASPM](https://www.g2.com/products/ivanti-neurons-for-aspm/reviews) Ivanti Neurons for Application Security Posture Management (ASPM) delivers full-stack visibility of application risk exposure through the entire software development lifecycle. Unify all application scan data – SAST, DAST, OSS/SCA and container – to locate misconfigurations, vulnerabilities and weaknesses and prioritize remediation. Move from detection to remediation in minutes with a contextualized, risk-based view of your organization’s cybersecurity posture and automated playbooks for remediation. Cultivate communication and cooperation from across the organization with access to dashboards designed for personnel from the DevSecOps to the C-suite. **Who Is the Company Behind Ivanti Neurons for ASPM?** - **Seller:** [Ivanti](https://www.g2.com/sellers/ivanti) - **Year Founded:** 1985 - **HQ Location:** South Jordan, UT - **Twitter:** @GoIvanti (6,769 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/15224185/ (2,968 employees on LinkedIn®) ## What Is Risk-Based Vulnerability Management Software? [Vulnerability Management Software](https://www.g2.com/categories/vulnerability-management) ## What Software Categories Are Similar to Risk-Based Vulnerability Management Software? - [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner) - [Penetration Testing Tools](https://www.g2.com/categories/penetration-testing-tools) - [ Attack Surface Management Software](https://www.g2.com/categories/attack-surface-management)