Tenable Security Center Reviews

It's a management tool. We are more scalable with the Tenable.io product. They are a security vendor with more than one cloud level. Now there are multiple products in my area.

It adheres to advanced security standards. It's mostly geared towards on-premise solutions rather than cloud-based ones. Many enterprises create views solely for internal units and prefer using internal tools without relying on external ones. It is chosen for its comprehensive system-wide solution. It continuously updates its sources to maintain current solutions. Security and confidentiality are top priorities; they avoid external leaks of information. Despite the misconception that such tools are primarily for cloud environments, Tenable manages its systems internally. This makes it a highly valuable asset in the field of data centers and database security, leveraging its own data centers effectively.

They have their own servers and prioritize trust. They address every compliance concern and offer options for automated and manual assessments. Tenable Security Center supports a wide range of applications and servers, capable of comprehensive scanning and handling of vulnerabilities. It can scan against the CI benchmark and provides standard dashboards for general product monitoring and scanning.

They are not currently handling call flows properly. Some call flows are being deleted from the registry but still show as active. Support is also lacking in onboarding properly in this area. This issue causes confusion and reflects poorly on their service. 

I have been using Tenable Security Center since 2014.

The solution is stable.

It is scalable for management in the market, compared to other products.

The initial setup is not easy because everything is on-premise. We need to enable specific ports for the engineering product, which are critical for internal purposes and cannot be easily changed. This complexity remains confined to the client side, where applications may require reboots.

Another issue arises with scanning and agent communication. While some agents communicate effectively with the Security Center, delays occur when numerous users access the service simultaneously, impacting real-time updates.

Managing involves two scanners and one dedicated server, requiring a week for proper setup and two personnel to maintain the system effectively.

While some clients focus solely on developing large-scale software solutions, the industrial sector is vast. Industries such as manufacturing and green technologies prioritize systematic design, maintenance of accounts, blueprints, and business identities—all of which necessitate robust data security. The investment in securing their data is crucial, ensuring that sensitive information remains protected from potential threats. Monitoring and documenting activities through systems like gateway or dedicated servers help management stay informed about ongoing operations and potential risks.

For enterprise customers, it's acceptable. However, for smaller enterprises or businesses, the budget may be too restrictive to consider such extensive solutions. When proposing to small-scale industries, they often show disinterest even when we offer a POC or trial. This reluctance is primarily due to cost considerations, which larger enterprises can manage more easily.

Tenable supports integrations with tools like Jira and Symantec, which are relatively easy to implement. However, when it comes to other cloud services beyond AWS and Azure, such as Oracle, support is less robust. Personal or niche cloud platforms may not receive adequate support.

There's a significant distinction between agent-based and non-agent-based approaches in Tenable's solutions. Agent-based scanning requires installation akin to antivirus software on servers, whereas non-agent-based methods operate differently. This difference impacts reporting and usability, particularly evident in Google Cloud environments where agent-based scanning is mandated.

Accessing and managing Tenable is straightforward for administrators, but specialist knowledge may be necessary for certain configurations or troubleshooting. Small-scale businesses implementing Tenable Security Center may find it cost-prohibitive compared to Tenable.io for cloud solutions, which offers more affordable options and promotions.

Overall, I rate the solution a nine out of ten.

I use the solution in my company for vulnerability risk assessment, and we are quite happy with it.

The tool's initial configuration is not so easy. The hardware requirements related to the tool need to be better because we need a lot of memory to achieve speed in the solution. If our company needs to react at times, we need to upgrade more memory in the hardware. In general, Tenable Security Center is a very good solution according to me.

I have been using Tenable Security Center for six months. My company works in partnership with Tenable Security Center.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight out of ten.

I use the solution for quite a huge amount of computers in my company, and I see that its scalability is quite nice since it offers an unlimited number of scanners, so I think it's ready for big enterprises.

In the Czech Republic, the tool is mostly used by medium and enterprise-sized businesses consisting of 1,000 to 15,000 users.

I rate the technical support a nine out of ten.

Positive

I have previous experience with Tenable Security Center's competitive solutions, and now I see why Tenable is okay.

I rate the setup phase a six on a scale of one to ten, where one is difficult and ten is easy.

