Security risk analysis software solutions are used by companies to analyze IT portfolios and address potential security issues. These tools monitor networks, applications, and infrastructure to identify vulnerabilities. They then provide users with recommendations to adopt additional security practices or solutions. Companies use these tools to ensure they have a well-rounded security plan and sufficient security technologies. These solutions may have some overlap with IT portfolio analysis software but are specifically targeted toward security operations and software.
To qualify for inclusion in the Security Risk Analysis software category, a product must:
Security Risk Analysis reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.
Built for security practitioners, by security professionals, Nessus Professional is the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly and easily identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations - across a variety of operating systems, devices and applications. With features such as pre-built policies and templates, customizable reporting, group “snooze” functionality, and real-time updates, Nessus is designed to make vulnerability assessment simple, easy and intuitive. The result: less time and effort to assess, prioritize, and remediate issues.
Qualys' integrated approach to IT security and compliance enables organizations of all sizes to successfully achieve both vulnerability management and policy compliance initiatives cohesively. Our solutions empower various roles within the organization to meet your unique requirements. Built on top of Qualys’ Infrastructure and Core Services, the Qualys Cloud Suite incorporates the following applications, all of which are delivered via the cloud: • AssetView • Vulnerability Management • Continuous Monitoring • ThreatPROTECT • Policy Compliance • Security Assessment Questionnaire • PCI Compliance • Web Application Scanning • Web Application Firewall • Malware Detection
AlienVault USM Anywhere is a cloud-based security management solution that accelerates and centralizes threat detection, incident response, and compliance management for your cloud, hybrid cloud, and on-premises environments. USM Anywhere includes purpose-built cloud sensors that natively monitor your Amazon Web Services (AWS) and Microsoft Azure cloud environments. On premises, lightweight virtual sensors run on Microsoft Hyper-V and VMware ESXi to monitor your virtual private cloud and physical IT infrastructure. With USM Anywhere, you can rapidly deploy sensors into your cloud and on-premises environments while centrally managing data collection, security analysis, and threat detection from the AlienVault Secure Cloud. Five Essential Security Capabilities in a Single SaaS Platform AlienVault USM Anywhere provides five essential security capabilities in a single SaaS solution, giving you everything you need for threat detection, incident response, and compliance management—all in a single pane of glass. With USM Anywhere, you can focus on finding and responding to threats, not managing software. An elastic, cloud-based security solution, USM Anywhere can readily scale to meet your threat detection needs as your hybrid cloud environment changes and grows. 1. Asset Discovery 2. Vulnerability Assessment 3. Intrusion Detection 4. Behavioral Monitoring 5. SIEM
Nexpose, Rapid7’s on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact. If you’re looking for more advanced capabilities such as Remediation Workflow and Rapid7's universal Insight Agent, check out our platform-based vulnerability management software, InsightVM.
Sophisticated, targeted attacks can take weeks, months or longer to discover and resolve. Incident response teams need tools that quickly uncover the full source and scope of an attack to reduce time-to-resolution, mitigate ongoing risk and further fortify the network. Like a security camera for the network, Blue Coat Security Analytics delivers full network security visibility, advanced network forensics, anomaly detection and real-time content inspection for all network activity. This effectively arms security and incident response teams to identify and detect advanced malware crossing the network and contain zero-day and advanced targeted attacks. A comprehensive record of all network activity lets you conduct swift forensic investigations, perform proactive incident response and resolve breaches in a fraction of the time.
