ManageEngine Vulnerability Manager Plus vs. Fortify by OpenText

ManageEngine Vulnerability Manager Plus is highly effective for organizations prioritizing ease of use, cost-effectiveness, and a single pane of glass for both vulnerability detection and patching. It is well-suited for organizations needing to manage a diverse, yet traditional, on-premise IT infrastructure (servers, workstations, laptops). It is good at securing remote endpoints by using an agent to scan, detect and patch workstations. It is good for both scanning and remediating vulnerabilities through the built-in patching tools. It is ideal for a smaller to mid sized environment using Active Directory.

Incentivized

It is best suited for runtime application security scanning and very useful for automation. You can seemlessly integrate with pipeline for dynamic scans. Cloud based apps can also be scanned for vulnerabilities, cross site scripting attacks. Basically all OWASP TOP 10. It is less appropriate to use if you have serverless architecture

Incentivized

• Patch detection
• Patch application
• History and inventory.

• DAST Scanning
• API Scanning
• Less detection of false positive

Incentivized

• Better integration with third-party tools.
• Licenses for budget-friendly customers

Incentivized

• Reporting could be better
• Can be an involved setup if your organization is not using common build tools
• Users get spammed with a lot of email updates from the service

Incentivized

We're already on our third renewal.

Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.

Incentivized

Its usable for system patchig

Incentivized

It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features.

Incentivized

Always receive excellent support from the vendor. No issues there.

Incentivized

I chose Vulnerability because it is very easy to use and analyzes threats effectively. I previously used Microsoft System Center; however, due to its complexity and lack of transparency, we decided to remove it from our company and keep only Vulnerability.

Incentivized

Fortify Application Defender is a little more timely and upfront with a lot of their information on cyber security. we like what they provide and how they communicate with our users. I think they have a good understanding and practice in their field. they seem best suited for us and the best fit.

Incentivized

• By automating the scanning, assessment, and patch management process, VMP has helped reduce the time to patch for us by 40%.
• It has provided continuous visibility into device health and overall patch state. This has helped reduce the amount of time manually checking and updating.
• By prioritizing the list of vulnerabilities the tool has helped our staff stay focused on the high-impact risks and ensure that critical assets are patched first.

Incentivized

• DevSecOps helped in reducing efforts
• License cost was less
• We could roll out double the count of applications with implementation of WebInspect

Incentivized