Join the 1500 companies using G2 Track to manage SaaS spend, usage, contracts & compliance.

Best Security Risk Analysis Software

Security risk analysis software solutions are used by companies to analyze IT portfolios and address potential security issues. These tools monitor networks, applications, and infrastructure to identify vulnerabilities. They then provide users with recommendations to adopt additional security practices or solutions. Companies use these tools to ensure they have a well-rounded security plan and sufficient security technologies. These solutions may have some overlap with IT portfolio analysis software but are specifically targeted toward security operations and software.

To qualify for inclusion in the Security Risk Analysis software category, a product must:

  • Analyze a company’s security software, hardware, and operations
  • Inform users of known vulnerabilities or holes in their security plan
  • Provide recommendations to optimize security planning across IT systems
G2 Grid® for Security Risk Analysis
Leaders
High Performers
Contenders
Niche
Momentum Leaders
Momentum Score
Market Presence
Satisfaction
content
Star Rating

Security Risk Analysis reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.

Compare Security Risk Analysis Software

Results: 82
G2 takes pride in showing unbiased ratings on user satisfaction. G2 does not allow for paid placement in any of our ratings.
Results: 82
Filter Results
Filter by:
Sort by
Star Rating
Sort By:
    Nessus
    (50)4.4 out of 5
    Optimized for quick response
    Optimized for quick response

    Built for security practitioners, by security professionals, Nessus Professional is the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.

    Going beyond malware protection, F-Secure provides end-point protection and security management solutions. Developed in Europe for businesses around the globe.

    The global network of highly skilled researchers and analysts, protecting businesses from known and emerging malware - viruses, rootkits and spyware.

    Qualys' integrated approach to IT security and compliance enables organizations of all sizes to successfully achieve both vulnerability management and policy compliance initiatives cohesively. Our solutions empower various roles within the organization to meet your unique requirements. Built on top of Qualys’ Infrastructure and Core Services, the Qualys Cloud Suite incorporates the following applications, all of which are delivered via the cloud: • AssetView • Vulnerability Management • Continuous Monitoring • ThreatPROTECT • Policy Compliance • Security Assessment Questionnaire • PCI Compliance • Web Application Scanning • Web Application Firewall • Malware Detection

    AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure. With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud. Five Essential Security Capabilities in a Single SaaS Platform AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows. 1. Asset Discovery 2. Vulnerability Assessment 3. Intrusion Detection 4. Behavioral Monitoring 5. SIEM

    Cyberoam Unified Threat Management appliances, available as hardware and virtual appliances, offer comprehensive security to organizations.

    Tripwire is a provider of advanced threat, security and compliance solutions to confidently detect, prevent and respond to cybersecurity threats

    See all your risk, in every form, from every angle. Strengthen your security posture with automated risk assessments.

    Netwrix Auditor is a visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations and access in hybrid IT environments to protect data regardless of its location. The platform provides security intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent real damage. Netwrix Auditor includes applications for Active Directory, Azure AD, Exchange, Office 365, Windows file servers, EMC storage devices, NetApp filer appliances, SharePoint, Oracle Database, SQL Server, VMware, Windows Server and network devices. Empowered with a RESTful API and user activity video recording, the platform delivers visibility and control across all of your on-premises and cloud-based IT systems in a unified way.

    Azure Security Center provides security management and threat protection across your hybrid cloud workloads. It allows you to prevent, detect, and respond to security threats with increased visibility.

    Nexpose, Rapid7’s on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact. If you’re looking for more advanced capabilities such as Remediation Workflow and Rapid7's universal Insight Agent, check out our platform-based vulnerability management software, InsightVM.

    Sophisticated, targeted attacks can take weeks, months or longer to discover and resolve. Incident response teams need tools that quickly uncover the full source and scope of an attack to reduce time-to-resolution, mitigate ongoing risk and further fortify the network. Like a security camera for the network, Blue Coat Security Analytics delivers full network security visibility, advanced network forensics, anomaly detection and real-time content inspection for all network activity. This effectively arms security and incident response teams to identify and detect advanced malware crossing the network and contain zero-day and advanced targeted attacks. A comprehensive record of all network activity lets you conduct swift forensic investigations, perform proactive incident response and resolve breaches in a fraction of the time.

    Change Tracker Gen7R2 solves IT Security and the problems that plague all organizations – the overwhelming noise of change control and ensuring the integrity of IT systems. Completely redesigned with both security and IT operations in mind, Change Tracker Gen7 R2 is the only solution designed to reduce change noise and the complexity of integrity monitoring and policy management all while allowing for unprecedented scalability and management that meets the most demanding enterprise environments. Gen7R2 enables organizations to: - Define the systems that need protection - Ensure those systems are secured, compliant and fit for purpose at all times - Provide intelligent change control to ensure systems remain in a ‘known secure and compliant state’ - Enable organizations to move projects securely from Development to Operations Gen7 R2 integrates with leading Service desks and Change Management solutions to reconcile the changes that are actually occurring within your environment with those that were expected and part of an approved Request for Change. Security and IT Service Management (ITSM) have traditionally observed and managed change in two very different ways. By linking the changes approved and expected within the ITSM world with those that are actually happening from a security perspective, SecureOps is delivered and underpins effective, ongoing security and operational availability. With Gen7R2 you have the ability to reduce change noise by more than 90%, leaving only changes that are unknown, unwanted, unexpected or potentially malicious in nature for further investigation.

