The Forrester Wave™: Vulnerability Risk Management, Q4 2019

Tony MasonVulnerability Management & SIEM

Rapid7 is named a leader, receiving the highest score possible in nine criteria for its InsightVM, vulnerability risk management tool.

Forrester Wave Vulnerability Risk Management

Forrester cites 14 key areas buyers should consider when evaluating VRM solutions. Rapid7’s own customers tell us that the following 5 capabilities are especially critical…

5 Capabilities Your Vulnerability Risk Management Solution Needs:

1 Visibility of your complete IT environment

Identify all of your externally-facing, internet-connected assets. In addition include those that may be undiscoverable with other tools. This helps to get a complete view of your risk. InsightVM received the highest possible scores for this capability in the Digital Footprinting criteria.

2 Extensibility & integration

Your VRM solution must enable integration, orchestration, and automation of the tools and processes across your stack. InsightVM also received the highest possible scores for its extensibility and Partner Ecosystem.

3 Reporting for the progress that matters most

Tracking the goals and metrics most relevant and impactful to your team is critical. Similarly it is important to communicate those milestones to peers and leadership. InsightVM is designed to track your progress and drive alignment across the organisation.

4 Simple pricing

Pricing and budgeting should be simple. InsightVM makes this easier with a price per asset model – no fine print needed.

5 Prioritisation for your business

Identify and prioritise risk with complete coverage of your environment and the addition of business criticality to assets. InsightVM also received the highest possible score in the criteria of Vulnerability Enumeration and Risk-Based Prioritisation.

What Else Should You Expect from Your VRM Vendor?

In addition to the key areas covered by the Forrester Wave, we’ve rounded up some additional considerations for vendor selection. Here are some we’ve heard from Rapid7 customers:

A unified security platform

As well as offering our full vulnerability risk management feature set for all InsightVM users, the Rapid7 Insight Cloud supports you across the entire security life cycle. In other words, this covers from prevention to detection and response.

Visibility across the organisation

Identifying and prioritising risk is table stakes, but proving the effectiveness of your program is key. Your solution should help you work in tandem with IT operations. In addition it should also help you communicate how you’ve tangibly reduced risk for your organisation. This should be both within your team and to leadership.

Commitment to service and success

Rapid7 guarantee 99.95% uptime. On the off-chance the system availability drops, only Rapid7 offers up to a 100% service credit of the prorated monthly fee paid. Other vendors cap service credits at a mere 10% or less.

Demonstrable ROI

In an exclusive case study from Forrester, Rapid7 customers offer visibility into the ROI of their programs. This features a significant decrease in incidents and spend when switching to Rapid7 from another VRM vendor. 

See the full report here.

Rapid7 InsightVM