The solution is deployed on the cloud and on an on-premises model, but our company mainly relies on the latter.

The solution can be deployed in a few hours since you need to download the tool's initial package, which is quite big, but once it is done, the deployment process becomes really fast and can be done in 20 to 30 minutes.

I rate the solution's price as seven on a scale of one to ten, where one is cheap and ten is expensive. The tool is quite expensive.

I don't use the product for compliance support.

In terms of the product's valuable feature for threat detection, I would say that the solution's reporting overview in the dashboard is nice. The prioritization of vulnerabilities in the tool is very nice.

The real-time monitoring capabilities of the product are very useful for our company, as they help us to be more in control and interact more actively.

The tool's dashboard and reporting capabilities match our company's needs since we are able to modify the basic view to create a new dashboard, and it works out very well for our needs.

Speaking about how Tenable Security Center's integration capabilities with other tools have affected our company's security operations, I would say that I have very little experience with the integration part, but from what I can see in the product's documentation and description, it can be really well-integrated with a lot of systems, like service desk in ServiceNow and other security vendors, which is good for our company. I can say that the integration capabilities of the product are good.

I would definitely recommend the product to those who plan to use it.

I rate the tool a nine out of ten.

We work as System Integrators and my team has experience in using Tenable Security Center. We provide solutions to work for various customers in BFSI, Telcos, and the Government sector. 

We use this solution mainly for vulnerability assessment and management. With the scanning feature set, we do the reporting and provide easy operation and implementation for our customers. 

The initial product price is quite high, and in our country, this market is very price sensitive, and we have multiple segments of customers. If I invest ten dollars on behalf of my customers and profit just five percent; in such a market, how does the solution provider ensure expansion from our side? This should be taken care of by the channel or legal system. Due to this, we need to work in a very tight situation. 

The solution is completely stable and operation is user-friendly. 

We are facing some challenges related to our channel. We are not having partner channel engagement if it's changed. Most probably due to the addressable market size, the solution providers are not putting that much purpose into the partners. 

I have been using the solution for one year. 

I would rate the stability a ten out of ten. The solution is completely stable. 

I would rate the scalability an eight out of ten.

For the first-time implementation, in a few cases, we needed to call technical support to help with license activation. Tech support was good. 

The initial setup of the solution is quite easy and the operation is user-friendly. The deployment time of this solution is not very lengthy. It depends upon the customers and how frequently they are providing us with the time slot to deploy. On-premise deployment doesn't take more than two to three days. Cloud deployment is also quite easy. 

This solution's price is quite high compared to other competitive solutions. 

I would rate the product a nine out of ten. I would advise to focus on partner relationship development and enablement. If your partner is not confident enough or they are not getting training or direct channel attachments, then it becomes difficult for System Integrator professionals. 

The product is useful for vulnerability management. The Auto-Remediate feature is good. The tool enables centralized vulnerability management.

The product should provide risk-based vulnerability management. It is a popular feature. Large environments can have a lot of vulnerabilities. We need to prioritize them for remediation. So, risk-based vulnerability management is useful for large enterprises.

I have been using the solution for almost ten years.

We don't face many challenges with the product’s stability. We have two or three issues in a year.

The tool is easy to scale. Almost 1,800 users are using the tool in our organization.

The technical support is good. When we raise the issues to Tenable’s support persons, they respond well.

The initial setup was easy. One engineer is required to deploy the solution in two hours. We do not face challenges in maintaining the product.

The tool provides competitive pricing. We pay a yearly license fee. There are no additional costs associated with the tool.

We explored other products, but Tenable was more user-friendly. Tenable has better accuracy, too.

We are satisfied with the solution. Overall, I rate the product a nine out of ten.

We use it to scan both our workstations and servers for vulnerabilities. This includes vulnerabilities related to software, operating systems, and package vulnerabilities. It helps us gain an overview of our organization's security status, which in turn guides our patching strategies and decision-making. 

We use agents for scanning and authenticated logins, but we do not utilize the scanner part that performs web scanning.

We've got better insights into our vulnerabilities and weaknesses. This has led us to a better situation where we have better control. Our ability to manage the situation has improved. 