Change Tracker Gen7R2 solves IT Security and the problems that plague all organizations – the overwhelming noise of change control and ensuring the integrity of IT systems. Completely redesigned with both security and IT operations in mind, Change Tracker Gen7 R2 is the only solution designed to reduce change noise and the complexity of integrity monitoring and policy management all while allowing for unprecedented scalability and management that meets the most demanding enterprise environments. Gen7R2 enables organizations to: - Define the systems that need protection - Ensure those systems are secured, compliant and fit for purpose at all times - Provide intelligent change control to ensure systems remain in a ‘known secure and compliant state’ - Enable organizations to move projects securely from Development to Operations Gen7 R2 integrates with leading Service desks and Change Management solutions to reconcile the changes that are actually occurring within your environment with those that were expected and part of an approved Request for Change. Security and IT Service Management (ITSM) have traditionally observed and managed change in two very different ways. By linking the changes approved and expected within the ITSM world with those that are actually happening from a security perspective, SecureOps is delivered and underpins effective, ongoing security and operational availability. With Gen7R2 you have the ability to reduce change noise by more than 90%, leaving only changes that are unknown, unwanted, unexpected or potentially malicious in nature for further investigation.
Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.
InsightVM, Rapid7’s vulnerability assessment solution, utilizes the power of the Insight platform and the heritage of our award-winning Nexpose product to provide full visibility of your modern ecosystem, prioritize risk using attacker analytics, contain threats, and remediate with SecOps agility. Leveraging InsightVM’s advanced analytics and endpoint technology enables you to discover vulnerabilities in real time and prioritize them actionably. Then, automate remediation by integrating into your IT team’s existing workflows and tools—a process made easy by InsightVM’s 40+ technology integrations.
Apptega is cybersecurity management software helping businesses of all sizes easily build, manage and report their cybersecurity programs for SOC 2, NIST, ISO, PCI, SANS, GDPR, HIPAA and many others. Simplify implementing cybersecurity with real-time compliance scoring, project lifecycle, task management, calendaring, collaboration, budgeting and vendor management all in one place giving you complete control of your cybersecurity program and compliance data.
AVDS is a complete network scanning solution available in a broad product line. AVDS was designed for continent spanning networks with tens of thousands of IPs, but that same, powerful scanning engine is available in an entry level version for small networks run by a single administrator. It is also available as a hosted solution for the scanning of one to one thousand external IPs or web sites.
BeyondTrust Retina CS is the only vulnerability management solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis. Retina’s results-driven architecture works with users to proactively identify security exposures, analyze business impact, and plan and conduct remediation across network, web, mobile, cloud, virtual, and IoT infrastructure. - Discover network, web, mobile, cloud, virtual, and IoT infrastructure - Profile asset configuration and risk potential - Pinpoint vulnerabilities, malware and attacks - Analyze threat potential, return on remediation and more - Isolate high-risk assets through advanced threat analytics - Remediate vulnerabilities through integrated patch management - Report on vulnerabilities, compliance, benchmarks, etc - Protect endpoints against client-side attacks Learn more: https://www.beyondtrust.com/products/retina-cs/
Cloud Conformity is a cloud infrastructure governance system designed to help you prevent, detect, and correct critical threats to your AWS environments. The Security and Compliance product gives you a deep level of forensics into your cloud architecture to continuously assure any vulnerabilities are caught and fixed with our rules based on the AWS Well-Architected Framework. Furthermore, the tool enables you to constantly benchmark your environments against global standards such as PCI-DSS, CIS, HIPPA, GDPR, and more.
CyberInt developed the CybeReadiness Suite to enable CISOs and senior executives to continuously measure and monitor their organization’s cyber readiness. The suite simulates complex attack scenarios targeting your organization, all from the perspective of an attacker, validating your defense's efficiency in the face of current and emerging cyber threats.
Cybergovernance Maturity Oversight Model (CMOM) is a SaaS platform that collects data on cybersecurity controls within an organization to generate information needed for directors and executive management to identify defensive weak spots, assign responsibility to managers, encourage inter-departmental collaboration and demonstrate active and evolving cybersecurity maturity.
