Some of the security vendors out there are not like the others. They’re often the ones to watch. That’s why I’ve had my eye on runZero, which started out solving one of security’s biggest challenges: asset discovery and identification. Traditional vuln scanners are terrible at asset identification, which ruins any subsequent analysis or attempts to identify vulns.

runZero quickly pivoted into the CAASM space, adding integrations at a rapid pace.

This new update brings vulnerability identification into the mix. It’s basic, but focuses on what matters (stuff that’s on KEV, for example, devices with default creds). By being basic, and focusing on what matters, they’re either intentionally or unintentionally enabling buyers to sidestep both the traditional infrastructure vuln scanning solutions (Tenable, R7, Qualys), AND the vuln prioritization vendors (Nucleus, Vicarious, the now-acquired Vulcan Cyber, etc). Could runZero replace traditional vuln mgmt solutions? Probably not in the short term, but they’re sure flirting with the idea in a way that would have me worried if I were in that space.

What’s more, these new features are available in the community edition I use at home for my lab environment! Consider my interest piqued.