Previously, we lacked a good overview, but now we possess detailed reports. We generate these reports internally and disseminate them to other responsible teams. Now, we have made it a part of our daily workflow and it helps us monitor vulnerabilities and related matters. It aids us in pinpointing weaknesses and facilitates more effective updates. If something slips, it becomes visible.

However, this is a significant feature, although it could potentially offer even more assistance. 

The scanning part, the agent part – that's the valuable aspect. The agent and plugin components function reasonably well. But setting up scans, those tasks are working decently. 

There are some logical elements that require consideration to understand their functionality, but they perform their function. 

Certain aspects require effort. The solution's built-in reporting components are somewhat clumsy. So, this is an area of improvement. 

Therefore, we export data and integrate it with our other reporting tools - the Elastic Stack, also known as Elasticsearch. We find it more comfortable to generate reports from Elasticsearch because we're well-versed in creating those dashboards there. It's more convenient for us to extract and integrate information in the same manner.

We've been in discussions with Tenable regarding a specific enhancement. It is a concept known as VPR, which stands for Vulnerability Priority Rating. This is related to the CVSS (Common Vulnerability Scoring System) value, which rates vulnerabilities on a scale from one to ten. However, the CVSS alone doesn't accurately determine the severity of a vulnerability; it doesn't indicate how exploitable it is. The VPR takes into account additional factors, such as how widely the vulnerability is being exploited in the wild and the volume of reports from affected sites. 

And if we want to have it on our dashboard, this is something that doesn't work well for us in that sense. We cannot extract it from the Tenable system; we're restricted to using Tenable's own dashboard and reports. However, there's certainly some logic or rationale behind it. It's not directly tied to the CVSS, but rather some other factors. So, it's not a one-to-one correlation with the CVSS, although CVSS is a metric commonly employed in various other systems for assessing vulnerabilities. 

Aligning these metrics and incorporating an additional feature indicating the early harmfulness of a vulnerability is lacking. We're hopeful that the CVSS framework is undergoing changes. I've heard that version four, while not specifically linked to Tenable, is likely to introduce more meaningful values. These values won't be solely focused on severity but also on the level of exploitability. For instance, if exploiting a vulnerability requires local access and specific conditions, it might not merit a higher score like ten; it could be lower due to limited feasibility. Thus, certain developments could be anticipated in this regard. Tenable is also working on its own approach, known as CPR (Cyber Exposure Priority), but this feature is not exportable, unfortunately.

In future releases, I would like to see a feature that provides insight into the actual degree of harm associated with certain vulnerabilities. Ideally, I'd want this information to be exportable to align it with other vulnerabilities. It's possible that I might have the same CVSS value from another source, not necessarily Tenable. We're not using Tenable IO for container security, where we have a separate collection of CVs for containers. However, it's challenging to compare them directly due to the differing numbers and systems. If we could implement this VPR concept for other CVs as well, we could customize it to better suit our needs.

We've been using this solution for close to five years. We probably use the latest version.

I would rate the stability an eight out of ten. Occasionally, there are some maintenance tasks that might cause a slight uptick in activity, but we have monitoring mechanisms in place. Fortunately, it hasn't experienced any major breakdowns. 

Sometimes we encounter issues with resources, like logs populating hard drives, which require manual or semi-manual cleanup. Overall, it maintains a relatively stable performance level. I would rate it at around an eight out of ten in terms of stability.

It is hard to tell because the size of our organization is not very big. Our license covers a range of assets, from 500 to 1000 assets, which we monitor. From their perspective, this falls within a very low scale. 

So, we haven't encountered any scalability issues. Our scale is relatively small; we're not dealing with tens of thousands of assets.

The Security Center is actively scanning every day, targeting different resources with varying scanning frequencies. It operates on a daily basis, generating reports intermittently – some on a daily basis and others weekly. The usage is consistent and spans almost around the clock. 

Certain tasks are scheduled during nighttime, while others are executed during the day. Essentially, there's a continuous level of activity distributed over time to avoid creating spikes in network usage. 

We use it to its maximum potential but ensure it doesn't overly strain our network resources. There was a problem. When initially setting it up, we needed to be cautious. There's the potential to generate substantial network noise, especially if the agent and scanner tasks are simultaneously active. We had to significantly scale it down and task the settings from their defaults. Perhaps it's partly due to our network's capacity, but we encountered initial challenges in managing the traffic.

