Tenable Security Center Reviews

Our customers use the product for scanning their network for vulnerabilities.

Tenable is the leading product for vulnerability scanning. Most of the customers use Tenable in our region. The customers are happy with the product.

People do not prefer the solution for web applications. They prefer Acunetix or Netsparker over Tenable for web applications. The solution should provide better web application features and support. It could provide some add-ons to customers.

I have been using the solution for the past six months.

I rate the tool’s stability a ten out of ten.

We have 15 to 25 customers who use the solution. I rate the tool’s scalability a nine out of ten.

The support team was helpful. Usually, we don't contact the support team because our engineers do the installation. It's not so complicated.

Positive

The initial setup is easy. We have certified engineers of the product.

Two engineers are needed to maintain the solution. The time taken for deployment depends on the prerequisites of the customers. If the customers provide all details to us at the proper time, we can deploy the solution in two to three days.

The annual licensing fee of the product is $25,000. The pricing depends upon the number of IPs. There are no additional fees associated with the solution.

I am dealing with the latest version of the solution. It's a very good product to use. Overall, I rate the product a nine out of ten.

We use the solution for creating passwords and security scanning purposes.

The solution has been beneficial for our organization.

The solution serves as a good tool and is very user-friendly as well. It has many features. We are able to identify vulnerabilities in our systems, and ways to fix them with the solution’s help.

The solution is expensive. They should work on its pricing. 

We have been using the solution for six months.

It is a stable solution.

It is a scalable solution. We have eleven users using the solution in our company that include Associates and Engineers. I rate the solution’s scalability as a ten.

The solution’s tech support team is very helpful.

Positive

We have an in-house team for installation.

I recommend the solution as it is a very good and user-friendly product. I rate it as a nine.

The reporting vulnerability is very helpful when you link it with the people who close it with the admin and support team, giving them the criticality to find how to close each item.  And it's up to date with all the vulnerabilities on the market thanks to prompt updates from the cloud.

In the next release, we would like to see the inclusion of external IPs and simplified reporting that's easier to deal with.

We have been using this solution for about two years.

The solution has been very stable up till now. I would give it nine or 10 out of 10 for scalability

For our size, it's scalable. It covers all the bank infrastructure and all that we have.

Two or three people from the security team manage the solution, but they extract it for the IT team to take action in different areas, including infrastructure and domain support. So 10 or more people assess the reports to fix the issues.

We are happy with the support from the Tenable side. But sometimes the vendor's people move between areas too often, causing occasional shortages on technical issues inside the country. When you raise tickets, the vendor sometimes takes some time to respond, but they are always helpful. 

Positive

Previously we used Rapid7, but we switched after comparing it with the solution because it had some additional features that we needed.

Overall, the initial setup was smooth and easy. Later we had to integrate it with other solutions in the system, but it didn't take long.

We had a consultant for two weeks at the beginning but in the end, we completed it, doing most of the work ourselves and gaining valuable experience. And, of course, we had to set up our systems inside the bank and the structure of the scope of the vulnerability, so that made it about a month.

Four people were involved in the deployment, two from the vendor and two from our team.

We're happy with the licensing cost and find it affordable.

We paid for three years, mostly for the finances and sourcing, but all features are inclusive.

I would rate our licensing cost as eight on a scale of one to ten.

I would give the product an overall rating of nine out of 10.

The product is a very good solution. I would advise potential users to look at other solutions. The product is our second solution, and we are happy that it meets our requirements.

I primarily use Tenable SC for vulnerability management i.e. to detect vulnerabilities in servers, workstations, and some IoT, produce, prioritize, and validate a mitigation strategy, and keep the mitigation on track so the CISO can detect changes in the posture. 

Tenable SC's most valuable features are the low number of false positives and the strong capability of providing prioritization for the vulnerabilities detected.

Tenable SC could be improved with additional connectivity to external company postures and the capability of managing and sustaining agents in the systems directly without additional platforms in the middle.

I've been working with Tenable SC for seven years. 

In seven years, we haven't had any problems with Tenable SC's stability. Sometimes a specific update doesn't feed exactly as expected, but the problem is always covered quickly by Tenable, and with a stable version, it's very, very stable.

Tenable SC's system can be multiplied by different installations and have on-top management and a single pane of glass. So it can scale with only one system - almost to half a million assets. And with multiple systems, we can have more than a million assets without problems.

