I use Tenable Vulnerability Management to scan the network, including servers and endpoints, to identify risks in our environment and provide mitigation and solutions. I also use it to assess our security posture through asset discovery and risk identification.
External reviews
128 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Streamlines vulnerability management with excellent reporting and potential AI integration
What is our primary use case?
What is most valuable?
Tenable is user-friendly and excels in reporting. It allows me to easily fetch and schedule reports. The software's discovery feature aids in strengthening our security posture. The single-sensor installation process on various operating systems is smooth, unlike Rapid7, which requires different versions for separate systems. Furthermore, Tenable enables vulnerability management through potential AI integration that consolidates efforts and resolves multiple vulnerabilities simultaneously.
What needs improvement?
AI integration for reporting in Tenable would be beneficial. The response time of Tenable's customer support needs improvement. They should also accelerate the process of implementing new features upon request.
For how long have I used the solution?
I have used Tenable Vulnerability Management for almost six to eight years.
What do I think about the stability of the solution?
I have faced no stability issues with Tenable. In comparison, Rapid7 encountered challenges with data transfer to the cloud, requiring us to compress packets to manage network hiccups.
What do I think about the scalability of the solution?
Both Tenable and Rapid7 are cloud-based solutions, which ensures excellent scalability. They can seamlessly scale the number of endpoints from 100 to 1,000,000 in a day.
How are customer service and support?
Technical support from Tenable is rated six out of ten. It needs improvement in response time and addressing feature requests promptly. Other services like Rapid7 are more responsive.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I used Rapid7, which is less expensive than Tenable. My preference now aligns with Tenable due to its superior user-friendliness and reporting capabilities, although some issues persist with installation complexity in various environments.
How was the initial setup?
The setup experience for Tenable Vulnerability Management is rated nine out of ten, indicating that it is relatively easy.
What about the implementation team?
Implementation involves coordination with internal network teams due to environmental complexities.
What's my experience with pricing, setup cost, and licensing?
Tenable is costly, priced significantly higher than Rapid7. For instance, Tenable charges around $40 per device, while Rapid7 costs $10 to $15 per device.
Which other solutions did I evaluate?
I evaluated Rapid7 alongside Tenable. Although Tenable has a higher cost, its user-friendly interface and robust reporting made it a preferred choice.
What other advice do I have?
I recommend Tenable Vulnerability Management for its comprehensive security capabilities and effective risk identification. However, potential users should be prepared for the higher expense compared to alternatives like Rapid7.
My rating is eight out of ten, mainly due to the support aspect needing improvement.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Efficient risk management enhances asset visibility and security
What is our primary use case?
I use it to scan assets to evaluate vulnerabilities, define the risk, and create a resolution process for vulnerability management.
How has it helped my organization?
It has greatly impacted us by providing asset visibility, allowing us to know which assets have higher vulnerabilities and to calculate the risk for them.
The return on investments is adequate since we need this vulnerability management, and without Tenable, visibility was not possible. It saved us time and improved our security.
What is most valuable?
The most useful feature in managing vulnerabilities is risk management.
What needs improvement?
It needs additional reporting and intelligence features, as well as enhancements in AI-driven detection, which is still in its early stages.
For how long have I used the solution?
I have been working with Tenable Vulnerability Management for six years.
How are customer service and support?
The technical support is fast and efficient, and I am satisfied with it. I would rate their support nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I worked with Qualys before Tenable. I find Tenable to be better due to its broader system coverage, better efficiency on discovery, and better capabilities of analysis.
How was the initial setup?
If you have knowledge of networking and security, the initial setup is easy. If you don't, it can be difficult and you might make dangerous mistakes.
What was our ROI?
The return of investments is good enough as vulnerability management is crucial for us.
What's my experience with pricing, setup cost, and licensing?
The pricing is expensive, and the cost depends on the number of assets. However, the cost is not the most important thing due to the value it provides.
Which other solutions did I evaluate?
I evaluated Qualys before using Tenable.
What other advice do I have?
Small companies might find it difficult because of the knowledge required to drive vulnerability management successfully. If you lack that knowledge, you should contract the service.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Great interface and plugins w/ only minor issues
What do you like best about the product?
The easy to use interface makes exploring known and discovered vulnerabilities fairly painless. The fact that the solution to exploits is listed right next to the vulnerability overview, it makes remediation a lot easier.