It is not super good and could do some improvements. I've had interactions with different parties, and while it's not exceptional, we were able to resolve issues with some effort. 

We encountered certain challenges. Initially, the local distributor downplayed the situation, claiming that upgrading to a new version would instantly resolve the issue. However, it wasn't that simple. It took time to resolve the matter. I had expected better support, especially since we had informed them in advance about the downgrade we were planning. I had hoped for proactive support detailing what to expect and what actions to take. Instead, we received assurances that everything would work seamlessly after the version change, which didn't prove to be accurate.

There was a miscommunication or misunderstanding in that regard. It was quite frustrating at the time.

Neutral

The initial setup is somewhere in the middle. It's not very easy. Assistance is needed, especially when dealing with version changes. For instance, when we transitioned from Tenable Plus to the regular Tenable, there were complexities in changing the licensing. It was not so easy to change. 

It might even lean a bit toward the difficult side, so I would rate my experience maybe a three out of ten, where ten is easy and one is difficult. 

We had the support of a third party. We had to use the help of our reseller and also find an engineer from Tenable. 

In certain cases, such as upgrades or downgrades, the documentation isn't always well-defined. You might encounter challenges that require external guidance. For instance, we faced a two-week period of difficulty this year due to a change we were making. It might not be an annual occurrence, but when significant changes are made, it can be far from a straightforward upgrade. Putting new versions in place doesn't guarantee seamless operation; there can be quite a bit of hassle around it.

This wasn't the initial deployment. This occurred when we were switching back from Tenable Plus to regular Tenable at the beginning of this year. It took us around two weeks to ensure that everything was properly transitioned. It's important to note that this was not a continuous two weeks; it involved time periods over the span of around two weeks. This change involved a transition to a simplified licensing structure. We opted to revert to Tenable without the Plus version, as it fulfilled our requirements and was also more cost-effective, approximately a quarter less. This process took place during that time, and it was a hassle.

Only one person was involved in the deployment. We don't have a big team.  We have a dedicated engineer who oversees this service. He took the lead in managing the deployment. He also engaged with relevant contacts internally and externally, including the local distributor and partners, but overall, it was primarily handled by this one engineer.

For maintenance, the same engineer who handled the deployment also manages the ongoing maintenance.

We purchase the solution through a local distributor, but we also directly communicate with representatives at Tenable. So, we acquire the license from their distributor, but we are direct users as well.

I would rate the pricing a nine out of ten, where ten is expensive.

The pricing might deter some companies from adopting this solution, especially in our region, which includes countries like Estonia and neighboring Eastern European nations. For us, the cost is a significant consideration, and we often face challenges when budgeting for it each year.

There's on-premise hosting, which incurs some costs, but it's not a major factor. Additionally, we have an engineer providing support, but that's a shared responsibility across multiple tasks. So, licensing is the primary cost driver, and there aren't any other major expenses.

There are positives and negatives, but despite looking at other options, we haven't found anything better suited for us. So, we continue to use it and have plans to keep using it in the near future.

I would suggest running a proof of concept to evaluate the product's suitability. Test it on a smaller scale over a period of one to two months to see how it works. 

It's essential to assess whether the solution aligns with the organization's specific needs. Our approach involves using agent-based scanning, but this varies based on individual requirements.

Be aware of the network "noise" it might produce. Default scanning intensity might be too much and you might need to alter it in order to prevent network problems (DoS yourself).

My advice would be to give it a trial run before committing. It's hard to tell if it fits without firsthand experience. Additionally, the fact that Nessus, the scanning component of the security center, has been around for decades and even had open-source iterations in the early 2000s provides some confidence in its longevity and reliability. However, for newcomers, I would recommend testing it out on a smaller scale before making a decision.

Overall, I would rate the solution a seven out of ten.

Tenable Security Center is aimed at IT environments. It can receive vulnerability information from Tenable OT and integrate it into a unified report covering both IT and OT environments.

The BPR prioritizes vulnerabilities. The ARCs and compliance reports are very helpful in complying with regulations and standards.

The valauble feature is compliance reporting system.

It does not natively support industrial protocols needed for OT environments. The reporting system is very powerful, though it could be more user-friendly for creating custom reports.

