@Ross Hendrickson I can't tell if your question is rhetorical, I know I need to do my own research to assess suitability; I'm just looking for success stories to narrow the list. We have a SaaS offering in Azure with lots of public-facing interfaces that presently use Front Door/Azure WAF. I'm finding it limiting, both for reporting and analysis and for rapid response, so I'm seeing whether there's a better choice that would ease the overhead and pain of incident response. We are a SOC2 compliant and are working towards IEEE-whatever certification soon. We have more money than person-time at the moment, and want the best solution to minimize overhead, both in cost and person time.

May or may not be why Ross asked the questions but this is a primer that may help explain why context matters for VM tool selection (not an endorsement in any way of the vendor). I’d add the value of VM tools vary widely depending on the org structure and tech landscape you are introducing them into. For larger and decentralised tech orgs, distributing, monitoring and continuously improving vuln discovery, remediation can get very challenging and some tools help more than others with that problem.

Was more of a wanting to give a better answer / opinion that reflects your current context. More details lead to better answers and recommendations imho.