Tenable Vulnerability Management Reviews

I am a consultant and I advise my clients from a security standpoint. My goal is to get them to maximize value from Tenable.io. I am also a user of it. 

The most valuable feature for me is container scanning because I am interested in CICD security. The standard infrastructure scanning is pretty robust, which is why I was focusing on containers.

We had some challenges with the implementation because of Docker Version 2, although with help from the support team, we were able to proceed.

It would be helpful if Tenable could be more clear with regard to everything the solution can and cannot do with the particular license that you have. The information is not available on the web site and they should be more upfront about it.

I have been using Tenable.io for between six and eight months. My company had acquired it before I joined, although it was not being utilized properly.

I have never encountered any issues relating to stability. I have never seen a scan crash, and we've been able to configure multiple scans to run concurrently. Everything appears to run smoothly.

Other than running multiple scans concurrently, we have not looked at scalability. However, I have no doubt that we will be able to get support in order to meet our expectations.

The support team is very good and we are quite happy with them. When we had the trouble with Docker Version 2, they responded and were able to help us troubleshoot, and then guide us to the resolution. It now works the way we wanted it to.

I have worked with the open-source solution OpenVAS, as well as with Rapid7 and Qualys. I can see that Tenable.io is going to be one of the big players because they are doing very well in this space.

I think that the price is reasonable for now, although given that everybody is looking to cut costs, I think that they should take measures to lower it. There are additional features that can be licensed for an additional cost.

My advice for anybody who is implementing this product is to have all of the requirements documented and ready in advance. You match the solution to your requirements. Out of the box, we found that Tenable.io matched almost all of our requirements. The only clarification that we needed had to do with the Tenable.io Web App license. 

We have a good understanding of how Tenable.io works with containers and infrastructure, but when it comes to deep driving into applications, databases, APIs, and toolkits that you have in your environment, you need a separate license for that. This is what the Web Application license is.

In order to enjoy the maximum value, you need to have the appropriate licensing.

Overall, I am quite happy with Tenable.io.

I would rate this solution a nine out of ten.

The solution is used for the vulnerability assessment of the network infrastructure.

The solution finds vulnerabilities, anomalies, and threats. Tenable has basic and ad hoc scanning features. The tool schedules scans for continuous monitoring. The main advantage of the solution is that it assesses the vulnerabilities and provides a CVE score. Reporting is very easy. The management dashboard is very easy. The tool has an easy-to-use interface. It is easy to implement the product.

The product is a bit expensive.

I have been using the solution for 7 years.

The solution is stable.

The solution is scalable up to a certain point. I rate the scalability a seven to eight out of ten. Our customers are medium to large businesses.

The support is very good.

Positive

The configuration is easy. My engineers can work on it seamlessly. The deployment of the basic solution does not take more than four to eight hours. We need one or two persons to deploy and maintain the product. There are no other challenges if we have the network and can access the IPs.

The product impacts our client's operational cost related to vulnerability management in a good way. It automates a few things and saves the engineers' costs.

I rate the pricing a seven out of ten.

We are resellers. The solution is easy to implement. It has an easy-to-use interface, enabling organizations to go faster to market. Overall, I rate the product a nine out of ten.

We use Tenable.io Vulnerability Management for our organization's endpoint and server vulnerability management.

The best feature of the solution is the amount of visibility it provides of the vulnerabilities.

Improvements should be made to the solution to make it easy to use. It's not a user-friendly tool since it has a complicated interface. The solution needs to have a more user-friendly interface.

I have been using Tenable.io Vulnerability Management for three years. I am using the solution's latest version.

It is a stable solution. Tenable.io is the leader in the market, having a very good database of vulnerabilities.

The solution's stability is good. From my experience, the solution's stability is good compared to its competitors.

It is a scalable solution.

In my company, more than 5,000 people use the solution.

The solution is extensively used in my company.

The technical support is not good.

The setup phase was good.

The setup phase could be completed in less than five minutes.

The deployment process was carried out through an automated process and wasn't done manually. It was done with the help of Intune.

Based on our requirements and business, we need around three to five people to deploy and maintain the solution.

No consultants were involved in the setup phase since we chose to manage the installation part directly.

Considering our scenario, the solution is worth it.

A yearly payment has to be made toward the solution's licensing costs.

Compared to other solutions, Tenable.io is expensive.

If technical support for the solution is not considered, I recommend it to those planning to use it.

Overall, I rate the solution a six out of ten.

We use Tenable.io for vulnerability scanning.

I like the Cloud Scanning feature the most.

They can improve in the area of role management and compliance reporting.

They should include better customization of the dashboard and integration tools.

We have been partners with Tenable.io for four years.

It is pretty stable. I would rate it nine or maybe ten out of ten. I didn't realize that the solution will be dropped in availability.

It is a scalable solution. I would like to rate it a six out of ten.

