Tenable Security Center Reviews

We primarily use the solution for vulnerability scanning across the network . 

A few months back, I conducted a Deployment on Tenable SecurityCenter for a Reputed  Private Bank. Also I had to teach the Usage and features and then show them how the scan things work and how results can help analyze and report. also helped developing some use case like Scheduling scan and email that to specific users for mitigation, Generating Alert for particular level of vulnerability etc.

Tenable has come a long way than we found earlier, Asset Criticality Report and Predictive Prioritization helps us finding the most critical loophols in minutes, Security Engineers can now focus more on Remediation. Less of false positive eases our vulnerability program and saved time.

In Tenable SecurityCenter, the Risk-based approach for Prioritizing vulnerability is something that is unique to any vulnerability management platform. Compared to Qualys and Rapid7, Tenable VPR is a special thing that those products don't have. The security over the CVSS and V1 and V2 with the VPR feature help an organization reveal the exact risk of any asset. There might be thousands of vulnerabilities, however, the most impactful vulnerabilities are listed and prioritized in the VPR. 

As tenable SecurityCenter is powered by popular Nessus technology, It is really easy to set up.

The solution is stable and considered as the most solid vulnerability management platform in the industry. 

Tenable.sc provides a wide range of dashboards which makes it easy to grasp the vulnerability profile of the organization. These dashboards allow us to view vulnerabilities in different categories in a simple to understand format. The upgrade to Tenable.sc+ has improved on this as well. Regularity of plugin updates are also exceptional. The speed at which tenable has pushed plugin updates and overall platform updates is great. Also the automatic update capability makes maintenance very simplified. Easy to use User interface. For someone who is not familiar with Tenable.sc, the interface is not difficult to follow along and the documentation makes it very simple for anyone

The solution has a very nice Asset discovery feature that gives you gives you unified visibility of your entire attack surface, As It leverages Nessus Sensors, a mix of active scanners, agents, passive network monitoring, and CMDB integrations to maximize scan coverage across your infrastructure to reduce vulnerability blind spots. This mix of data sensor types helps you track and assess both known and unknown assets and their vulnerabilities

The solution is a bit on the expensive site. In a country like  Bangladesh, most of the customers don't have a budget that could afford Tenable SecurityCenter. They'd rather go for Qualys and Nexpose, which cost less. The licensing policy is something they can improve. 

Support could be faster.

I've used the solution for last 5 years now. 

The solution is verry stable. That said, some customers complain about the results and how they are shown. Compared to Nessus, if a customer gets used to using Nessus, and then comes into Tenable SecurityCenter, then the compliance results are an area where they might find a difference. In Nessus, the compliance results are shown in past and failed. In Tenable.sc, it's shown in medium and high. This could be more clear. 

Tenable can be scaled easily, just to add additional IP's on the licensing and that's it.

I haven't really dealt much with technical support. In the initial stage, however, when I started deploying Tenable SecurityCenter, I faced a bit of a challenge implementing the Nessus Network Monitor. I figured it out, and now I don't have issues. 

Support is top-notch, however, in terms of response times, they are slow, and they need to be faster. 

Positive

I have also worked with Qualys for a long time.

In our country, People are yet not comfortable adopting SaaS/cloud based solutions also,there are some government jurisdictions that require data to be within the country and an on-prem solution is always needed for the organization. Other solutions, Qualys and Rapid7, are mainly cloud designed. Tenable SecurityCenter is the only solution that can be fully on-prem for small to mid Enterprises. 

Also, Tenable is better for compliance requirements in terms of regulations around vulnerability management. it has reporting on compliance with pre-defined checks, metrics and proactive alerts on violations for industry standards like CERT, NIST, DISA STIG, DHS CDM, FISMA, PCI DSS etc. and regulatory mandates. while it comes to other solutions i dint find the compliance feature as good as Tenable 

The initial setup is simple. It's not complex at all. 

You can go with the installer for Tenable SecurityCenter, which has an installer file for Linux and Unix platforms only. talking about the Nessus scanners, It can be deployed anywhere, including on Windows machines or Linux. There is not much of a challenge to it.

