Update pricing-features-table.yml for vm features (#15969)

1st pass of features important to the vulnerability management scenario --------- Co-authored-by: Sam Pfluger <108141731+Sampfluger88@users.noreply.github.com>
2026-05-23 17:08:53 +00:00 · 2024-01-18 12:36:59 -08:00 · 2024-01-18 12:36:59 -08:00 · e4de411d63
commit e4de411d63
parent fa6627ace9
1 changed files with 54 additions and 26 deletions
--- a/handbook/company/pricing-features-table.yml
+++ b/handbook/company/pricing-features-table.yml
@ -730,11 +730,15 @@
  pricingTableCategories: [Endpoint operations]
  usualDepartment: IT
  tier: Premium
- industryName: Detect vulnerable software #TODO: find a better industryName and make this the friendly name. Maybe separate out export.
-  tier: Free
-  usualDepartment: Security
+#   ╦═╗╦╔═╗╦╔═   ╔╗ ╔═╗╔═╗╔═╗╔╦╗  ╦  ╦╦ ╦╦  ╔╗╔╔═╗╦═╗╔═╗╔╗ ╦╦  ╦╔╦╗╦ ╦  ╔╦╗╔═╗╔╗╔╔═╗╔═╗╔═╗╔╦╗╔═╗╔╗╔╔╦╗
+#   ╠╦╝║╚═╗╠╩╗───╠╩╗╠═╣╚═╗║╣  ║║  ╚╗╔╝║ ║║  ║║║║╣ ╠╦╝╠═╣╠╩╗║║  ║ ║ ╚╦╝  ║║║╠═╣║║║╠═╣║ ╦║╣ ║║║║╣ ║║║ ║ 
+#   ╩╚═╩╚═╝╩ ╩   ╚═╝╩ ╩╚═╝╚═╝═╩╝   ╚╝ ╚═╝╩═╝╝╚╝╚═╝╩╚═╩ ╩╚═╝╩╩═╝╩ ╩  ╩   ╩ ╩╩ ╩╝╚╝╩ ╩╚═╝╚═╝╩ ╩╚═╝╝╚╝ ╩
+- industryName: Risk-based vulnerability management
+  friendlyName: Detect vulnerable software
  productCategories: [Vulnerability management]
  pricingTableCategories: [Vulnerability management]
+  usualDepartment: Security
+  tier: Free
  demos:
    - description: A top gaming company wanted to replace Qualys for infrastructure vulnerability detection.
      quote: So we have some stuff today through Qualys, but it's just not very good. A lot of it is...it's just really noisy.  I'm trying to find out specifically, actually what packages are installed where, and then the ability to live query them.
@ -742,6 +746,53 @@
  waysToUse:
    - description: Email relevant, actually-installed vulnerabilities to responsible teams so they can fix them.
      moreInfoUrl: https://docs.google.com/document/d/1oeCmT077o_5nxzLhnxs7kcg_4Qn1Pn1F5zx10nQOAp8/edit
+#  ╦  ╦╦ ╦╦  ╔╗╔╔═╗╦═╗╔═╗╔╗ ╦╦  ╦╔╦╗╦ ╦  ╔╦╗╔═╗╔═╗╦ ╦╔╗ ╔═╗╔═╗╦═╗╔╦╗
+#  ╚╗╔╝║ ║║  ║║║║╣ ╠╦╝╠═╣╠╩╗║║  ║ ║ ╚╦╝   ║║╠═╣╚═╗╠═╣╠╩╗║ ║╠═╣╠╦╝ ║║
+#   ╚╝ ╚═╝╩═╝╝╚╝╚═╝╩╚═╩ ╩╚═╝╩╩═╝╩ ╩  ╩   ═╩╝╩ ╩╚═╝╩ ╩╚═╝╚═╝╩ ╩╩╚══╩╝
+- industryName: OT/ICS compliance and cyber risk visibility 
+  friendlyName: Vulnerability dashboard
+  productCategories: [Vulnerability management]
+  pricingTableCategories: [Vulnerability management]
+  usualDepartment: Security
+  tier: Premium
+  demos:
+    - description: 
+      moreInfoUrl: 
+  waysToUse:
+    - description: Easily communicate to executives regarding the progress of patching vulnerable software. Only show vulnerabilities that you care about. Coming soon (2024-03-31) #Customer-faltona and customer-rialto
+#  ╦  ╦╦ ╦╦  ╔╗╔╔═╗╦═╗╔═╗╔╗ ╦╦  ╦╔╦╗╦ ╦  ╔═╗╔═╗╔═╗╦═╗╔═╗╔═╗       ╔═╗╔═╗╔═╗╔═╗  ╔═╗╔╗╔╔╦╗  ╔═╗╦  ╦╔═╗╔═╗
+#  ╚╗╔╝║ ║║  ║║║║╣ ╠╦╝╠═╣╠╩╗║║  ║ ║ ╚╦╝  ╚═╗║  ║ ║╠╦╝║╣ ╚═╗  ───  ║╣ ╠═╝╚═╗╚═╗  ╠═╣║║║ ║║  ║  ╚╗╔╝╚═╗╚═╗
+#   ╚╝ ╚═╝╩═╝╝╚╝╚═╝╩╚═╩ ╩╚═╝╩╩═╝╩ ╩  ╩   ╚═╝╚═╝╚═╝╩╚═╚═╝╚═╝       ╚═╝╩  ╚═╝╚═╝  ╩ ╩╝╚╝═╩╝  ╚═╝ ╚╝ ╚═╝╚═╝
+- industryName: Vulnerability scores (EPSS and CVSS) 
+  tier: Premium
+  usualDepartment: Security
+  productCategories: [Vulnerability management]
+  pricingTableCategories: [Vulnerability management]
+  buzzwords: [Risk scores,Cyber risk,Risk reduction,Security operations effectiveness,Peer benchmarking,Security program effectiveness,Risk-based exposure scoring,Threat context,Cyber exposure,Exposure quantification and benchmarking,Optimize security investments,Vulnerability assessment]
+  demos:
+    - description: Fleet enables a more modern, threat-first prioritization approach to vulnerability management.
