Tenable Vulnerability Management Reviews

We usually use Tenable Vulnerability Management for vulnerability scannings, and we get the reports from Tenable to resolve any vulnerability. We have about 2,000 plus servers where we have installed the agent on those servers to check and scan the vulnerabilities. That is the main key aspect of what we use Tenable Vulnerability Management for.

Regarding the continuous monitoring feature of Tenable Vulnerability Management, it is not exactly continuous monitoring we get from Tenable. It is used only on the market, where we scan it. We have a scheduled scan for all the servers, so we are not using it for any monitoring at present.

Tenable's advanced analytics and reporting features give very detailed reports where we get most of the information about vulnerabilities. That is one plus point. For example, with 2,000 servers, when we want to calculate the percentage of vulnerabilities that have appeared, it gives us very useful insights. While analyzing, it is one of the greatest tools because the results it produces as outputs scan the networks and each device in an organization.

We have purchased Tenable Vulnerability Management via AWS Marketplace.

Tenable Vulnerability Management agents are very lightweight, and the results we get are very accurate. The solutions they provide to us, assuming if one vulnerability exists, there will be a solution. The resolution they give us in wording will be the best solution. The exploit rates and the reports we get provide a lot of information, making it very easy for us to verify.

The main benefit of integration with Tenable Vulnerability Management is that there will be no lack of missing vulnerabilities when it comes to the patching environment. That is one of the key aspects of why we have integrated Tenable to our patching tools. It has a vast capacity of pushing the data to our tools due to its capability and compatibility. That is also one of the reasons why we are using Tenable Vulnerability Management.

Tenable Vulnerability Management is not very effective for real-time risk prioritization for our organization's security strategy. It is only used for scheduled tasks, not for real-time execution.

While the agents are very lightweight, when it comes to real-time analysis, there will be significant lagging on the servers and too much traffic on the network. When any server detects vulnerability while scanning, the reports take time to analyze by itself. That is one of the drawbacks of Tenable Vulnerability Management.

We have been using Tenable Vulnerability Management for the past eight years.

The stability of Tenable Vulnerability Management is highly reliable. Having used Tenable for the past seven to eight years, I have never experienced any glitches or bugs affecting our environment. I can guarantee it is highly stable.

Tenable Vulnerability Management is highly scalable. Mid and larger enterprises can definitely move on to Tenable Vulnerability Management.

Scalability is very important for us because of the lightweight agents. That is the main key feature where for installing, they have many options for scaling to multiple servers. If we need to install it on 500 machines tomorrow, we can push it in different ways. It is highly scalable and very user-friendly when it comes to scalability.

Communication with Tenable Vulnerability Management support occurs on average two to three times monthly because our environment is very small.

The technical support of Tenable Vulnerability Management is available 24/7, and whenever we require support, we can get it within five minutes. Regarding technicality, they deserve a nine out of ten. They are highly technical people. I have communicated with more than 20 to 25 technical engineers. They take every question seriously and help us resolve issues. They have a very strong technical team to support customers.

Positive

Before Tenable Vulnerability Management, we used Qualys initially. We moved to Tenable due to pricing considerations. The customer requirement was to reduce the cost. When compared to Qualys, it was much more cost-effective.

I did not participate in the initial setup of Tenable Vulnerability Management as it was already set up and ready to work on.

We have SCCM integrated with Tenable Vulnerability Management to patch the servers, and it has also been integrated with BigFix where we scan the results from Tenable and push the data to these tools. For endpoints, we use SCCM, and for servers, we use BigFix. It has been integrated into these two particular patching tools where it analyzes and pushes the patches.

For evaluating the effectiveness of Tenable Vulnerability Management in our IT environment, we have our own ratings with integrated multiple metrics that automatically calculate. It has been integrated into our ServiceNow. Based on that, all the overall metrics are automatically calculated based on AI and ML technology, where we get complete reports.

We have not validated other options before choosing Tenable Vulnerability Management. We have already worked with multiple tools, and the customer was very interested in Tenable Vulnerability Management specifically.

We use Tenable Vulnerability Management and are currently using its latest version.

I rate Tenable Vulnerability Management nine out of ten based on my experience. This rating is due to its stability and high scalability. The best part is the solutions they provide for any vulnerability.

Public Cloud

Amazon Web Services (AWS)

I think we use Tenable Vulnerability Management primarily for our internal use. We are not a reseller; we are a customer.

We have a set of IPs across the globe, and we conduct this scan once a quarter of all the IPs combined. This scanner has updated information with respect to vulnerabilities that exist in the open. We perform vulnerability scans of all the IPs in order to ensure that no vulnerability exists in our environment, infrastructure, or network. We run vulnerability scans which are automated in nature and scheduled over the weekend to make sure that all the IPs are up to date. Once in a quarter, all IPs are scanned and a vulnerability report is generated. This report tells us whether there are low, medium, or high critical vulnerabilities that exist. We have a remediation plan for the high, medium, and low vulnerabilities in terms of the amount of time that we should be taking in order to patch these vulnerabilities. This tool keeps our information security posture high. We also carry out aging analysis because there are some vulnerabilities that cannot be patched due to dependencies. We actively carry out aging analysis in order to see if there are some vulnerabilities that are still in the system for more than one month or two months, and what the reason is. We actively work with all of the business teams and the IT setup within our system is quite regimented in order to run the scans once in a quarter for all the IPs.