The time it takes to deploy varies. For example, what is the implementation size? How many IPs, and what are the sites? Those things change the timing. If it's a stand-alone setup, it can take around one to two hours to deploy. If you are also talking about onboarding the IPs, and scanning all those IPs, it can take a working day to complete.

The legecy container security is already in it's EOL, if it gets added to Tenable Security Center, users can take full toll of on prem container scanning.

Its cost depends on the Number of Assets. The licensing is per year. 

i had also worked and evaluated Qualys.

We sell Tenable.

I'm using something around version five. I have installed the demo version of it in my Docker.

The product really stands out in comparison to the competition. However, the price tag is a bit on the higher.

I would advise new users to scan all assets and grab the results and set up all security postures and do stats for mitigating those attacks which are critical. For the first time, I would recommend they go for the critical and high vulnerabilities first in order to mitigate effectively very early on. 

I'd rate the solution nine out of ten.

We use Tenable to scan all of our environments and plugins for vulnerabilities. Tenable helps us discover network vulnerabilities to threats and piracy. 

Tenable's reporting engine needs improvement. It needs to be more efficient and add more features.

I've been using Tenable for one year.

Tenable is scalable. 

Tenable technical support needs improvement.

Setting up Tenable SC was straightforward, and it took two months to deploy. 

A third-party vendor implemented Tenable for us.  

I rate Tenable SC nine out of 10. It needs some improvements in the reporting engine and training. For example, I need the ability to easily check what happened on Tenable specific dates.

I primarily use Tenable for scanning and reporting.

Tenable's most valuable features are the credential scan, vulnerability reports, and vulnerability ratings (VPR).

Tenable has some problems with agents going offline during scanning and lag between agents and the security center. In the next release, Tenable should include automated patching and integration with SSCM so missing patches can be pushed from there.

Tenable is stable.

I'm satisfied with Tenable's technical support.

Positive

The initial setup was easy.

Tenable is open-source.

I would rate Tenable eight out of ten.

I'm a pre-sales engineer and we are resellers of Tenable.

This solution is very customizable compared to everything else I've seen on the market, so you can easily customize it to suit your needs. There are a lot of templates you can use and you can install it pretty quickly so in one hour you can have your scanner up and running.

I think the company should redo their web page because the way things are now there are a lot of things you can't do. For example, if you want to filter something on the solution and have it filter down to all of your widgets, you can't do it, you have to go from one widget to the other. It takes some time if you have a big customer dashboard that's using some data. I think that the integration with a solution like Jira could be a little bit better for when you create tickets based on your vulnerability.

I know they are working on additional features related to the integration with the patch management like Qualys has, which is really amazing. This is the future and I know they're working on it. 

I've been using this solution for the past six or seven years. 

Usually the solution is stable but it can be a little bit tricky which I think depends on the kind of BME and the sizing used. I'd say it was 80%, 85% stable.

The solution is very scalable, it's one of the most scalable solutions that I've used so far, compared to Rapid7 and Qualys, it's very scalable. You can use it pretty much with anything, even if you start with 1000 IPs and scale up from 1000 to 10,000.

Technical support is very efficient and they escalate the tickets when you have a big issue. When you open a ticket, they respond within the hour and they're pretty quick to find the issue. If you have a bigger issue, you can set up a Zoom call with them and that's very helpful. 

I've used Rapid7 in the past and I've also used Qualys a little as well. I work with customers, so I go with whatever they want to use. 

The initial setup is very straightforward and quick. 

I would definitely recommend the solution but I would tell people that it requires dedicated staff. You need to have someone looking at what's going on when you scan and you need somebody to go through all the results, otherwise it just sits there.

I would rate this solution an eight out of 10. 

I use SecurityCenter currently to investigate daily network security events from reports I receive. Our network support team uses it to track, manage, and remediate system vulnerabilities. It works well for the latter, not so much for the former.

In terms of vulnerability mitigation, SecurityCenter has worked quite well and is a perfect replacement for GFI LanGuard. Unfortunately, it's also being posed to my team as what we're supposed to use in place of ArcSight Express, which I've worked with for several years now.  SecurityCenter could be much more useful to our agency as a whole if it were configured better, but I'm not sure that the team that directly manages that system knows how to do that, or has the right licenses they need to bring in all of the data my team needs in SecurityCenter to make good use of it.  Basically, it comes down to two teams trying to use the same product for very different purposes, and while one team is pleased with the results, the other (mine) is not.