+      quote: In reality, across our inventory of devices, it's unlikely to ever be exploited. I'd rather do that legwork on my team and then go and ask and prioritize work on these infrastructure teams that are already busy with things that could or could not be vulnerable. Being able to be more exact allows us to go to these teams less, which saves everybody time.
+      moreInfoUrl: https://www.youtube.com/watch?v=G5Ry_vQPaYc&t=131s
+  waysToUse:
+    - description: By leveraging EPSS (Exploit Prediction Scoring System), security professionals gain insight on the true risk behind rated CVEs. 
+    - description: An Introduction to EPSS, The Exploit Prediction Scoring System
+    - moreInfoUrl: https://www.youtube.com/watch?v=vw1RlZCSRcQ
+    - description: By extracting metadata from the National Vulnerability Database (NVD), we can determine which version of software is no longer vulnerable. 
+#  ╔═╗╦╔═╗╔═╗  ╦╔═╔═╗╦  ╦╔═╗
+#  ║  ║╚═╗╠═╣  ╠╩╗║╣ ╚╗╔╝╚═╗
+#  ╚═╝╩╚═╝╩ ╩  ╩ ╩╚═╝ ╚╝ ╚═╝
+- industryName: CISA KEVs (known exploited vulnerabilities) 
+  tier: Premium
+  usualDepartment: Security
+  productCategories: [Vulnerability management]
+  pricingTableCategories: [Vulnerability management]
+  demos:
+    - description: 
+      moreInfoUrl:
+  waysToUse:
+    - description: Help teams work on vulnerabilities that have actually been exploited (CISA KEVs) or have a high probability of being exploited (EPSS), or whatever is important in your environment.
+    - description: Use CISA KEVs for vulnerability management
+    - moreInfoUrl: https://www.youtube.com/watch?v=Z3mw2oxssYk
 - industryName: Query performance monitoring
  tier: Free
  productCategories: [Endpoint operations]
@ -760,35 +811,12 @@
  pricingTableCategories: [Endpoint operations]
  usualDepartment: IT
  tier: Free
- industryName: Vulnerability dashboard
-  productCategories: [Vulnerability management]
-  pricingTableCategories: [Vulnerability management]
-  usualDepartment: Security
-  tier: Premium
-  comingSoonOn: 2024-03-31
-  waysToUse:
-    - description: Only show vulnerabilities that you care about. Coming soon (2024-03-31) #Customer-faltona and customer-rialto
 - industryName: Policy scoring
  friendlyName: Mark policies as critical
  productCategories: [Endpoint operations,Device management]
  pricingTableCategories: [Endpoint operations]
  usualDepartment: IT
  tier: Premium
- industryName: Vulnerability scores (EPSS and CVSS) #TODO: Incorporate this perspective: https://github.com/fleetdm/confidential/issues/4120#issuecomment-1802350614
-  tier: Premium
-  usualDepartment: Security
-  productCategories: [Vulnerability management]
-  pricingTableCategories: [Vulnerability management]
- industryName: CISA KEVs (known exploited vulnerabilities) #TODO: Incorporate this perspective: https://github.com/fleetdm/confidential/issues/4120#issuecomment-1802350614
-  tier: Premium
-  usualDepartment: Security
-  productCategories: [Vulnerability management]
-  pricingTableCategories: [Vulnerability management]
- industryName: Patched version #Can be determined using description from National Vulnerability Database (NVD). Description tells you which versions are affected.
-  tier: Premium
-  usualDepartment: Security
-  productCategories: [Vulnerability management]
-  pricingTableCategories: [Vulnerability management]
 - industryName: Flexible log destinations (AWS Kinesis, Lambda, GCP, Kafka)
  tier: Free
  usualDepartment: Security