    Cloud Security Command Center helps security teams gather data, identify threats, and act on them before they result in business damage or loss. It offers deep insight into application and data risk so that you can quickly mitigate threats to your cloud resources and evaluate overall health.

    IBM Application Security on Cloud helps secure your organization's Web and mobile applications, by detecting dozens of today's most pervasive published security vulnerabilities. IBM Application Security on Cloud helps to eliminate vulnerabilities from applications before they are placed into production and deployed. Convenient, detailed reporting permits you to effectively address application security risk, enabling application users to benefit from a more secure experience. IBM Open Source Analyzer helps to secure and manage your open source components, by automating security testing and configuring scanning for open source.

    Tenable.io is the only cybersecurity company that empowers customers to gain control of their risk by knowing and prioritizing vulnerabilities across their entire attack surface including traditional, cloud, mobile and DevOps environments.

    Alert Logic provides flexible security and compliance offerings to deliver optimal coverage across your environments.

    FireMon is the No.1 Intelligent Security Management solution provider, combining advanced automation and analysis to deliver next-generation security intelligence to enterprise organizations, government agencies and managed security providers. The FireMon product suite enables network security and operations teams to more effectively manage their security infrastructure. Security Manager FireMon Security Manager provides continuous visibility into and control over network security devices and policies in large enterprise environments. Through web-based KPI dashboards, traffic flow analysis and network access mapping, the platform proactively delivers the intelligence IT security, network and compliance teams need to optimize their network device configurations, monitor and validate compliance and review and make policy changes. The addition of the following add-on modules expands the capabilities of Security Manager to include workflow automation and risk analysis. • Policy Planner automates change workflows and gives firewall administrators the necessary tools to evolve policy and protection over time. This web-based module collects user requirements, recommends rule changes, provides detailed risk assessment of requests changes and supports full system audits and verification. Policy Planner uses the BPMN standard, integrating with existing business-process tools and enabling communication throughout the change process. • Policy Optimizer automates the rule review and recertification process. With Policy Optimizer, IT teams can identify troublesome rules, understand why they were created and determine if they remain relevant. The automated workflow generates event-driven or ad hoc rule review, validates rule justification with the policy owner and quantifies the risk of the requested changes so they do not impact service • Risk Analyzer reduces risk by proactively analyzing your network infrastructure, then simulating how attackers might gain access through vulnerabilities in business assets. Risk Analyzer allows IT teams to quickly assess the impact of a potential attack, where multiple exploits can be used in combination and how prepared network defenses are to defeat an attack. Immediate Insight Immediate Insight from FireMon is a real-time security analytics software that brings the speed and simplicity of a search engine to data analysis and discovery. It merges machine learning, correlation and natural language in a simple, workflow-centric interface to reveal relationships in the data that users may not have even known to look for.

    InsightVM, Rapid7’s vulnerability assessment solution, utilizes the power of the Insight platform and the heritage of our award-winning Nexpose product to provide full visibility of your modern ecosystem, prioritize risk using attacker analytics, contain threats, and remediate with SecOps agility. Leveraging InsightVM’s advanced analytics and endpoint technology enables you to discover vulnerabilities in real time and prioritize them actionably. Then, automate remediation by integrating into your IT team’s existing workflows and tools—a process made easy by InsightVM’s 40+ technology integrations.

    McAfee provides cybersecurity solutions for both businesses and consumers. It secures devices against viruses, malware, and other threats at home and away.

    Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.

    Apptega is cybersecurity management software helping businesses of all sizes easily build, manage and report their cybersecurity programs for SOC 2, NIST, ISO, PCI, SANS, GDPR, HIPAA and many others. Simplify implementing cybersecurity with real-time compliance scoring, project lifecycle, task management, calendaring, collaboration, budgeting and vendor management all in one place giving you complete control of your cybersecurity program and compliance data.

    ARCON's Secure Compliance Management is a risk, security and Information Management tool used for automated risk assessment and analysis.

    Atomicorp OSSEC GUI is a PCI compliance software that provides security and log management for OSSEC.

    AttackTree is a vulnerability management software that helps predict hacking attacks and develop prevention schemes.

    Auditor Enterprise is a patch management software that automates reporting of configuration settings across business critical systems, applications, and databases.

    AVDS is a complete network scanning solution available in a broad product line. AVDS was designed for continent spanning networks with tens of thousands of IPs, but that same, powerful scanning engine is available in an entry level version for small networks run by a single administrator. It is also available as a hosted solution for the scanning of one to one thousand external IPs or web sites.

