Vulcan Cyber is recognized as one of two leaders in the Forrester Wave™: Vulnerability Risk Management

Vulcan Cyber has been recognized as one of two leaders in The Forrester Wave™: Vulnerability Risk Management, Q3 2023. Here's what it means.

Gal Gonen | September 21, 2023

Exciting news today for the cyber security and vulnerability management industry.

This week Forrester Research published The Forrester Wave™: Vulnerability Risk Management, Q3 2023 evaluation which is the first of its kind in more than four years. And we are very happy to report that Vulcan Cyber has been named one of two Leaders in this Forrester Wave. 

This blog post will provide our overview of the Forrester Wave evaluation, share what it means for converging cyber security and vulnerability management markets, and highlight a few of the findings from the research.

Download a complimentary copy of the Forrester Wave here.


What is the Forrester Wave?

The Forrester Wave is a research methodology and report format used by Forrester Research, a leading global research and advisory firm. It’s commonly employed to evaluate and compare various technology or service providers within a specific industry or market segment.

In a Forrester Wave report, Forrester analysts assess vendors based on a set of predefined criteria, often including factors like product features, market presence, strategy, and customer feedback. Vendors are then plotted on a graph, typically in a two-dimensional matrix, to visualize their relative strengths and weaknesses.

The Forrester Wave is a valuable resource for businesses and decision-makers looking to assess and compare potential technology or service providers in various industries.

The categories used in a Forrester Wave report are:


Companies that excel in their current offering and strategy are often considered the most influential and well-established in the market. Vulcan Cyber was named a leader in the Forrester Wave for Vulnerability Risk Management – more about this below.

Strong Performers

Vendors that have strong product offerings but may lag in other areas like market presence or strategy.


Companies with a strong market presence but who may need to improve their product offerings or strategy to compete effectively.


Vendors with solid product offerings but who may lack a significant market presence or strategic vision.


What is vulnerability risk management?

Vulnerability risk management has matured significantly over the years. Initially, many enterprises relied on vulnerability scanners to identify issues but often struggled to effectively address them, leading to blame games and inadequate responses when vulnerabilities persisted or resulted in breaches.

However, in 2018, Forrester advocated a shift towards a risk-based approach to vulnerability management. This approach aimed to address the overwhelming number of remediations by prioritizing them wisely, moving away from sole reliance on common vulnerability scoring system (CVSS) scores, which focused on technical severity.


The Q3 2023 Forrester Wave for Vulnerability Risk Management

The evaluation criteria used by Forrester to assess vendors in the field of Vulnerability Risk Management (VRM) are the current offering (the strength of a vendor’s current VRM solution), the strategy (a vendor’s strategic approach to VRM), and the market presence (the vendor’s prominence in the market).

The vendors included in this assessment must meet specific criteria, including having an enterprise-class VRM solution, offering a wide range of services for different types of assets (such as cloud, endpoint, and on-premises technologies), having recognition within Forrester’s network, etc.

Read the full report here >>

Where we believe Vulcan Cyber shines as a Leader in the Forrester Wave

Vulcan Cyber was one of 11 vendors evaluated in the Vulnerability Risk Management, Q3 2023 report. Out of these 11 companies, only two vendors were recognized as Leaders, one being Vulcan Cyber.

Forrester wave 2023 Vulnerability risk management Vulcan Cyber

Recognition of Vulcan Cyber as a Leader in this Forrester Wave is based on an extensive evaluation of 28 criteria grouped by Current Offering, Strategy, and Market Presence. Vulcan Cyber received the highest scores possible for the following criteria in the Current Offering category:

  • Time-to-value
  • Prioritization insights and customizations
  • Business contextualization
  • Remediation instructions
  • Out-of-the-box reporting
  • Exceptions

The Forrester Wave states, “Vulcan Cyber’s differentiator is considering vulnerability’s ripple effects across modern organizations: Today, information security team headcount remains static, but more business stakeholders own technology decisions and maintenance.

See the Vulcan Cyber platform >> 

Moreover, Vulcan Cyber also received the highest scores possible for “vision,” “innovation,” and “community” criteria within the “Strategy” category. 

The Forrester Wave states, “Vulcan Cyber’s differentiated and detailed vision is to democratize risk through self-service, no-code data ingestion, and AI data mapping.” 

Special thanks to Eric Nost and the Forrester analysts for their hard work and recognition.

In summary

Recognition as a Leader in the Forrester Wave for Vulnerability Risk Management category is a notable achievement for the Vulcan Cyber team.

Since 2018 the team has worked tirelessly to bring the vision of our founders, Yaniv Bar-Dayan, Tal Morgenstern, and Roy Horev, to life through (in our humble opinion) the best vulnerability risk management solution out there. As the traditional “vulnerability management” category matures, and vulnerabilities keep adding up, a “risk-based” approach is a necessity for cyber security teams responsible for managing and mitigating meaningful risk at scale.

As stated in the Forrester Wave, “Vulcan Cyber is a great fit for organizations that foresee technology ownership expanding throughout their business stakeholders.”

Learn more about how Vulcan Cyber can help you own your risk:

  1. Explore the platform and its unique capabilities
  2. Get a Vulcan Cyber demo
  3. Read valuable resources about vulnerability risk management 
  4. Try the free vulnerability prioritization tool – Vulcan Free
  5. See how Vulcan Cyber generated a notable vulnerability risk management ROI for a large enterprise

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy