We performed a comparison between Cisco Vulnerability Management (formerly Kenna.VM) and Snyk based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Qualys, Rapid7 and others in Risk-Based Vulnerability Management."The risk context of any vulnerability is a valuable feature."
More Cisco Vulnerability Management (formerly Kenna.VM) Pros →
"We have integrated it into our software development environment. We have it in a couple different spots. Developers can use it at the point when they are developing. They can test it on their local machine. If the setup that they have is producing alerts or if they need to upgrade or patch, then at the testing phase when a product is being built for automated testing integrates with Snyk at that point and also produces some checks."
"It has a nice dashboard where I can see all the vulnerabilities and risks that they provided. I can also see the category of any risk, such as medium, high, and low. They provide the input priority-wise. The team can target the highest one first, and then they can go to medium and low ones."
"The most valuable feature of Snyk is the SBOM."
"It's very easy for developers to use. Onboarding was an easy process for all of the developers within the company. After a quick, half-an-hour to an hour session, they were fully using it on their own. It's very straightforward. Usability is definitely a 10 out of 10."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The dependency checks of the libraries are very valuable, but the licensing part is also very important because, with open source components, licensing can be all over the place. Our project is not an open source project, but we do use quite a lot of open source components and we want to make sure that we don't have surprises in there."
"The most effective feature in securing project dependencies stems from its ability to highlight security vulnerabilities."
"There are many valuable features. For example, the way the scanning feature works. The integration is cool because I can integrate it and I don't need to wait until the CACD, I can plug it in to our local ID, and there I can do the scanning. That is the part I like best."
"An improvement would be some sort of an integration with any GRC suite."
More Cisco Vulnerability Management (formerly Kenna.VM) Cons →
"The product is very expensive."
"The tool needs improvement in license compliance. I would like to see the integration of better policy management in the product's future release. When it comes to the organization that I work for, there are a lot of business units since we are a group of companies. Each of these companies has its specific requirements and its own appetite for risk. This should be able to reflect in flexible policies. We need to be able to configure policies that can be adjusted later or overridden by the business unit that is using the product."
"It would be helpful if we get a recommendation while doing the scan about the necessary things we need to implement after identifying the vulnerabilities."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
"Because Snyk has so many integrations and so many things it can do, it's hard to really understand all of them and to get that information to each team that needs it... If there were more self-service, perhaps tutorials or overviews for new teams or developers, so that they could click through and see things themselves, that would help."
"It can be improved from the reporting perspective and scanning perspective. They can also improve it on the UI front."
"It lists projects. So, if you have a number of microservices in an enterprise, then you could have pages of findings. Developers will then spend zero time going through the pages of reports to figure out, "Is there something I need to fix?" While it may make sense to list all the projects and issues in these very long lists for completeness, Snyk could do a better job of bubbling up and grouping items, e.g., a higher level dashboard that draws attention to things that are new, the highest priority things, or things trending in the wrong direction. That would make it a lot easier. They don't quite have that yet in container security."
"We were using Microsoft Docker images. It was reporting some vulnerabilities, but we were not able to figure out the fix for them. It was reporting some vulnerabilities in the Docker images given by Microsoft, which were out of our control. That was the only limitation. Otherwise, it was good."
More Cisco Vulnerability Management (formerly Kenna.VM) Pricing and Cost Advice →
Cisco Vulnerability Management (formerly Kenna.VM) is ranked 11th in Risk-Based Vulnerability Management with 1 review while Snyk is ranked 4th in Application Security Tools with 41 reviews. Cisco Vulnerability Management (formerly Kenna.VM) is rated 8.0, while Snyk is rated 8.2. The top reviewer of Cisco Vulnerability Management (formerly Kenna.VM) writes "Offers contextual prioritization and risk-based remediation of vulnerability". On the other hand, the top reviewer of Snyk writes "Performs software composition analysis (SCA) similar to other expensive tools". Cisco Vulnerability Management (formerly Kenna.VM) is most compared with Rapid7 InsightVM, Qualys VMDR, Tenable Security Center, Ivanti Neurons for RBVM and Tanium, whereas Snyk is most compared with SonarQube, Black Duck, GitHub Advanced Security, Fortify Static Code Analyzer and Veracode.
We monitor all Risk-Based Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.