A vulnerability assessment (VA) runs a script of known vulnerabilities against an endpoint. Vulnerability management (VM) is the formal reporting and prioritization of what is found after the scan. In 2016, VM vendors achieved $768.3 million in licenses, appliances, and related services; representing an improvement of 13.4% over 2015. VM vendors are challenged because VM scanning/reporting is a static technology, and network defenses require a combination of static and dynamic tools. Additionally, several adjacent network security technologies such as SIEM, NAC, and endpoint detection and response (EDR) also make use of behavioral analytics and machine listening technologies. However, VM has always been designed to protect the enterprise network surface. The enterprise network surface is expanding to include cloud, mobile, and Internet of Things (IoT). As much as any other network security technology, VM vendors are in a prime position to provide detection and protection products for the heterogeneous network.

Key Questions This Study Will Answer
  • What do customers expect from VM vendors?
  • Which feature sets are being adopted by VM vendors to win business?
  • What are the forecasts for VM vendors and revenues by region? By vertical market? By size of business? By product type?
  • What is the market share for VM vendors based on business size: Small/ROBO (remote or branch offices), midsized, large businesses, and enterprises?
  • What are notable points of competitive differentiation among VM vendors?
  • How is VM being used to help with compliance and security in specific vertical markets?