    BeyondTrust Retina CS is the only vulnerability management solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis. Retina’s results-driven architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud, virtual, and IoT infrastructure. - Discover network, web, mobile, cloud, virtual, and IoT infrastructure - Profile asset configuration and risk potential - Pinpoint vulnerabilities, malware and attacks - Analyze threat potential, return on remediation and more - Isolate high-risk assets through advanced threat analytics - Remediate vulnerabilities through integrated patch management - Report on vulnerabilities, compliance, benchmarks, etc - Protect endpoints against client-side attacks Learn more: https://www.beyondtrust.com/products/retina-cs/

    BowTieXP is a next generation risk assessment tool that uses the Bowtie Method to assess risks. BowTieXP is unique in its ability to visualise complex risks in a way that is understandable.

    Validate the security posture of your networks with real applications and a complete range of threat vectors

    Cloud Conformity is a cloud infrastructure governance system designed to help you prevent, detect, and correct critical threats to your AWS environments. The Security and Compliance product gives you a deep level of forensics into your cloud architecture to continuously assure any vulnerabilities are caught and fixed with our rules based on the AWS Well-Architected Framework. Furthermore, the tool enables you to constantly benchmark your environments against global standards such as PCI-DSS, CIS, HIPPA, GDPR, and more.

    Compudyne Hosted Exchange provides comprehensive IT security services with a focus on security

    Cryptosense provides state-of-the-art analysis software to help businesses eliminate the vulnerabilities caused by insecure use of cryptography in their applications and infrastructure.

    CybelAngel is a SaaS security platform that ensures optimal data protection by monitoring devices on the network and identifying security leaks.

    CyberInt developed the CybeReadiness Suite to enable CISOs and senior executives to continuously measure and monitor their organization’s cyber readiness. The suite simulates complex attack scenarios targeting your organization, all from the perspective of an attacker, validating your defense's efficiency in the face of current and emerging cyber threats.

    Cybergovernance Maturity Oversight Model (CMOM) is a SaaS platform that collects data on cybersecurity controls within an organization to generate information needed for directors and executive management to identify defensive weak spots, assign responsibility to managers, encourage inter-departmental collaboration and demonstrate active and evolving cybersecurity maturity.

    Wolters Kluwer’s ELM Solutions Cybersecurity Risk Assessment application is designed to help corporate legal departments manage IT security risk across their law firms and other legal service providers.

    The CyberStrong Platform is an integrated risk management solution powering automated, intelligent cybersecurity compliance and risk management. Built on the gold-standard foundation of the NIST Cybersecurity Framework, CyberStrong’s capabilities streamline GRC activities and provide a fully integrated, single pane of glass through which CISOs and their security teams can measure, report, and mitigate risk. CyberStrong's instant time-to-value, rapid implementation, and flexibility is fueled by patented Artificial Intelligence and Machine Learning automation, which eliminates manual effort and helps organizations make informed decisions that reduce risk while driving overall business value.

    Delve Labs offers autonomous, collaborative Artificial Intelligence-driven, continuous vulnerability assessment software.

    Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation.The Digital Shadows SearchLight™ service combines scalable data analytics with human data analysts to manage and mitigate risks to your business.

    Identify vulnerabilities. Fix misconfigurations. Detect vulnerabilities and backdoors in source code. Manage access control and user rights.

    Close back doors to your network, log exit point transactions, and enforce your security policy. See our Powertech Exit Point Manager for IBM i software in action in a demo.

    Expanse provides a comprehensive, continuously-updated view of all Internet-connected assets that belong to an organization. IT operations and security teams use this insight to reduce risk posed by unknown or unmonitored assets–on their network and in the cloud–and to minimize their global attack surface.

    FortifyData offers a clear and accurate analysis of cyber risks through a risk scoring platform. Using statistical analysis and continuous monitoring of a company’s network and application layer, dark web search discoveries, IP reputation, and breach history records, companies can now understand their current cyber risk posture using our easy to understand scoring model ranging from 300 to 900.

    A cloud-based software analytics platform that eliminates the artificial boundaries between IT, physical and personnel security integrating seamlessly into existing corporate SOC environments to provide: ‘whole-person' analysis of potential insider risk; end-to-end critical infrastructure security awareness, from single manufacturing facilities to sprawling global operations; proactive warnings of malware, fraud, sabotage and other cyber threats; and single-screen reporting and monitoring of incidents and major events.

    Want to know if your system has malware? bDiscover has found a way to use software behavior in structured disassembly to reduce your time and ultimately your cost.

    Kenna is a software-as-a-service Risk and Vulnerability Intelligence platform that measures risk and prioritizes remediation efforts before an attacker can exploit an organization's weaknesses, it automates the correlation of vulnerability data, threat data, and 0-day data, analyzing security vulnerabilities against active Internet breaches so that InfoSec teams can prioritize remediations and report on their overall risk posture.