No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Vulnerability Management (formerly Kenna.VM) vs Snyk comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Vulnerability Managem...
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
1
Ranking in other categories
Cisco Security Portfolio (11th), Risk-Based Vulnerability Management (23rd)
Snyk
Average Rating
8.2
Reviews Sentiment
7.3
Number of Reviews
51
Ranking in other categories
Application Performance Monitoring (APM) and Observability (21st), Application Security Tools (7th), Static Application Security Testing (SAST) (5th), GRC (6th), Cloud Management (14th), Vulnerability Management (21st), Container Security (7th), Software Composition Analysis (SCA) (2nd), Software Development Analytics (2nd), Cloud Security Posture Management (CSPM) (17th), DevSecOps (3rd), Application Security Posture Management (ASPM) (2nd), AI Security (10th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cisco Vulnerability Management (formerly Kenna.VM) is designed for Risk-Based Vulnerability Management and holds a mindshare of 2.2%, down 2.4% compared to last year.
Snyk, on the other hand, focuses on Application Security Tools, holds 5.0% mindshare, down 7.6% since last year.
Risk-Based Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Cisco Vulnerability Management (formerly Kenna.VM)2.2%
Qualys VMDR9.7%
Rapid7 InsightVM7.8%
Other80.3%
Risk-Based Vulnerability Management
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Snyk5.0%
SonarQube12.4%
Checkmarx One8.2%
Other74.4%
Application Security Tools
 

Featured Reviews

AshishPaliwal - PeerSpot reviewer
Self-employed at Self-employed
Offers contextual prioritization and risk-based remediation of vulnerability
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment? There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends. I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.
Abhishek-Goyal - PeerSpot reviewer
Software Engineer at a computer software company with 11-50 employees
Improves security posture by actively reducing critical vulnerabilities and guiding remediation
Snyk's main features include open-source vulnerability scanning, code security, container security, infrastructure as code security, risk-based prioritization, development-first integration, continuous monitoring and alerting, automation, and remediation. The best features I appreciate are the vulnerability checking, vulnerability scanning, and code security capabilities, as Snyk scans all open-source dependencies for known vulnerabilities and helps with license compliance for open-source components. Snyk integrates into IDEs, allowing issues to be caught as they appear in the code dynamically and prioritizes risk while providing remediation advice. Snyk provides actionable remediation advice on where vulnerabilities can exist and where code security is compromised, automatically scanning everything and providing timely alerts. Snyk has positively impacted my organization by improving the security posture across all software repositories, resulting in fewer critical vulnerabilities, more confidence in overall product security, and faster security compliance for project clients. Snyk has helped reduce vulnerabilities significantly. Initially, the repository had 17 to 31 critical and high vulnerabilities, but Snyk has helped manage them down to just five vulnerabilities, which are now lower and not high or critical.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The risk context of any vulnerability is a valuable feature; that is what it is used for and then data from different sources can be fed into it, and they have good dashboards, risk meters, and virtualization."
"The risk context of any vulnerability is a valuable feature."
"Based on all our products, including Snyk, we have seen a 50 percent reduction in the amount of time it takes to fix problems."
"We went from 15 vulnerabilities in it to four or five, and those four or five were un-upgradable and we were not affected by them."
"We use Snyk to check vulnerabilities and rectify potential leaks in GitHub."
"The solution's Open Source feature gives us notifications and suggestions regarding how to address vulnerabilities."
"The most valuable features are their GitLab and JIRA integrations. The GitLab integration lets us pull projects in pretty easily, so that it's pretty minimal for developers to get it set up. Using the JIRA integration, it's also pretty easy to get the information that is generated, as a result of that GitLab integration, back to our teams in a non-intrusive way and in a workflow that we are already using."
"Snyk performs software composition analysis (SCA) similar to other expensive tools."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"Our overall security has improved, we are running fewer severities and vulnerabilities in our packages, and we fixed a lot of the vulnerabilities that we didn't know were there."
 