Tenable's American technical support is excellent, though the European version is not quite as good as it takes longer to provide the right information.

Positive

The initial setup is very, very easy, even with the on-prem version, and depending on the customer's size and the complexity of the infrastructure, it can be done in one day.

Tenable SC can cut manpower costs on manual scans and analysis by more than half within one or two years.

Tenable SC is priced per asset, with the basic solution starting around US$12,000 for 500 assets. There's an additional cost for advanced support.

Tenable SC is suitable for medium and large companies, but it's not feasible for small ones. If you're in the US, I advise buying services from Tenable to implement the system instead of trying to implement it yourself. There are always some tricks that come with knowledge of the product that will make for a faster and better installation. Similarly, if you're in EMEA or Asia, please choose a good integrator. I would give Tenable SC a rating of nine out of ten.

We use Tenable SC for internal vulnerability scans with agents, and agentless scanning in the cloud. For example, we're scanning the AMI in the cloud and making it part of the base image.

The most valuable features of Tenable SC are scanning, reporting, dashboards, and automation.

Tenable SC can improve by adding more integrations with HCI-type tools and more accurate vulnerability detection.

I have been using Tenable SC for approximately three years.

Tenable SC is stable.

The scalability of Tenable SC is scalable.

We have more than 10,000 people using this solution. We are using the solution extensively.

The support from Tenable SC is good.

I rate the support from Tenable SC a four out of five.

We previously used Qualys.

The implementation of Tenable SC is straightforward. It took us approximately two to three months to complete.

I rate the initial setup of Tenable SC a four out of five.

We did the implementation of Tenable SC in-house. We used five or six staff members for the process and we did most of it through automation. We have engineers, managers, administrators, and product managers assisting.

I would recommend this solution to others.

I rate Tenable SC an eight out of ten.

The usability is really good. It's very intuitive and any person can use it, you do not have to be an expert in vulnerability analysis. It's very easy to use and a good platform. 

In regards to additional features, I would say make it a little bit simpler. There are different menus for downloading reports that could just be a click and download. Right now, we have to go to the scan and then we have to go to the reports and download the Excel or CSV or PDF. I think these menus and clicks can be minimized.

We have had Tenable SC for the past year.

It is very stable. We have not had any issues.

It is scalable. You can add the scanner in. At present, we have five people working with it at our organization.

The technical support is fine. They're prompt and we've had no issues with them.

Neutral

It was super easy, not complex.

We set up a consultant to help with deployment and the full process took around a month.

Compared to other companies or other products it could maybe be a little bit less, but the price is okay. I would say it's not very expensive.

I would rate the solution as a nine out of ten. 

We use Tenable SC for compliance and vulnerability scans. 

We are fully updated in terms of the version, and we have its latest version.

Compliance and vulnerability scans are most valuable. Compliance scan helps in validating how our teams are complying, and vulnerability scan helps in future-proofing. Its vulnerability detection is accurate.

Its reporting can be improved. It is not easy to generate a scan report the way we want. The data is okay, but we can't easily change the template to make it look the way we want.

I have been using this solution for about two years.

It is stable and reliable, but it also depends on the on-premise resources.

It is easy to scale. It is currently being used by a few people in our company.

We sometimes took support from Tenable when we had issues with the scans and we couldn't get the results. They were helpful. It is easy to get support.

It is easy to set up. We need to set it up from the appliance.

We can do it on our own, but we sometimes need help from the vendor.

Its maintenance is done from our side.

It is a bit expensive. Everything is included in the license.

It has been good so far. I would rate it an eight out of 10.

We primarily use the solution for vulnerability scanning across the network . 

A few months back, I conducted a Deployment on Tenable SecurityCenter for a Reputed  Private Bank. Also I had to teach the Usage and features and then show them how the scan things work and how results can help analyze and report. also helped developing some use case like Scheduling scan and email that to specific users for mitigation, Generating Alert for particular level of vulnerability etc.

Tenable has come a long way than we found earlier, Asset Criticality Report and Predictive Prioritization helps us finding the most critical loophols in minutes, Security Engineers can now focus more on Remediation. Less of false positive eases our vulnerability program and saved time.

