Regarding the continuous monitoring feature of Tenable Vulnerability Management, it is not exactly continuous monitoring we get from Tenable. It is used only on the market, where we scan it. We have a scheduled scan for all the servers, so we are not using it for any monitoring at present.

Tenable's advanced analytics and reporting features give very detailed reports where we get most of the information about vulnerabilities. That is one plus point. For example, with 2,000 servers, when we want to calculate the percentage of vulnerabilities that have appeared, it gives us very useful insights. While analyzing, it is one of the greatest tools because the results it produces as outputs scan the networks and each device in an organization.

We have purchased Tenable Vulnerability Management via AWS Marketplace.

The main benefit of integration with Tenable Vulnerability Management is that there will be no lack of missing vulnerabilities when it comes to the patching environment. That is one of the key aspects of why we have integrated Tenable to our patching tools. It has a vast capacity of pushing the data to our tools due to its capability and compatibility. That is also one of the reasons why we are using Tenable Vulnerability Management.

While the agents are very lightweight, when it comes to real-time analysis, there will be significant lagging on the servers and too much traffic on the network. When any server detects vulnerability while scanning, the reports take time to analyze by itself. That is one of the drawbacks of Tenable Vulnerability Management.

Scalability is very important for us because of the lightweight agents. That is the main key feature where for installing, they have many options for scaling to multiple servers. If we need to install it on 500 machines tomorrow, we can push it in different ways. It is highly scalable and very user-friendly when it comes to scalability.

The technical support of Tenable Vulnerability Management is available 24/7, and whenever we require support, we can get it within five minutes. Regarding technicality, they deserve a nine out of ten. They are highly technical people. I have communicated with more than 20 to 25 technical engineers. They take every question seriously and help us resolve issues. They have a very strong technical team to support customers.

Positive

I rate Tenable Vulnerability Management nine out of ten based on my experience. This rating is due to its stability and high scalability. The best part is the solutions they provide for any vulnerability.

My experience is with Tenable Vulnerability Management, specifically regarding vulnerability management.

My particular use case for Tenable Vulnerability Management is vulnerability management, benchmark scanning, and I'm somewhat familiar with their product line, utilizing the CIS benchmarks and DISA STIG benchmarks.

Tenable Vulnerability Management is the backbone of our vulnerability management and has affected my organization positively.

The best features of Tenable Vulnerability Management are flexibility, breadth and scope, and the fact that their current vulnerabilities come out, and they have tests for them within a day or two.

Operationally, Tenable Vulnerability Management finds issues that would otherwise be missed, but I don't have an ROI.

The impact of Tenable's analytic capabilities shows that our other programs are working in our prioritization process.

I don't think I have any additional features to add for improvement, as Tenable Vulnerability Management does a pretty good job of what it does.

My pain points would have been on the internal side of lining assets up to owners, and that's not something that Tenable Vulnerability Management can help me with.

I have no suggestions for where they could do better.

I have one year of experience with Tenable Vulnerability Management.

Tenable Vulnerability Management is stable.

Tenable Vulnerability Management's scalability is fantastic.

I would evaluate Tenable Vulnerability Management's customer service and technical support as average.

I would rate them a seven on a scale from 1 to 10, with 10 being the best and 1 the worst.

Positive

I have not personally used a different vulnerability management solution.

The initial setup was pretty straightforward.

I made it my own, and the initial setup was done by Address Block, which I tied to elements in the CMDB.

I wasn't party to the comparison or purchasing, so I'm not completely sure.

I am unaware of the pricing, setup costs, or licensing details for Tenable Vulnerability Management.

I don't know why we switched to Tenable Vulnerability Management for vulnerability management, but my assumption is that it is the first solution they tried and we've been happy with it since.

I have used Tenable Vulnerability Management's reporting features to a lesser degree.

The metrics I track for decision-making include what systems need upgrading, what software needs replacing, and whether or not we can hold off on things, accept some risks, and get other risks resolved.

They have cloud scanners that are effectively point and click, and although I'm not sure if it's an extra licensing, we also have an on-prem scanner, which is a virtual appliance that I can download and put in place.

