For too long the vulnerability management vendors have been quiet. In fact the whole sector has taken on the "mature" label which seems to indicate there is no new innovation happening.  Recently though we have seen some new announcements in this area.  Also, Gartner should have a new marketscope due out soon.  Here is a recap of some recent developments:

1. Qualys - I had a chance to speak with Philippe and his son at RSA. After riding high on the PCI wave and pioneering the SaaS in security movement, Qualys is now clearly moving into the compliance arena. This release details what Qualys is doing but clearly they see compliance and risk management as a new driver for the business.

2. McAfee- Say goodbye to Foundstone. Years after buying the company McAfee is finally getting rid of the Foundstone name for the vulnerability product and renaming it Vulnerability Manager 6.5 (I think I like the Foundstone name better), as part of the new business unit they have started around GRC. Foundstone founder George Kurtz is heading that unit up. They indicate they will supplement the old Foundstone scanner with abilities to scan applications, web sites and data and databases.

3,. nCircle - I spoke with Andrew Storms and Elizabeth Ireland at RSA. nCircle has been touting their compliance and risk management capabilities for a while now.  They also are showing off web application scanning as well. Though they don't get the press that Qualys does, they appear to be holding their own.  The question in my mind is how do they break out to the next level (see my post on shimmy's theory of relativity).5.

4. eEye - After many of us including me raised doubts about their viability, eEye has announced the addition of web application scanning to their Retina product. I understand this is an OEM of another companies product and does not represent a lot of investment on eEye's point.  I think at the end of the day they are trying to be an endpoint company but can't afford to jettison the scanner business.  Their long term viability according to my relativity theory is still in doubt if you ask me.

5. ISS/IBM - I hear nothing on this one, do you?  You have to question what is the game plan from Big Blue on this.  Do they buy an update or put the money into actually taking this dinosaur out of the Jurassic?  I guess we will have to see.

So I am sure some of you ask, OK Shimmy enough about the competition what is StillSecure doing with its VAM product?  Well the purpose of this blog post was to set the stage for that. I will post an update on some of the cool stuff we have planned with VAM shortly.

For too long the vulnerability management vendors have been quiet. In fact the whole sector has taken on the "mature" label which seems to indicate there is no new innovation happening.  Recently though we have seen some new announcements in this area.  Also, Gartner should have a new marketscope due out soon.  Here is a recap of some recent developments:

1. Qualys - I had a chance to speak with Philippe and his son at RSA. After riding high on the PCI wave and pioneering the SaaS in security movement, Qualys is now clearly moving into the compliance arena. This release details what Qualys is doing but clearly they see compliance and risk management as a new driver for the business.

2. McAfee- Say goodbye to Foundstone. Years after buying the company McAfee is finally getting rid of the Foundstone name for the vulnerability product and renaming it Vulnerability Manager 6.5 (I think I like the Foundstone name better), as part of the new business unit they have started around GRC. Foundstone founder George Kurtz is heading that unit up. They indicate they will supplement the old Foundstone scanner with abilities to scan applications, web sites and data and databases.

3,. nCircle - I spoke with Andrew Storms and Elizabeth Ireland at RSA. nCircle has been touting their compliance and risk management capabilities for a while now.  They also are showing off web application scanning as well. Though they don't get the press that Qualys does, they appear to be holding their own.  The question in my mind is how do they break out to the next level (see my post on shimmy's theory of relativity).5.

4. eEye - After many of us including me raised doubts about their viability, eEye has announced the addition of web application scanning to their Retina product. I understand this is an OEM of another companies product and does not represent a lot of investment on eEye's point.  I think at the end of the day they are trying to be an endpoint company but can't afford to jettison the scanner business.  Their long term viability according to my relativity theory is still in doubt if you ask me.

5. ISS/IBM - I hear nothing on this one, do you?  You have to question what is the game plan from Big Blue on this.  Do they buy an update or put the money into actually taking this dinosaur out of the Jurassic?  I guess we will have to see.

So I am sure some of you ask, OK Shimmy enough about the competition what is StillSecure doing with its VAM product?  Well the purpose of this blog post was to set the stage for that. I will post an update on some of the cool stuff we have planned with VAM shortly.