No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Vulnerability Management (formerly Kenna.VM) vs Snyk comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Vulnerability Managem...
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
1
Ranking in other categories
Cisco Security Portfolio (11th), Risk-Based Vulnerability Management (23rd)
Snyk
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
51
Ranking in other categories
Application Performance Monitoring (APM) and Observability (21st), Application Security Tools (7th), Static Application Security Testing (SAST) (5th), GRC (6th), Cloud Management (14th), Vulnerability Management (21st), Container Security (7th), Software Composition Analysis (SCA) (2nd), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (17th), DevSecOps (3rd), Application Security Posture Management (ASPM) (2nd), AI Security (10th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cisco Vulnerability Management (formerly Kenna.VM) is designed for Risk-Based Vulnerability Management and holds a mindshare of 2.2%, down 2.4% compared to last year.
Snyk, on the other hand, focuses on Application Security Tools, holds 5.0% mindshare, down 7.6% since last year.
Risk-Based Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Cisco Vulnerability Management (formerly Kenna.VM)2.2%
Qualys VMDR9.7%
Rapid7 InsightVM7.8%
Other80.3%
Risk-Based Vulnerability Management
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Snyk5.0%
SonarQube12.4%
Checkmarx One8.2%
Other74.4%
Application Security Tools
 

Featured Reviews

AshishPaliwal - PeerSpot reviewer
Self-employed at Self-employed
Offers contextual prioritization and risk-based remediation of vulnerability
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment? There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends. I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.
Abhishek-Goyal - PeerSpot reviewer
Software Engineer at a computer software company with 11-50 employees
Improves security posture by actively reducing critical vulnerabilities and guiding remediation
Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The risk context of any vulnerability is a valuable feature."
"The risk context of any vulnerability is a valuable feature; that is what it is used for and then data from different sources can be fed into it, and they have good dashboards, risk meters, and virtualization."
"The solution is very easy to install, provides clear information that is easy to follow, and we get good feedback regarding code practices and how to fix security issues."
"The most valuable feature is that they add a lot of their own information to the vulnerabilities. They describe vulnerabilities and suggest their own mitigations or version upgrades. The information was the winning factor when we compared Snyk to others. This is what gave it more impact."
"We went from 15 vulnerabilities in it to four or five, and those four or five were un-upgradable and we were not affected by them."
"The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using."
"Its reports are nice and provide information about the issue as well as resolution. They also provide a proper fix. If there's an issue, they provide information in detail about how to remediate that issue."
"The product's most valuable features are an open-source platform, remote functionality, and good pricing."
"Snyk is paramount and extremely important for us because anything that goes to production should not have any security vulnerabilities, and every application that goes into production must pass Snyk vulnerability scanning before it can be deployed."
"From this perspective, Snyk looks like the most promising solution."
 

Cons

"An improvement would be some sort of an integration with any GRC suite."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"There are a lot of false positives that need to be identified and separated."
"I think they could improve the feature for automatic fixing of security breaches."
"Snyk can be improved on the reporting aspect regarding the traceability of SCA."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license. Adjusting the policy of the current setup of recording this report is something that can improve. For instance, if you have a certain license, you receive a rating, and the rating of this license remains the same for any use case. No matter if you are using it internally or using it externally, you cannot make the adjustment to your use case. It will always alert as a risky license. The areas of licenses in the reporting and adjustments can be improve"
"Snyk's API and UI features could work better in terms of speed."
"There are some new features that we would like to see added, e.g., more visibility into library usage for the code. Something along the lines where it's doing the identification of where vulnerabilities are used, etc. This would cause them to stand out in the market as a much different platform."
"We have to integrate with their database, which means we need to send our entire code to them to scan, and they send us the report. A company working in the financial domain usually won't like to share its code or any information outside its network with any third-party provider."
 

Pricing and Cost Advice

"I think the pricing is based on the number of endpoints, so it's more subscription-based."
"I didn't think the price was that great, but it wasn't that bad, either. I'd rate their pricing as average in the market."
"Presently, my company uses an open-source version of the solution. The solution's pricing can be considered quite reasonable owing to the features they offer."
"The license model is based on the number of contributing developers. Snyk is expensive, for a startup company will most likely use the community edition, while larger companies will buy the licensed version. The price of Snyk is more than other SLA tools."
"For what Snyk offers, it has the best cost-benefit I have ever seen because you're buying the license per user."
"I would rate the pricing of Snyk at two. I'm currently using the free version, which the company offers before buying the full version. So, the price is affordable, especially for an enterprise."
"The price of the solution is expensive compared to other solutions."
"With Snyk, you get what you pay for. It is not a cheap solution, but you get a comprehensiveness and level of coverage that is very good. The dollars in the security budget only go so far. If I can maximize my value and be able to have some funds left over for other initiatives, I want to do that. That is what drives me to continue to say, "What's out there in the market? Snyk's expensive, but it's good. Is there something as good, but more affordable?" Ultimately, I find we could go cheaper, but we would lose the completeness of vision or scope. I am not willing to do that because Snyk does provide a pretty important benefit for us."
"Despite Snyk's coverage, scalability, reliability, and stability, it is available at a very competitive price."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
904,016 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Retailer
15%
Computer Software Company
14%
Construction Company
10%
Financial Services Firm
10%
Financial Services Firm
14%
Manufacturing Company
11%
Computer Software Company
9%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise10
Large Enterprise23
 

Questions from the Community

Ask a question
Earn 20 points
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vuln...
What is your primary use case for Snyk?
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
 

Also Known As

Kenna.VM, Kenna Security, Kenna, Kenna Security Platform
Fugue, Snyk AppRisk
 

Overview

 

Sample Customers

TransUnion
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about Qualys, Horizon3.ai, Tenable and others in Risk-Based Vulnerability Management. Updated: June 2026.
904,016 professionals have used our research since 2012.