The CyberStrong Platform is an integrated risk management solution powering automated, intelligent cybersecurity compliance and risk management. Built on the gold-standard foundation of the NIST Cybersecurity Framework, CyberStrong’s capabilities streamline GRC activities and provide a fully integrated, single pane of glass through which CISOs and their security teams can measure, report, and mitigate risk. CyberStrong's instant time-to-value, rapid implementation, and flexibility is fueled by patented Artificial Intelligence and Machine Learning automation, which eliminates manual effort and helps organizations make informed decisions that reduce risk while driving overall business value.
Expanse provides a comprehensive, continuously-updated view of all Internet-connected assets that belong to an organization. IT operations and security teams use this insight to reduce risk posed by unknown or unmonitored assets–on their network and in the cloud–and to minimize their global attack surface.
FireMon is the No.1 Intelligent Security Management solution provider, combining advanced automation and analysis to deliver next-generation security intelligence to enterprise organizations, government agencies and managed security providers. The FireMon product suite enables network security and operations teams to more effectively manage their security infrastructure. Security Manager FireMon Security Manager provides continuous visibility into and control over network security devices and policies in large enterprise environments. Through web-based KPI dashboards, traffic flow analysis and network access mapping, the platform proactively delivers the intelligence IT security, network and compliance teams need to optimize their network device configurations, monitor and validate compliance and review and make policy changes. The addition of the following add-on modules expands the capabilities of Security Manager to include workflow automation and risk analysis. • Policy Planner automates change workflows and gives firewall administrators the necessary tools to evolve policy and protection over time. This web-based module collects user requirements, recommends rule changes, provides detailed risk assessment of requests changes and supports full system audits and verification. Policy Planner uses the BPMN standard, integrating with existing business-process tools and enabling communication throughout the change process. • Policy Optimizer automates the rule review and recertification process. With Policy Optimizer, IT teams can identify troublesome rules, understand why they were created and determine if they remain relevant. The automated workflow generates event-driven or ad hoc rule review, validates rule justification with the policy owner and quantifies the risk of the requested changes so they do not impact service • Risk Analyzer reduces risk by proactively analyzing your network infrastructure, then simulating how attackers might gain access through vulnerabilities in business assets. Risk Analyzer allows IT teams to quickly assess the impact of a potential attack, where multiple exploits can be used in combination and how prepared network defenses are to defeat an attack. Immediate Insight Immediate Insight from FireMon is a real-time security analytics software that brings the speed and simplicity of a search engine to data analysis and discovery. It merges machine learning, correlation and natural language in a simple, workflow-centric interface to reveal relationships in the data that users may not have even known to look for.
FortifyData offers a clear and accurate analysis of cyber risks through a risk scoring platform. Using statistical analysis and continuous monitoring of a company’s network and application layer, dark web search discoveries, IP reputation, and breach history records, companies can now understand their current cyber risk posture using our easy to understand scoring model ranging from 300 to 900.
A cloud-based software analytics platform that eliminates the artificial boundaries between IT, physical and personnel security integrating seamlessly into existing corporate SOC environments to provide: ‘whole-person' analysis of potential insider risk; end-to-end critical infrastructure security awareness, from single manufacturing facilities to sprawling global operations; proactive warnings of malware, fraud, sabotage and other cyber threats; and single-screen reporting and monitoring of incidents and major events.
Kenna is a software-as-a-service Risk and Vulnerability Intelligence platform that measures risk and prioritizes remediation efforts before an attacker can exploit an organization's weaknesses, it automates the correlation of vulnerability data, threat data, and 0-day data, analyzing security vulnerabilities against active Internet breaches so that InfoSec teams can prioritize remediations and report on their overall risk posture.
NopSec Unified Vulnerability Risk Management (VRM) correlates vulnerability data with your IT environment and attack patterns in the wild to help you avoid false positives and find the threats that matter. Unified VRM prioritizes security vulnerabilities based on business risk and context with proprietary threat prediction models and cyber intelligence – including malware, exploit, patching and social media feeds to predict the true probability of attacks. It replaces manual remediation tasks with automated workflow, integrated communication capabilities and incident management – guided by rich visualization dashboards for easy reporting on current status.