The data that we pull from Tenable Vulnerability Management is the data that we drive and use for decision-making, although we don't use that visibility extensively. I don't utilize the real-time visibility with Tenable Vulnerability Management.

On a scale of 1-10, I rate Tenable Vulnerability Management a 9.

We don't have a specific use case. My primary purpose for using Tenable is to conduct survivability tests, mainly to determine whether the system crashes, particularly when subjected to DOS attacks. I do not use it for more than that because, for other aspects, we have manual VAPT procedures in place.

Currently, I have only used Tenable for DOS attack-related purposes and thus, I am not fully acquainted with its other features. However, it provides survivability benefits. It helps me understand if the system is capable of withstanding certain levels of stress. Though it's not core technical security testing, it provides us with survivability insights.

I would suggest HP WebInspect as a better option than Tenable.io. My current client doesn't have access to it. However, from my experience, HPE WebInspect provides more extensive reports and detailed information about all findings. The count and type of findings are also more specific with HPE WebInspect. On the other hand, Tenable is not as deep or as comprehensive in covering vulnerability types. They could incorporate software composition analysis (SCA), which would be a beneficial addition. If they venture into the SaaS market, more thoughts can be shared. But currently, they are not.

I have used the solution for around one and a half years.

The stability is commendable, and I would rate Tenable ten out of ten. I have no concerns.

I do not have any contact with Tenable. I have been using it as a regular user.

Neutral

The setup process is quite simple.

It was set up by someone else, and I am not aware of who did it. I am just utilizing it.

I would recommend HP WebInspect, having used it for around two and a half years. It offers both cloud and standalone versions, both of which are fantastic. It is applicable for both legacy applications and the latest applications in the market. HP WebInspect features extensive libraries and recursive methods to traverse everything, which I find really impressive.

I would rate it four out of ten. For startups, freelancers, or companies between startup and midsize, Tenable is recommended. However, for midsize or enterprise-level companies, I would not prefer it. We use it because the client suggested it. Otherwise, my preferences might differ. The type of application matters, too. For new applications, such as those based on Node.js, Tenable could be a good option. However, for legacy technologies with complex databases, newer systems like Tenable are not recommended. If the budget allows, HP WebInspect is preferable. Budget considerations are as important as choosing the right technology. If limited by budget, Tenable is a viable option for new, growing companies, but not for enterprises. Overall, I rate the solution four out of ten.

I use Tenable Vulnerability Management to scan the network, including servers and endpoints, to identify risks in our environment and provide mitigation and solutions. I also use it to assess our security posture through asset discovery and risk identification.

Tenable is user-friendly and excels in reporting. It allows me to easily fetch and schedule reports. The software's discovery feature aids in strengthening our security posture. The single-sensor installation process on various operating systems is smooth, unlike Rapid7, which requires different versions for separate systems. Furthermore, Tenable enables vulnerability management through potential AI integration that consolidates efforts and resolves multiple vulnerabilities simultaneously.

AI integration for reporting in Tenable would be beneficial. The response time of Tenable's customer support needs improvement. They should also accelerate the process of implementing new features upon request.

I have used Tenable Vulnerability Management for almost six to eight years.

I have faced no stability issues with Tenable. In comparison, Rapid7 encountered challenges with data transfer to the cloud, requiring us to compress packets to manage network hiccups.

Both Tenable and Rapid7 are cloud-based solutions, which ensures excellent scalability. They can seamlessly scale the number of endpoints from 100 to 1,000,000 in a day.

Technical support from Tenable is rated six out of ten. It needs improvement in response time and addressing feature requests promptly. Other services like Rapid7 are more responsive.

Neutral

I used Rapid7, which is less expensive than Tenable. My preference now aligns with Tenable due to its superior user-friendliness and reporting capabilities, although some issues persist with installation complexity in various environments.

The setup experience for Tenable Vulnerability Management is rated nine out of ten, indicating that it is relatively easy.

Implementation involves coordination with internal network teams due to environmental complexities.

