Sophisticated Attacks Driving Sophisticated Security

Vulnerability, Detection, and Response are Crucial

Erik Bradley | Jake Fabrizio 

| June 18, 2021

The 250th ETR Insights event features Vice President of Information Security for a large, publicly traded technology enterprise that is headquartered in France. With the recent ransomware attack on the US infrastructure assets owned by Colonial pipeline as a backdrop, we discussed the core elements of good security strategy, including vulnerability management, endpoint protection, and automated response. Ultimately our guest believes that a fully integrated SOAR approach is where leading enterprises are transitioning towards, but for right now there is no clear-cut answer for that from a vendor perspective. In the meantime, read more below for a detailed evaluation of the vendors that can support a holistic security strategy, leading with Vulnerability Management and next-gen endpoint detection and response.

Vulnerability Management – Tenable, Qualys & Rapid7

“Vulnerability management technologies like Tenable are very easy to implement and are great for assessing the patching of your enterprise assets.” Unfortunately, our guest often sees people only covering part of their network, “thus leaving gaps in the coverage where attackers are very glad to find loopholes in your protection.” While our guest believes all the vendors in this space can achieve good results, he does point out some differences between the main players:

Qualys has always been a very precise technology, particularly for websites, whereas Tenable is more holistic. Tenable is more in-depth with server vulnerability, and they do credentialed and non-credentialed scanning. Rapid7 is very aggressive in expanding its approach as well, but Tenable is based on an open-source technology that has existed for 15 years. Tenable has an approved approach that renders pretty good results. With Tenable, the level of false positives in the scans is going down with the credential scanning whereas some other vendors are still getting quite a few false positives because their holistic nature of the coverage is not as good. Also, Tenable may be less expensive in some regions than Qualys or a Rapid7.

ETR Data: Based on prelim JUL21 data that is currently coming in from the survey field, Tenable and Qualys are neck and neck in overall spending intentions. Check out the data for yourself with a Free Trial today.  

Next-Gen EDR/XDR – SentinelOne, CrowdStrike, Forcepoint, & Carbon Black

Our guest equates the market dynamics in endpoint protection with the past trajectory of firewalls that have seen substantial improvements over the years. Similarly, when a simple antivirus may have been goon enough in the past, the sophisticated attacks being seen today require next-generation endpoint protection. He adds that, “vendors like CrowdStrike, Carbon Black and Forcepoint are getting a lot of traction because they more holistically covering the gamut from detection to reaction, then to protection and even some SOAR. Implications.”

When asked to differentiate the offerings between the leading EDR players, our guest stated that, “vendors like SentinelOne and CrowdStrike are horizontally and vertically integrated within the information assets. Thus, rendering deep penetration within the organization but also rendering the switching to other vendors pretty hard in some respect. Others like Carbon Black and Forcepoint are more of the same old, same old without very deep penetration within the vertical integration.”

ETR Data: Based on preliminary July 21 spending intentions data, Crowdsrrike appears to be retaining its top 5 position in all of Information Security, and SentinelOne is trending towards its highest Net score since debuting in our survey work. See all the data for yourself with a Free Trial today.