Report Date: February 2010 Enterprises should define the scope and frequency of vulnerability scanning and the integration requirements first, and then select the best mix of delivery mechanisms (software, appliance, service, mix) before evaluating vulnerability assessment (VA) products. These products focus on discovering network nodes and identifying network-level vulnerabilities. While some vendors include some capabilities for discovering application-level vulnerabilities, network VA products are not substitutes for application-level vulnerability analysis products. Enterprises that cannot devote the staff resources to regularly use network VA products should focus on service offerings. Mentions: Beyond Security, Critical Watch, eEye, IBM, Lumension, McAfee, nCircle, Qualys, Rapid7, Saint, StillSecure, Tenable Network Security, Trustwave Free Download of Full Report Topics: Market Research, Competitive Analysis, Strategy, Market Intelligence