In Tenable SecurityCenter, the Risk-based approach for Prioritizing vulnerability is something that is unique to any vulnerability management platform. Compared to Qualys and Rapid7, Tenable VPR is a special thing that those products don't have. The security over the CVSS and V1 and V2 with the VPR feature help an organization reveal the exact risk of any asset. There might be thousands of vulnerabilities, however, the most impactful vulnerabilities are listed and prioritized in the VPR. 

As tenable SecurityCenter is powered by popular Nessus technology, It is really easy to set up.

The solution is stable and considered as the most solid vulnerability management platform in the industry. 

Tenable.sc provides a wide range of dashboards which makes it easy to grasp the vulnerability profile of the organization. These dashboards allow us to view vulnerabilities in different categories in a simple to understand format. The upgrade to Tenable.sc+ has improved on this as well. Regularity of plugin updates are also exceptional. The speed at which tenable has pushed plugin updates and overall platform updates is great. Also the automatic update capability makes maintenance very simplified. Easy to use User interface. For someone who is not familiar with Tenable.sc, the interface is not difficult to follow along and the documentation makes it very simple for anyone

The solution has a very nice Asset discovery feature that gives you gives you unified visibility of your entire attack surface, As It leverages Nessus Sensors, a mix of active scanners, agents, passive network monitoring, and CMDB integrations to maximize scan coverage across your infrastructure to reduce vulnerability blind spots. This mix of data sensor types helps you track and assess both known and unknown assets and their vulnerabilities

The solution is a bit on the expensive site. In a country like  Bangladesh, most of the customers don't have a budget that could afford Tenable SecurityCenter. They'd rather go for Qualys and Nexpose, which cost less. The licensing policy is something they can improve. 

Support could be faster.

I've used the solution for last 5 years now. 

The solution is verry stable. That said, some customers complain about the results and how they are shown. Compared to Nessus, if a customer gets used to using Nessus, and then comes into Tenable SecurityCenter, then the compliance results are an area where they might find a difference. In Nessus, the compliance results are shown in past and failed. In Tenable.sc, it's shown in medium and high. This could be more clear. 

Tenable can be scaled easily, just to add additional IP's on the licensing and that's it.

I haven't really dealt much with technical support. In the initial stage, however, when I started deploying Tenable SecurityCenter, I faced a bit of a challenge implementing the Nessus Network Monitor. I figured it out, and now I don't have issues. 

Support is top-notch, however, in terms of response times, they are slow, and they need to be faster. 

Positive

I have also worked with Qualys for a long time.

In our country, People are yet not comfortable adopting SaaS/cloud based solutions also,there are some government jurisdictions that require data to be within the country and an on-prem solution is always needed for the organization. Other solutions, Qualys and Rapid7, are mainly cloud designed. Tenable SecurityCenter is the only solution that can be fully on-prem for small to mid Enterprises. 

Also, Tenable is better for compliance requirements in terms of regulations around vulnerability management. it has reporting on compliance with pre-defined checks, metrics and proactive alerts on violations for industry standards like CERT, NIST, DISA STIG, DHS CDM, FISMA, PCI DSS etc. and regulatory mandates. while it comes to other solutions i dint find the compliance feature as good as Tenable 

The initial setup is simple. It's not complex at all. 

You can go with the installer for Tenable SecurityCenter, which has an installer file for Linux and Unix platforms only. talking about the Nessus scanners, It can be deployed anywhere, including on Windows machines or Linux. There is not much of a challenge to it.

The time it takes to deploy varies. For example, what is the implementation size? How many IPs, and what are the sites? Those things change the timing. If it's a stand-alone setup, it can take around one to two hours to deploy. If you are also talking about onboarding the IPs, and scanning all those IPs, it can take a working day to complete.

The legecy container security is already in it's EOL, if it gets added to Tenable Security Center, users can take full toll of on prem container scanning.

Its cost depends on the Number of Assets. The licensing is per year. 

i had also worked and evaluated Qualys.

We sell Tenable.

I'm using something around version five. I have installed the demo version of it in my Docker.

The product really stands out in comparison to the competition. However, the price tag is a bit on the higher.

I would advise new users to scan all assets and grab the results and set up all security postures and do stats for mitigating those attacks which are critical. For the first time, I would recommend they go for the critical and high vulnerabilities first in order to mitigate effectively very early on. 

I'd rate the solution nine out of ten.