Most vulnerability scanning solutions follow the Nessus/OpenVas, CVE-centered approach where security personnel must wade through a hip-deep list of detected issues to solve, each one requiring research and many duplications in the mix. ME has turned this on its head by taking the CVE's under the hood and delivering an agent-based settings audit that returns most detected issues in the form of automated fixes that can be approved en masse or individually and once per device. Then they also seamlessly integrate CIS benchmarks and both OS and 3rd party software patching for a complete system hardening and INvulnerability maintenance solution that cuts down on so much extra security work. All this is wrapped up in competitive licensing tied to users rather than devices, so a growing company can afford to achieve mass, cost-effective hardening across their infrastructure, Windows and Linux in my case (I haven't tested Macintosh).
Automated patching in the form of highly-customizable test & approve-after-x-days cycles keep systems current and automated reports show continuous state of compliance. Out of the box, various locations and custom groups allow MSP-level partitions for customized security levels.
Support is excellent and responsive. Review collected by and hosted on G2.com.
The only thing I think is missing is an ability to roll back settings. I can understand patches can't necessarily be rolled back easily by 3rd party software, but a record of settings should be kept so when I harden a system I can quickly roll it back if functionality is lost. In one case I hardened a Ubuntu system so completely I couldn't get into it in any way even through root-level recovery.
I've worked around this issue by taking images of systems I'm hardening, and by pre-hardening my deployment templates rather than building fully-functional systems and then hardening. I also have dev/test systems I deploy hardening principles to first in order to minimize any production impact. Review collected by and hosted on G2.com.