Tenable is costly, priced significantly higher than Rapid7. For instance, Tenable charges around $40 per device, while Rapid7 costs $10 to $15 per device.

I evaluated Rapid7 alongside Tenable. Although Tenable has a higher cost, its user-friendly interface and robust reporting made it a preferred choice.

I recommend Tenable Vulnerability Management for its comprehensive security capabilities and effective risk identification. However, potential users should be prepared for the higher expense compared to alternatives like Rapid7. 

My rating is eight out of ten, mainly due to the support aspect needing improvement.

I use it to scan assets to evaluate vulnerabilities, define the risk, and create a resolution process for vulnerability management.

It has greatly impacted us by providing asset visibility, allowing us to know which assets have higher vulnerabilities and to calculate the risk for them. 

The return on investments is adequate since we need this vulnerability management, and without Tenable, visibility was not possible. It saved us time and improved our security.

The most useful feature in managing vulnerabilities is risk management.

It needs additional reporting and intelligence features, as well as enhancements in AI-driven detection, which is still in its early stages.

I have been working with Tenable Vulnerability Management for six years.

The technical support is fast and efficient, and I am satisfied with it. I would rate their support nine out of ten.

Positive

I worked with Qualys before Tenable. I find Tenable to be better due to its broader system coverage, better efficiency on discovery, and better capabilities of analysis.

If you have knowledge of networking and security, the initial setup is easy. If you don't, it can be difficult and you might make dangerous mistakes.

The return of investments is good enough as vulnerability management is crucial for us.

The pricing is expensive, and the cost depends on the number of assets. However, the cost is not the most important thing due to the value it provides.

I evaluated Qualys before using Tenable.

Small companies might find it difficult because of the knowledge required to drive vulnerability management successfully. If you lack that knowledge, you should contract the service.

I'd rate the solution eight out of ten.

The solution is used for the vulnerability assessment of the network infrastructure.

The solution finds vulnerabilities, anomalies, and threats. Tenable has basic and ad hoc scanning features. The tool schedules scans for continuous monitoring. The main advantage of the solution is that it assesses the vulnerabilities and provides a CVE score. Reporting is very easy. The management dashboard is very easy. The tool has an easy-to-use interface. It is easy to implement the product.

The product is a bit expensive.

I have been using the solution for 7 years.

The solution is stable.

The solution is scalable up to a certain point. I rate the scalability a seven to eight out of ten. Our customers are medium to large businesses.

The support is very good.

Positive

The configuration is easy. My engineers can work on it seamlessly. The deployment of the basic solution does not take more than four to eight hours. We need one or two persons to deploy and maintain the product. There are no other challenges if we have the network and can access the IPs.

The product impacts our client's operational cost related to vulnerability management in a good way. It automates a few things and saves the engineers' costs.

I rate the pricing a seven out of ten.

We are resellers. The solution is easy to implement. It has an easy-to-use interface, enabling organizations to go faster to market. Overall, I rate the product a nine out of ten.

The tool's reports are bad. They're not very customizable or flexible. During audits, we often have to exclude things that aren't relevant to our organization, but we can't do that easily with the reports. They come in HTML or PDF format, and we can't compare current results with previous ones in Excel because we never receive reports in Excel.

I have been using the product for a year, and my organization has been using it for six to seven years. 

Tenable Vulnerability Management is stable. 

I rate the tool's scalability a seven out of ten. 

The solution's support is okay, but it could be more customer-friendly. The people providing support have knowledge, but they could improve customer interaction.

The tool's deployment can be challenging, especially for those unfamiliar with Kali Linux, as it operates on this platform. This might make the setup process difficult for users accustomed to other operating systems like Windows. It may take a couple of tries to get comfortable with the process. However, once you have set it up a few times, it becomes easier.

Sometimes, we use the tool for tasks like configuration and running scans. However, it's a bit difficult to use compared to Qualys. One issue we've noticed is that it takes up a lot of space, which customers often complain about. They promised more system coverage and updates, but it isn't happening.