Many times, I get some answers that are not suitable information for my query. Thus, I need to escalate our vendors and our contacts internally. When some task is escalated and some security engineer supports them, it becomes quite helpful. After all, we are a part of it. I am working with Tenable.io. So in general when I have some problems, it is a pretty big problem for me. And I need someone else for support. It is not a general problem that some customers can figure out.

Neutral

Two years ago, I was training for Rapid7. Since then, I have had no time to implement another solution. So we are just implementing Tenable.io right now. Also, we have some big Tenable.io projects. So, we are just working around Tenable.io. But I have some expectations to work in the future with another vendor for vulnerability management.

I don't have any comparative options from another vendor. I just work at the retail level. I know it has a pretty high cost for some features. It's a security vendor, and the security solutions are pretty high-priced. I think Tenable.io is available at the mid-range of prices, maybe the mid-high range.

I work with Tenable.io and implement this solution for many customers. I would rate it eight out of ten.

The solution needs either two engineers or one security specialist to maintain it.

Our primary use case for the solution is managing organizations with assets. Our on-premises assets are in the private or public cloud so the customer doesn't need to have the server installed and deployed but can touch and go once the license has a provision. The user can use it right away. 

By making different resources available for sharing among users and groups, Tenable.io provides endless possibilities for creating customized workflows for vulnerability management programs, regardless of any of the numerous regulatory or compliance drivers that demand keeping your business secure.

With Tenable.io, we can schedule scans, push policies, view scan findings, and control multiple Nessus scanners from the cloud. This enables the deployment of Nessus scanners throughout networks to both public and private clouds as well as multiple physical locations

There is no burden to update or upgrade the solution manually, so it's always up to date. 

The price could be lower, and the grouping of platforms on the dashboard can be included in the next release of the product.

We have been using the solution for approximately four years.

The solution is stable.

The solution is scalable because if you want to extend the license, you can do it over a call every quarter. Additionally, the scaling does not require infrastructure requirements or additional infrastructure because all are hosted in the Tenable.io Vulnerability Management cloud. 

The initial setup is straightforward. However, once the account is provisioned for a user, Its just the data collector to set up Scanner/Agents, and it takes approximately two hours to set everything up.

It costs approximately $2,300 yearly.

We chose this solution because it has a great reporting feature and provides the most CVE coverage and VPR. Additionally, the solution has been in the industry for a long time and performs well.

I rate the solution an eight out of ten. The solution is good, but the price could be lower, and the grouping of platforms on the dashboard can be included in the product's next release. I advise new users to know the infrastructure system and networking. Additionally, there are videos and documentation that will assist them in getting set up to use the product right away.

It is useful for scanning the whole environment to check for any vulnerabilities. We can then start deploying or closing these vulnerabilities by applying the Windows or other product patches. In the end, we have an environment with no vulnerabilities, and we increase our security posture and security levels. 

It is very stable, and it is updated periodically by adding new vulnerabilities. It can discover much quickly as compared to other vendors.

Its management console and portal make it easy to use and effective. 

It can have more integration.

I have been using this solution for three months.

It is very stable.

It is scalable.

I haven't installed it on a customer's site. I just installed it in my lab in order to get familiar with the product, and that's it. It was just for testing.

It was a straightforward installation. Because it was done in my lab environment, it didn't take that much time. It took around three to four hours.

I did it myself.

I would recommend this solution at this time, but after installing it for more customers, my answer might change in the future.

I would rate this solution a seven out of 10.

Primarily we're a partner of Tenable and what we've done is we've essentially created a middleware. We created a middleware on top of Tenable.io engine, the API, and the middleware was developed back in 2003. It has gone through about three different iterations since then. 

Essentially, we simplify their user interface. It's been designed so that the managed service providers, the MSPs, are able to use the Tenable system with our interface on top. In a sense, what we've done is dramatically dummied down the Tenable interface through the use of our own GUI. We connect to the Tenable API in the backend, however, they're doing the heavy lifting, so to speak, and we're just presenting the information in a much more logical, easily understood manner. 

The API is pretty good.

The solution works well for enterprise-level organizations.

They're a standup product. They really are. They're one of the first in the industry which means they're a quite well-established site. It's pretty hard to improve upon. 

The initial setup is pretty straightforward.

They are on a good trajectory as a company and investing in R&D in the right ways.

The stability is excellent. 

The scalability is pretty good.

The solution seems to focus too much on enterprises, and they really need a product that works for SMBs. The enterprise product is too expensive for smaller companies, however, they really are looking for a product like this in the market.

It's too technologically advanced for SMBs - Tenable is kind of a little bit like flying a 747. There's a lot of bells and whistles and switches and things like that, that quite frankly are not used or not understood largely by the average user. If they don't begin to cater to smaller organizations, they'll likely lose market share.