I have been using Tenable Security Center as a partner for five years.

It's very stable.

I rate the solution's stability an eight out of ten.

We cater the solution to medium and enterprise. We haven't seen issues with scalability.

I rate the solution's scalability an eight out of ten.

Deployment takes probably a couple of days. it can either be done for one person.

It requires the installation of its tools and console server, which can be either virtual or physical. You need to activate the licenses and update the tool for the latest plugins. Typical deployments may involve multiple scanners linked to the main console, depending on the customer's network. Additionally, customers might need to deploy agents which require a separate Center manager machine. While, there is a lot to set up, it can be done within a couple of days.

I rate the initial setup an eight out of ten.

It's very affordable.

Continuous monitoring is essential because new vulnerabilities are discovered every day, and even existing vulnerabilities can evolve. As new malware emerges, a vulnerability that seemed minor today might become critical tomorrow. The malware, and malicious activities are constantly changing. 

We cannot rely solely on the hardware or servers required to run Tenable Security Center because it is an on-premise solution.

It provides essential tools for vulnerability management and operates on-premises. This allows customers with requirements or audio restrictions to run Security Center on their premises. Additionally, the reporting system is highly advanced, and the compliance dashboards are extremely useful for meeting regulatory requirements. For example, banks and financial institutions prefer Security Center due to its robust reporting capabilities and on-premises operation.

I advise them to look into Tenable Security Center instead because it not only provides vulnerability management but also include other modules of Tenable, such as Tenable Identity, Tenable Cloud, etc. This allows for a single pane of view for the entire company, covering more than vulnerabilities and offering a comprehensive.

Overall, I rate the solution a nine out of ten.

Our customers use the product for scanning their network for vulnerabilities.

Tenable is the leading product for vulnerability scanning. Most of the customers use Tenable in our region. The customers are happy with the product.

People do not prefer the solution for web applications. They prefer Acunetix or Netsparker over Tenable for web applications. The solution should provide better web application features and support. It could provide some add-ons to customers.

I have been using the solution for the past six months.

I rate the tool’s stability a ten out of ten.

We have 15 to 25 customers who use the solution. I rate the tool’s scalability a nine out of ten.

The support team was helpful. Usually, we don't contact the support team because our engineers do the installation. It's not so complicated.

Positive

The initial setup is easy. We have certified engineers of the product.

Two engineers are needed to maintain the solution. The time taken for deployment depends on the prerequisites of the customers. If the customers provide all details to us at the proper time, we can deploy the solution in two to three days.

The annual licensing fee of the product is $25,000. The pricing depends upon the number of IPs. There are no additional fees associated with the solution.

I am dealing with the latest version of the solution. It's a very good product to use. Overall, I rate the product a nine out of ten.

Tenable.sc customers use when they need a complete in-house vulnerability management environment. It enables you to identify the applications and infrastructure within your organization, giving you greater control over your environment. Tenable.sc isn't on the cloud. Tenable.sc is deployed on a private cloud and used when regulations prevent keeping things on a public cloud. Two of my customers are using it currently. 

I like Tenable.sc's analytics and reporting. You can also configure your on-prem network monitors to talk to your Tenable.sc control panel.

I have used Tenable.sc for two years. 

The stability depends on your environment. It is typically stable, and I have not experienced any kind of issues. 

Tenable.sc is scalable, depending on your on-prem environment and how it is configured. You can scale as far as your configuration allows. 

I get the standard support that comes with all Tenable licenses. There isn't specialized support for Tenable.sc. It's decent.

Deploying Tenable.sc is highly complex because it's an on-prem solution, whereas Tenable.io is cloud-based, so you can go live as soon as you log in. Tenable.sc involves significant integration with other on-prem solutions, and the deployment takes about two to three weeks with the help of a system integrator

You need to set up your environment, including VMs or a physical server. If you have data centers spread across multiple sites and regions, you need to deploy a specific JPS at every location so the data can pass through the gateway and be captured in the central console on a private cloud or on-prem data center.

I rate Tenable.sc seven out of 10. I typically recommend Tenable.io instead, but Tenable.sc is an option if data regulations require you to use a private cloud or on-prem infrastructure.