Tenable Vulnerability Management Reviews

In my company, we use Tenable.io Vulnerability Management is a good solution for vulnerability assessment on the infrastructure and not on the applications. The solution is useful for conducting vulnerability assessments on IT infrastructures. We use Tenable to discover assets on the network and the vulnerabilities in the vulnerability management cycle.

Tenable.io Vulnerability Management is an easy-to-use product. It is a good solution, as per Gartner's SIEM Magic Quadrant. The product has a lot of documentation and blogs, so you can get lots of support from its communities while also finding a lot of online materials that can help you improve the solution's uses or implement it according to your use cases.

The shortcoming of the solution that needs improvement is related to its capability to do vulnerability assessments on applications.

I have been using Tenable.io Vulnerability Management for more than ten years.

It is a very stable and mature solution in the market since it has been around for over 15 years.

The product has no scalability solution since it can manage hundreds to thousands of networks.

The solution's technical support is good and quick to respond. If you have a problem, you can be sure that someone from the support team has a solution to your problem.

Our company doesn't use any other products from Tenable apart from Tenable Nessus for vulnerability assessment. We also use NetSuite to manage the vulnerabilities' life cycle.

The initial setup of Tenable.io Vulnerability Management was straightforward since it allows one to use a device, like a virtual machine, or one can use it on a public IP address if it is already deployed, making the process very quick and easy.

The solution is deployed on-premises.

The deployment process was very quick since it could be done using a virtual machine or the customer's network. You can do the deployment with the virtual machine by connecting to the management suite before launching the solution.

To do an assessment for all our customers, my company has over 200 users for the deployment and maintenance of the solution. There is a dedicated team in the company I currently work for to manage the solution. One technician is needed to do a vulnerability assessment.

Yearly payments are to be made toward the licensing cost of the product. It is neither a cheap nor an expensive product.

I recommended the solution to those planning to use it since it is a very good product. Though there are other good solutions like Qualys, Tenable is the best.

I rate the overall tool a nine out of ten.

We use the solution for our vulnerability management program.

The solution is deployed in the cloud.

When the logging logic is lacking certain columns, Tenable.io Vulnerability Management provides comprehensive coverage, thereby simplifying the reporting process.

One of the most valuable features of Tenable.io Vulnerability Management is its exportability, which allows us to conduct risk assessments efficiently. This feature enables us to prioritize security issues based on their level of importance, without being distracted by other irrelevant details. Additionally, the system is frequently updated to ensure it complies with industry standards.

The asset identification has room for improvement. Since we are using a cloud-based scanner, we must scan devices based on their ID. However, we are encountering many issues with reporting. Assets are often being incorrectly merged or we encounter issues related to assets. If we had an agent with a scanning system, this issue may not have occurred, but it currently exists.

The UI has room for improvement. The previous version of the UI was better.

The technical support has room for improvement.

I have been using the solution for nine months.

The solution is generally stable, although we have experienced two instances in the past where it was down. The first outage was related to the scanner and lasted a few hours, while the second was caused by storage issues that prevented us from clearing the logs.

Scalability depends on our licensing agreement and the number of scanners we use. Currently, the number of scanners and our license allows for scalability up to a certain limit. Beyond that limit, we would need to purchase additional licenses to expand.

The technical support team responds promptly to basic issues. However, when faced with major issues or more complex problems, it can take longer to receive adequate assistance due to a high volume of entries. In such cases, we are required to submit detailed logs, which the support team will analyze before we can proceed to ask further questions.

Negative

Our current license covers 2,500 assets. If we want to add more assets we need to buy another license for another scanner.

I give the solution an eight out of ten.

We have around nine people using the solution.

The necessary maintenance pertains to storage. As it will be hosted on a specific cloud instance, we need to periodically manage the storage when the logs become full. This involves manually logging into the deployment platform and clearing the storage every few months.

The features of Tenable.io Vulnerability Management are impressive, the management system is well-designed, and the scanning options are thorough. Additionally, there are numerous built-in templates available. However, when utilizing the twelve-day scanner, asset identification can become challenging because of the dynamic IP addresses, which the solution struggles to properly identify the devices.

Tenable.io Vulnerability Management is a leading solution for vulnerability management and excels at aggregating information.

Vulnerability Management is used to discover assets and identify vulnerabilities across our IT landscape. 

The dashboard is pretty intuitive, and it lets you do a drill-down analysis of each vulnerability. That is something that brings a lot of value to the organization.

Tenable could improve visibility into assets, including automated asset tagging. You should be able to automatically tag assets based on location, function, ownership, etc. That would help us because we spend a lot of time identifying and tagging assets by hand. 

I have used Vulnerability Management since February 2021.

There are factors within the organization that affect stability. Ultimately, your Tenable.io performance depends on your on-prem network infrastructure. 

I haven't used Tenable.io support, but my team has, and I haven't heard any complaints thus far. 

I used Qualys at my previous job for vulnerability validation, but I have used Tenable.io VM for quite a while now.  

Deploying Tenable.io VM is neither straightforward nor particularly complex. We run gateways in North America and India, respectively that talk to the Tenable.io console. It's not too complex. It was in place when I joined, but I believe it took no more than two weeks to deploy.

You need to create a tenant in the Tenable Cloud SaaS and configure user access.  We have five analysts using the solution and one or two admins. 

We see a return by identifying vulnerabilities and converting them into actionable items. The solution provides a lot of visibility into your environment. 

We pay an annual subscription, and I feel the cost is reasonable. The license covers everything, including support. 