The number of plugins covers a wide variety of systems and possible exploits.
SAML / SCIM integration is another plus and was fairly easy to setup.
Implementation of scanning via its Nessus agents was a breeze.
The number of plugins covers a wide variety of systems and possible exploits.
SAML / SCIM integration is another plus and was fairly easy to setup.
Implementation of scanning via its Nessus agents was a breeze.
What do you dislike about the product?
The plugin manager could use some work. There are often several plugins that do the same thing or just plugins that do not provide the functionality that they claim.
Additionally, some of the exploits that are not exploitable and can cause false positives. For example if I have a HTTPS exploit on a version of a router / switches firmware, but HTTPS management is turned off and only SSH management is used, then that exploit does not need to be listed as high.
Additionally, some of the exploits that are not exploitable and can cause false positives. For example if I have a HTTPS exploit on a version of a router / switches firmware, but HTTPS management is turned off and only SSH management is used, then that exploit does not need to be listed as high.
What problems is the product solving and how is that benefiting you?
Provides vulnerability insights for servers and user endpoints with a fairly lightweight agent.
The ability to do very targeted scans of specific vulnerabilities throughout an organizaiton or on just one specific machine is very helpful.
The ability to do very targeted scans of specific vulnerabilities throughout an organizaiton or on just one specific machine is very helpful.
A baseline for cyber security
What do you like best about the product?
Scheduleling the scans is very helpful in that you can then have those results sent to your email. Report fatigue and email fatigue are real things but with the simplified email at a quick glance you can tell if you need to dive deeper or just review at the standard time.
What do you dislike about the product?
They could be better about some of the mitigation information, I understand that it must be a huge task but would be really helpful to have.
What problems is the product solving and how is that benefiting you?
Staying ahead of issues that I have public facing before they become an issue.
Provides seamlessness, a perfect UI, and identity management for office operations
What is our primary use case?
We use the Tenable Vulnerability Management solution for internal web applications, asset management, and remediation. It helps us transfer and leverage the remediation of websites, effectively addressing vulnerabilities.
How has it helped my organization?
We need to deploy this on internal assets. It resides within the internal infrastructure and communication.
It encompasses everything at some point. From development to deployment, it receives the necessary attention.
What is most valuable?
The solution provides seamlessness, a perfect UI, and identity management for office operations. We are most vulnerable to users. Therefore, it is crucial to implement the right solution to ensure proper user access and resource management.
For how long have I used the solution?
I have been using Tenable Vulnerability Management for 4 years.
What do I think about the scalability of the solution?
200 users are using this solution.
Which solution did I use previously and why did I switch?
We have used Qualys. It is tricky and expensive.
How was the initial setup?
The initial setup is seamless and takes three days to complete. Two people are required for the deployment but one person can do as well.
What other advice do I have?
This process is seamless because checks are scheduled at different intervals, typically every ten minutes. Once a log is generated, we attend to it immediately. Also, the maintenance is straightforward.
Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Discovers vulnerabilities and integrates well with other solutions
How has it helped my organization?
Before, we built the assets on Tenable.sc and scanned them for asset discovery. Now, we are deploying Nessus Agent into all the machines. We have written the script, which is automatically deployed on the VM or the cloud. Previously, we could not identify the workstations that were offline for a certain period. With Nessus Agent, we don't have that problem. It increases our efficiency.
What is most valuable?
Nessus Agent is the best feature. When we scan the environment, the vulnerabilities are discovered. The integration of Tenable into our security ecosystem was very good. There were no complications. We integrated it with different tools like ServiceNow and SharePoint.
What needs improvement?
I'm not satisfied with the reporting structure. We cannot do much customization. We can do it in Tenable.sc. We need to maintain two different solutions. We need the on-premise tool for reporting purposes. We would like to have it all as a SaaS-based solution.
If we need to check for a zero-day vulnerability, we must run the scans manually to get the information. It is time-consuming. We need to do a traditional scan regularly to get zero-day information. It would be great if the zero-day vulnerabilities were published.
The reporting capabilities for compliance are bad. I can get the compliance reporting on certain cases, but it is not detailed. We do not have a clear understanding of the Cyber Exposure Score. I am unable to drill down and understand the Cyber Exposure Score.
What do I think about the stability of the solution?
I rate the tool’s stability an eight out of ten.
