[GOLD]
QualysGuard Vulnerability Management
Qualys

For the third year in a row, Qualys Inc. has come out on top in the vulnerability management category. QualysGuard Vulnerability Management is the company's automated vulnerability management and network auditing product. Readers were most pleased with its ease of installation, the accuracy in which it identifies vulnerabilities, as well as the breadth of applications and devices covered.

[SILVER]
Nessus
Tenable Network Security

Nessus, offered by Tenable Network Security in conjunction with the company's Security Center and Passive Scanner products, placed second this year. Readers were especially enthusiastic about the product's accuracy, as well as its ability to integrate with threat management or early warning systems. Other notable features include configuration auditing, asset profiling, and high-speed discovery.

[BRONZE]
McAfee Vulnerability Manager
McAfee

The vulnerability management product of security giant McAfee Inc. places third this year, after landing the second spot in 2008. McAfee Vulnerability Manager offers a priority-based approach to vulnerability management. Other features include broad content checks, threat correlation and asset-based discovery, management, scanning and reporting. Readers highlighted the product's comprehensive and flexible reporting system as one of the best features. [59]

[TREND]
"The sweet spot of the market now is ASV scanning for PCI compliance. Some of the big players have been acquiring application security scanning vendors, so you'll see [the scanning tools] tied much more tightly into other parts of the software development lifecycle. More of the traditional scanning tools are incorporating web application scan, and that's again being driven by PCI." -- John Kindervag, senior analyst, Forrester Research