I rate Tenable.io Vulnerability Management nine out of 10. It's an excellent product that's scalable, stable, and intuitive. It helps you to drill down into vulnerabilities.

Before, they did not have an agent-based solution. Last year, they developed one. For example, before, when users were roaming or working from home, we wouldn't be able to scan previously. Now, we can cover anyone, even off-site. 

The most valuable feature is the configuration audit. 

The interface is fine. 

We haven't had issues with support.

The solution is easy to deploy and maintain. 

The solution can scale well.

The entire product is very easy to use. 

The solution is a bit slow. It should be faster. They could improve the performance. 

We primarily use the solution for vulnerability management and confidential information detection, for example, credit card information. We also use it for configuration management. 

The scalability is great. I'd rate it nine out of ten. A company can expand it if they would like to. 

Technical support is okay. The issue is they don't have a team based in India. Sometimes, it's hard to get support on time. However, they are pretty helpful. 

Positive

We are also using Tenable.sc, version 6.0.

The initial setup is pretty straightforward. I'd rate the process eight out of ten overall. It is not overly complex. 

We can implement the solution in one week in one region. 

In terms of maintenance, we only really need one person. That's enough.

I do not manage the licensing or pricing. My team handles this aspect.

We did test multiple other solutions.

I'm an end-user.

This is an agent-based solution. There isn't a specific version we use.

The solution is very user-friendly if you compare it to other tools. I'd rate it eight out of ten. 

The solution is mainly for vulnerability scanning management. It's more like an extension of the Nessus.

I like the ten points of scanning. 

The performance is good.

It is quite straightforward to set up.

The solution is stable, and it is quite scalable. 

We'd like to see a bit more user-friendliness. They need to work on that aspect of the solution.

We've recently adopted the solution and have been dealing with it for just over a year or so.

The product offers good performance. There are no bugs or glitches. It doesn't crash or freeze. 

This is a scalable solution. It's easy to expand. 

I'm not sure how many users there are, however, my understanding is there are more than ten people.

We've never had any real difficulties, and therefore we haven't really dealt with support.

The solution is easy to set up. It's straightforward. It's not overly complex. 

It's based on landscape dependencies. However, it's easily deployed. It can take a few weeks to set up. If you are deploying across the globe, it might take longer. 

I don't work in an area that would keep track of ROI. I can't say we have been following that.

We pay for an annual license.

If there are extra fees, it depends on what use cases you want to deploy. If you want to use simple vulnerability management and you want to extend it to application scanning, then pricing modules will be different.

I'd recommend the solution to others. 

I would rate the solution nine out of ten.

Tenable.io Vulnerability Management is used as a unified platform for vulnerability management.

Tenable.io Vulnerability Management could be improved with an increased number of dashboards and MSSP integration.

I've been working with Tenable.io Vulnerability Management for five years.

Tenable.io Vulnerability Management is stable.

Tenable.io Vulnerability Management is scalable.

Tenable doesn't provide support beyond documentation.

Neutral

The initial setup is straightforward so long as your infrastructure, components, and networks are in place. There are also a few teaching issues post-migration, like integration with third parties and SEO integrations.

Tenable.io Vulnerability Management gives a good ROI in the long run, though it would be better with a pay-as-you-go model.

Tenable.io Vulnerability Management's pricing solution model isn't great. Providing a pay-as-you-go option would be an improvement.

Tenable is a full-service product, but it still has a lot of improvements to make, so I'd recommend exploring other products before implementing it. I would give Tenable.io Vulnerability Management a rating of nine out of ten.

The tool's reports are bad. They're not very customizable or flexible. During audits, we often have to exclude things that aren't relevant to our organization, but we can't do that easily with the reports. They come in HTML or PDF format, and we can't compare current results with previous ones in Excel because we never receive reports in Excel.

I have been using the product for a year, and my organization has been using it for six to seven years. 

Tenable Vulnerability Management is stable. 

I rate the tool's scalability a seven out of ten. 

The solution's support is okay, but it could be more customer-friendly. The people providing support have knowledge, but they could improve customer interaction.

The tool's deployment can be challenging, especially for those unfamiliar with Kali Linux, as it operates on this platform. This might make the setup process difficult for users accustomed to other operating systems like Windows. It may take a couple of tries to get comfortable with the process. However, once you have set it up a few times, it becomes easier.

Sometimes, we use the tool for tasks like configuration and running scans. However, it's a bit difficult to use compared to Qualys. One issue we've noticed is that it takes up a lot of space, which customers often complain about. They promised more system coverage and updates, but it isn't happening.

I rate Tenable Vulnerability Management a seven out of ten. It might be challenging if you're used to working on Windows. However, it's a recommended tool for penetration testers because it's effective for that purpose.

We use it for audit and PT. 

The solution scans vulnerabilities in assets like workstations, network devices, desktops, or laptops. The product indicates vulnerabilities based on severity levels. There are high, critical, medium, low, and informational levels of severity.

The product can scan assets and web applications. It provides remediation for each vulnerability it scans. We get to know the actions we have to take to remediate the vulnerabilities. The solution is very simple to use. It also has cloud scanners. We can integrate Tenable and Nessus Scanner. It is easier to use.

The solution must provide penetration testing.

I have been using the solution since 2022.

The tool is very stable.

The tool is scalable.

We don't have many issues.

Positive

The initial setup is very easy.

The tool is easy to use and deploy. It's easy for customers to go through the documentation, see how it works, and scan their assets. Everything is straightforward, including the creation of users and enabling 2FA. Overall, I rate the tool a nine out of ten.