They could use a better user interface that could be developed a lot better than it is. It really could be more intuitive.

I've used Tenable for 20 years or so. 18 to be exact. It's been a good amount of time. I have a lot of experience with the company.

The stability is excellent. There are no bugs or glitches. It doesn't crash or freeze. It's one of the reasons we chose it. It's reliable and the performance is excellent.

Aside from their licensing, which needs some serious reworking, when you get the licensing in order the scaling is not that bad. It's pretty much on-par in terms of what others are doing. However, getting the provisioning of the licensing and all of that stuff through their partners, namely Ingram Micro, is nothing short of pulling teeth really. 

I've never used technical support in the past. I've never had a need to. Therefore, I wouldn't be able to assess them. I can't say how knowledgeable or responsive they are.

We've only been with Nessus. Nessus Professional came out way back in the day, in 2002, 2003, there was WebInspect which was then, bought by IBM. We used WebInspect which was another iteration of vulnerability scanning. It's kind of like Burp Suite, which is commonly used now. That was our only other experience. That was very far back, it's almost another lifetime.

The initial setup is pretty straightforward. We've got staff members that are certified for decades, two decades or more, and they know their way around quite easily. It's quite easy in that regard to set up.

In terms of the pricing side, I would say that they've lost a little touch on the pricing. It seems that the enterprise companies are the ones that primarily use Tenable for DIY security. However, the needs are much greater adoption in terms of the SMB space. These companies are screaming for attention. They've gotten interest from the hackers as hackers seem to be quite focused on the SMB space - which means they need protection. Most of the VA companies that are out there are servicing the enterprise and they all need the help. They've got the budget, they've got the resources, they have the CISSP certified guys on the bench taking care of their needs.

In terms of the volume of users interacting with the solution, you're looking at tens of thousands. As a service provider, we use the solution for companies of all sizes.

We're a partner for Tenable Nessus.

The Tenable.io is what we're using currently. It suits our needs best due to the fact that it's in the cloud. The API is okay. It's not wonderful. Seems to serve a purpose.

The biggest problem with the solution is that if you're a small company, you're not going to be able to afford it, nor are you going to be able to manage it.

I would recommend other organizations use the product. People probably don't consider the amount of, let's say, understanding or comprehension that they need of their own network to truly be able to deploy and manage and get the results they're looking for, however. Many often underestimate all their skillsets. Tenable has a number of features and functionalities and it can be a little confusing for, let's say, a non-security savvy person. It could be a little bit of a challenge, to be honest. I'd suggest any company that considers it also does their homework first.

I'd rate the solution at a seven out of ten. It gets the job done. It really is smooth to operate once it's set up. It is for the most part pretty easy to set and forget.

We primarily use the solution for on-premises monitoring. We use it to monitor the servers in our organization.

For most of the updates, Windows updates, et cetera, the service will let us know when we shouldn't apply an update due to the fact that there's some missing code, for example. It gives us great insights into security risks.

The vulnerability scanning has been great as it's helped us to define some issues around the updates of some things, and some items surrounding services we need to take care of.

The initial setup is very straightforward.

The solution has been very stable and quite scalable.

The dashboard and the main panel could be better. It's lacking right now. Sometimes it's hard to find what you need in the menus. There needs to be better dashboard navigation.

There needs to be more curation of core knowledge.

The documentation was hard to find. It's not all in one place. It's kind-of all over. You have to work to seek it out.

I can't recall any features that are lacking. I can't think of any additions we'd like to see in the next release.

I've been using the solution for six months at this point. This has occurred within the last year. It hasn't been that long.

The stability is very good. I haven't had any issues with it. There are no bugs or glitches. It doesn't crash or freeze.

The scalability of the solution is very good. If a company needs to expand it out, it can do so with relative ease.

We have a few network engineers that work with the solution directly.

I can't speak to any plans in terms of increasing usage. it's not something that we've discussed.

I've never directly dealt with technical support. I can't speak to how knowledgeable or responsive they are. 

I've read a lot of documentation and whitepapers on the product. However, they were not concentrated in one place. I had issues teaching down details about the product.

We did previously use a different solution, however, we've found Tenable to be much better.

The initial setup is quite straightforward. It's not complex. It was very easy to create an account

The deployment itself only took one day. It was quite fast.

We have four people on staff that are knowledgeable enough to handle deployment and maintenance.

We handled everything ourselves. it was all online and very simple. We didn't need the assistance of a consultant or reseller. 

I don't handle the licensing aspects of the solution. I'm not aware of the costs involved.

We potentially looked at Qualys and Rapid7 before ultimately choosing Tenable.

I cannot control the main difference.

We're a partner.

I'm not sure which version of the solution we're using.

I'd recommend the solution to other companies.

I'd rate the solution at an eight out of ten overall. We're mostly very happy with its capabilities.