What do I think about the scalability of the solution?
I rate the tool’s scalability a seven out of ten.
How are customer service and support?
The customer service is good. The support team is very responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we used Qualys for vulnerability scanning. However, we switched to Tenable because we felt that Tenable was the best solution for our organization’s requirements. We also use Tenable.sc, Tenable.io, and Tenable’s Cloud Security Posture Management.
How was the initial setup?
The setup is not straightforward. We need to apply the filters. We can get the Cyber Exposure Score displayed on the document. However, we cannot get a deeper understanding of what makes the score high or low.
What's my experience with pricing, setup cost, and licensing?
The product costs us around $137,000 annually for 4000 to 5000 assets.
What other advice do I have?
We use a third-party tool to initiate scans. I don't know whether there is a way to monitor it in real-time. I will recommend the tool to others. Overall, I rate the product an eight out of ten.
An easy-to-manage solution to gain visibility into all IPs
What is our primary use case?
The product operates on a license-based model, where you purchase a license based on the number of IP addresses you intend to scan. For example, if you purchase a license for 50 IP addresses and your network has 200 users, it will only scan for those 50 IPs. You can gain visibility into all IPs within your environment, including subnets with a full license. Also, you can geographically segment your scanning targets based on the number of IPs allocated for each location.
How has it helped my organization?
The product is very friendly. It is easy to manage. Most of the information the tool provided was correct and helped to further investigate the vulnerability and its impact.
What is most valuable?
The most important feature is network scanning.
What needs improvement?
The solution’s pricing could be improved.
For how long have I used the solution?
I have been using Tenable Vulnerability Management for one year.
What do I think about the stability of the solution?
I rate the solution’s stability an eight out of ten.
What do I think about the scalability of the solution?
The solution is very scalable. It allows you to adjust according to your needs. You can add more features if you wish to purchase additional tools.
How was the initial setup?
The initial setup is very easy. To deploy, run the setup command, and then it can deploy on your Linux and Windows platforms. I did it by myself.
What's my experience with pricing, setup cost, and licensing?
The product is expensive but manageable.
What other advice do I have?
I recommend the solution. Although, it varies from person to person experience. Rapid7 users can use free tools. I'm very satisfied with the product.
Overall, I rate the solution an eight out of ten.
An easy-to-use and stable solution that helps organizations to find vulnerabilities in their systems
What is our primary use case?
We use the tool to find loopholes in the system.
What is most valuable?
The product fulfills our needs. It gives reports and finds vulnerabilities in our system. The product is easy to use. It is easy to integrate the tool with other products.
What needs improvement?
The solution must be promoted more in the market. It will make the customers more aware of the product.
For how long have I used the solution?
My organization has been using the solution for a month.
What do I think about the stability of the solution?
The tool is stable.
What do I think about the scalability of the solution?
Around 20 people use the product in our organization. We have one to three administrators. We are most likely to increase the usage of the product in the future.
How was the initial setup?
It was easy to deploy the solution.
What's my experience with pricing, setup cost, and licensing?
The tool is reasonably priced. There are no additional costs associated with the product.
What other advice do I have?
I have known the product for some time. So, I implemented it. Overall, I rate the solution an eight out of ten.
A stable and user-friendly solution that is easy to setup
What is most valuable?
The solution is quite friendly.
What needs improvement?
Users get confused between VPR and CVSS ratings.
What do I think about the stability of the solution?
I would rate the tool's stability an eight out of ten.
What do I think about the scalability of the solution?
I would rate the solution's scalability an eight out of ten. We have around 1000 users for the product. We plan to increase the tool's usage in the future.
Which solution did I use previously and why did I switch?
I have used Nessus before Tenable. We switched to Tenable since it covered the problem for us.
How was the initial setup?
The product's setup is very easy and the deployment took six months to complete.
What about the implementation team?
We relied on a third-party vendor to complete the tool's deployment.
What other advice do I have?
The tool is easy to use and user-friendly and I would rate it an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Tenable Is The Industry Standard for Vulnerability Management Scanning
What do you like best about the product?
Tenable can scan all endpoints, including servers, workstations, network appliances, web applications, any OS.
What do you dislike about the product?
Sometimes scanning profiles aren't updated as frequently as I would like.
What problems is the product solving and how is that benefiting you?
Overview of assets and their security posture
showing 1 - 10