The 'raw syslog' search functions are fairly nice for tracking down debug info from an event, but it's usefulness is extremely low when compared with ArcSight in terms of its usefulness in network event investigations. SecurityCenter's strongest focus seems to be its vulnerability scanning, but I'm told I should be able to use it to replace ArcSight, and from experience with both products, I know that's not the case.  To be honest, if my mission were more aligned with our other team's goals, I might like SecurityCenter a lot more than I do; but as is, it's like trying to fit a square peg into a round hole.

Security Center's vulnerability scanners are excellent in terms of compliance reporting, and the dashboards certainly seem to make the less technical of our staff all starry-eyed, but to be honest, I find SecurityCenter to be lacking in too many ways where my usage of it has been concerned.  Dashboards, to me, are much less interesting than a powerful and flexible query engine, and that's an area where I find SecurityCenter most lacking.

ArcSight Express; my employers sought a less expensive solution. If I'd had any sway on the decision, it wouldn't have happened, or at least, it would have happened differently.  The two products compliment each other well, but separately, they're designed with very different goals in mind.

No, I wasn't given the opportunity. SecurityCenter was brought in, vetted, and implemented by a separate team from the one I work with daily.

Know what you're getting into, and know the difference between security compliance suites and SIEM suites. The two are very different, which is why I'm very unhappy using SecurityCenter, because it's been forced upon me as a replacement for a product that it doesn't even compete with.

Tenable SC can be used in any company for vulnerability management life cycle.

It's a very useful tool.

Internal ticketing systems require improvement. 

The GUI could be improved to have all concerns and priorities use the same GUI, allowing them to see all tickets, assign vulnerabilities, and assign variation failures to each member of their team.

I have been working with Tenable SC for more than five years.                                                             

Tenable SC is very stable.

According to the sizing that we are dealing with in this first stage, it is very scalable.

We have not experienced any issues with the scalability of Tenable SC.

The information security team has access to the solution. The number of users varies from one environment to another. It ranges, from five users to ten users maximum.

The same number of users can easily deploy and maintain this solution, included the access manager, administrator, and anyone who can configure the policies they test.

Tenable technical support is very good. They are very helpful, and responsive.

We had experienced some delays in two or three tickets we started, but that may have been because of the client, they were very unresponsive.

Overall, the technical support is very good.

I have worked with Rapid 7 and Qualys.

The installation is very straightforward. It's the easiest solution that I have ever implemented.

The installation was quick, taking no more than one or two minutes.

I completed the installation myself. It can easily be installed by anyone.

The license is perpetual and is based on the number of IP addresses you want to scan in your organization.

The support comes with a different license.

Tenable SC is without a doubt a good choice.

I would rate Tenable SC a nine out of ten.

The tool helps with vulnerability assessment and vulnerability management.

The tool gives us fewer false positives. Compared to its competitors, the solution’s reports are more accurate.

We experienced some difficulties with the solution’s support.

I have been working with the solution for two years. I use the tool’s latest version.

I would rate the tool’s stability a nine out of ten.

I would rate the tool’s scalability a ten out of ten. You can place sensors for the scanners and easily scale up.

I would rate the tool’s setup an eight out of ten. The tool’s deployment is very straightforward and it took only one day to deploy the solution. The solution’s deployment is simple and efficient.

I would rate the tool an eight out of ten. The tool has community support. From my experience of using the solution, I would recommend it to anyone looking to use it.

Our primary use case for Tenable SC is its vulnerability scanning capability. 

I think the vendor training provided for Tenable SC could be a lower price. It's quite expensive for the training. 

I have been working with Tenable SC for 4 years.

The stability of the Tenable SC product is satisfactory. 

I find Tenable SC to be a very scalable product. 

The initial setup of Tenable SC is not unmanageable. 

With regards to the setup of Tenable SC, I would advise others to spend time using the module, get familiar with the product, and in addition read the manual that is provided. 

We primarily use Tenable SC for vulnerability scanning and did not evaluate other options. This meets our needs.

I would say there are approximately 30 users in our organization using the Tenable SC product.