Cons

"An improvement would be some sort of an integration with any GRC suite."
"The product could be improved by including other types of security scanning (e.g. SAST or DAST), which is important."
"We tried to integrate it into our software development environment but it went really badly. It took a lot of time and prevented the developers from using the IDE. Eventually, we didn't use it in the development area... I would like to see better integrations to help the developers get along better with the tool. And the plugin for the IDE is not so good. This is something we would like to have..."
"Basically the licensing costs are a little bit expensive."
"They were a couple of issues which happened because Snyk lacked some documentation on the integration side. Snyk is lacking a lot of documentation, and I would like to see them improve this. This is where we struggle a bit. For example, if something breaks, we can't figure out how to fix that issue. It may be a very simple thing, but because we don't have the proper documentation around an issue, it takes us a bit longer."
"All such tools should definitely improve the signatures in their database. Snyk is pretty new to the industry."
"A feature we would like to see is the ability to archive and store historical data, without actually deleting it. It's a problem because it throws my numbers off. When I'm looking at the dashboard's current vulnerabilities, it's not accurate."
"The way Snyk notifies if we have an issue, there are a few options: High vulnerability or medium vulnerability. The problem with that is high vulnerabilities are too broad, because there are too many. If you enable notifications, you get a lot of notifications, When you get many notifications, they become irrelevant because they're not specific. I would prefer to have control over the notifications and somehow decide if I want to get only exploitable vulnerabilities or get a specific score for a vulnerability. Right now, we receive too many high vulnerabilities. If we enable notifications, then we just get a lot of spam message. Therefore, we would like some type of filtering system to be built-in for the system to be more precise."
"The reporting mechanism of Snyk could improve. The reporting mechanism is available only on the higher level of license."
 

Pricing and Cost Advice

"I think the pricing is based on the number of endpoints, so it's more subscription-based."
"The price of the solution is expensive compared to other solutions."
"Their licensing model is fairly robust and scalable for our needs. I believe we have reached a reasonable agreement on the licensing to enable hundreds of developers to participate in this product offering. The solution is very tailored towards developers and its licensing model works well for us."
"For what Snyk offers, it has the best cost-benefit I have ever seen because you're buying the license per user."
"It's inexpensive and easy to license. It comes in standard package sizing, which is straightforward. This information is publicly found on their website."
"Pricing-wise, it is not expensive as compared to other tools. If you have a couple of licenses, you can scan a certain number of projects. It just needs to be attached to them."
"The product has good pricing."
"The pricing is reasonable."
"The pricing is acceptable, especially for enterprises. I don't think it's too much of a concern for our customers. Something like $99 per user is reasonable when the stakes are high."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
903,182 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Retailer
15%
Computer Software Company
14%
Financial Services Firm
10%
Construction Company
10%
Financial Services Firm
13%
Manufacturing Company
11%
Computer Software Company
10%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise10
Large Enterprise23
 

Questions from the Community

Ask a question
Earn 20 points
How does Snyk compare with SonarQube?
Snyk does a great job identifying and reducing vulnerabilities. This solution is fully automated and monitors 24/7 to find any issues reported on the internet. It will store dependencies that you a...
What needs improvement with Snyk?
There are a lot of false positives that need to be identified and separated. The inclusion of AI to remove false positives would be beneficial. So far, I've not seen any AI features to enhance vuln...
What is your primary use case for Snyk?
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
 

Also Known As

Kenna.VM, Kenna Security, Kenna, Kenna Security Platform
Fugue, Snyk AppRisk
 

Overview

 

Sample Customers

TransUnion
StartApp, Segment, Skyscanner, DigitalOcean, Comic Relief
Find out what your peers are saying about Qualys, Horizon3.ai, Tenable and others in Risk-Based Vulnerability Management. Updated: June 2026.
903,182 professionals have used our research since 2012.