I rate Tenable Vulnerability Management a seven out of ten. It might be challenging if you're used to working on Windows. However, it's a recommended tool for penetration testers because it's effective for that purpose.

We use it for audit and PT. 

We use the Tenable Vulnerability Management solution for internal web applications, asset management, and remediation. It helps us transfer and leverage the remediation of websites, effectively addressing vulnerabilities.

We need to deploy this on internal assets. It resides within the internal infrastructure and communication.

It encompasses everything at some point. From development to deployment, it receives the necessary attention. 

The solution provides seamlessness, a perfect UI, and identity management for office operations. We are most vulnerable to users. Therefore, it is crucial to implement the right solution to ensure proper user access and resource management.

I have been using Tenable Vulnerability Management for 4 years.

200 users are using this solution.

We have used Qualys. It is tricky and expensive.

The initial setup is seamless and takes three days to complete. Two people are required for the deployment but one person can do as well.

This process is seamless because checks are scheduled at different intervals, typically every ten minutes. Once a log is generated, we attend to it immediately. Also, the maintenance is straightforward.

Overall, I rate the solution an eight out of ten.

Before, we built the assets on Tenable.sc and scanned them for asset discovery. Now, we are deploying Nessus Agent into all the machines. We have written the script, which is automatically deployed on the VM or the cloud. Previously, we could not identify the workstations that were offline for a certain period. With Nessus Agent, we don't have that problem. It increases our efficiency.

Nessus Agent is the best feature. When we scan the environment, the vulnerabilities are discovered. The integration of Tenable into our security ecosystem was very good. There were no complications. We integrated it with different tools like ServiceNow and SharePoint.

I'm not satisfied with the reporting structure. We cannot do much customization. We can do it in Tenable.sc. We need to maintain two different solutions. We need the on-premise tool for reporting purposes. We would like to have it all as a SaaS-based solution.

If we need to check for a zero-day vulnerability, we must run the scans manually to get the information. It is time-consuming. We need to do a traditional scan regularly to get zero-day information. It would be great if the zero-day vulnerabilities were published.

The reporting capabilities for compliance are bad. I can get the compliance reporting on certain cases, but it is not detailed. We do not have a clear understanding of the Cyber Exposure Score. I am unable to drill down and understand the Cyber Exposure Score.

I rate the tool’s stability an eight out of ten.

I rate the tool’s scalability a seven out of ten.

The customer service is good. The support team is very responsive.

Positive

Previously, we used Qualys for vulnerability scanning. However, we switched to Tenable because we felt that Tenable was the best solution for our organization’s requirements. We also use Tenable.sc, Tenable.io, and Tenable’s Cloud Security Posture Management.

The setup is not straightforward. We need to apply the filters. We can get the Cyber Exposure Score displayed on the document. However, we cannot get a deeper understanding of what makes the score high or low.

The product costs us around $137,000 annually for 4000 to 5000 assets.

We use a third-party tool to initiate scans. I don't know whether there is a way to monitor it in real-time. I will recommend the tool to others. Overall, I rate the product an eight out of ten.

The product operates on a license-based model, where you purchase a license based on the number of IP addresses you intend to scan. For example, if you purchase a license for 50 IP addresses and your network has 200 users, it will only scan for those 50 IPs. You can gain visibility into all IPs within your environment, including subnets with a full license. Also, you can geographically segment your scanning targets based on the number of IPs allocated for each location.

The product is very friendly. It is easy to manage. Most of the information the tool provided was correct and helped to further investigate the vulnerability and its impact.

The most important feature is network scanning.

The solution’s pricing could be improved.

I have been using Tenable Vulnerability Management for one year.

I rate the solution’s stability an eight out of ten.

The solution is very scalable. It allows you to adjust according to your needs. You can add more features if you wish to purchase additional tools.

The initial setup is very easy. To deploy, run the setup command, and then it can deploy on your Linux and Windows platforms. I did it by myself.

The product is expensive but manageable.

I recommend the solution. Although, it varies from person to person experience. Rapid7 users can use free tools. I'm very satisfied with the product.

Overall, I rate the solution an eight out of ten.