I think their automated vulnerability scan and the scanning engine of Tenable Vulnerability Management are valuable. There are agents that you can deploy, and you can run the scans on those IPs on an automated basis. The automated scanning feature is probably the most important. They also have a good remediation workflow which can be integrated with your own internal workflow. You can do automated tracking of closure of the vulnerabilities. The ease of use, the automated scanning facility, and their good support mechanism are all valuable. If you were to get stuck somewhere, they can readily make their customer service or technical teams available to take care of our needs. Automated vulnerability scanning is the feature which makes life a little easier.

I don't think that there is any very specific area where enhancements need to happen in Tenable Vulnerability Management's feature sets. The only area which possibly is not a part of the feature, but Tenable can look at, is to make their pricing more competitive.

I have been using Tenable Vulnerability Management for more than five years.

I would give Tenable Vulnerability Management a nine out of ten for stability because the downtime has been next to minimal. We have not faced any kind of outages in terms of services. Reliability is absolutely high.

Positive

I think the scalability level of Tenable Vulnerability Management is fairly good. I don't think we have really found that wanting. I would give that an eight out of ten. We have not faced any problems so far.

With the growing needs of our company, Tenable Vulnerability Management is able to safely adapt.

Positive

We had used Tenable's expert support services in order to make sure that we run Tenable Vulnerability Management on a continuous basis and are able to utilize their services. At the time of the implementation, we had taken the help of Tenable's expert support to be able to help us use this feature at the outset.

Positive

We have used QualysGuard before using Tenable Vulnerability Management.

We decided to switch from QualysGuard to something else because these were two different companies. This was the previous company where I had exposure to QualysGuard. We have never made any change from Tenable in the current company.

When I started working at my current company, Tenable Vulnerability Management was already there.

I was involved in the decision, but we have chosen Tenable and we continue using Tenable Vulnerability Management in the current company. I was a part of the purchase process.

I would not say very expensive for Tenable Vulnerability Management; it is not prohibitive, but at the same time, there are some other tools in the marketplace which are offering the same kind of services that Tenable offers, the same kind of features that Tenable has offered at a lesser cost.

I use Tenable Vulnerability Management, and that is the tool that I have primary experience with.

Apart from zero-day vulnerability, which obviously none of the tools would know about, I think the scanning engine of Nessus, part of Tenable Vulnerability Management, is quite up-to-date. It provides details on how the remediation should take place and provides detailed steps on how the remediation can be undertaken, which is quite helpful for the various application teams in order to understand. Their platform is something which is quite up-to-date. It appears that in the back-end they have the right set of threat intelligence feeds that come in from all different sources. I would assume that their AI engine and also their database is quite updated. From the perspective of being up to date, we feel very comfortable because we do rely on and trust their AI engine which their scanning facility is powered with.

The importance of real-time risk prioritization for our organization's security strategy is very high. These are the times where you cannot really go loose at all. Remediation becomes prioritized for all organizations. It is extremely important that at least the highly critical vulnerabilities are patched within 24 to 48 hours because they are high targets and valuable targets for adversaries. Therefore, risk prioritization is probably extremely important for organizations to keep these in the highest priority of any activity.

We have not yet integrated Tenable Vulnerability Management as much. We are using Tenable on a standalone basis. We have not yet done an integration with any GRC tool or any other tool. As of now, we are using Tenable as an independent tool.

Tenable Vulnerability Management is deployed on-cloud in our organization, and we are using Amazon Web Services as our cloud provider.

I would give Tenable Vulnerability Management a nine out of ten rating. This is not a matter of concern because, apart from the costing part, which was pretty much okay when we signed up, over a period of time they have been increasing their license fee. That is the only point which I believe that they could possibly look at working upon. Otherwise, it is a nine out of ten for sure. My overall review rating for Tenable Vulnerability Management is eight out of ten.

Public Cloud

Amazon Web Services (AWS)

I use Tenable Vulnerability Management to scan the network, including servers and endpoints, to identify risks in our environment and provide mitigation and solutions. I also use it to assess our security posture through asset discovery and risk identification.

Tenable is user-friendly and excels in reporting. It allows me to easily fetch and schedule reports. The software's discovery feature aids in strengthening our security posture. The single-sensor installation process on various operating systems is smooth, unlike Rapid7, which requires different versions for separate systems. Furthermore, Tenable enables vulnerability management through potential AI integration that consolidates efforts and resolves multiple vulnerabilities simultaneously.

AI integration for reporting in Tenable would be beneficial. The response time of Tenable's customer support needs improvement. They should also accelerate the process of implementing new features upon request.

I have used Tenable Vulnerability Management for almost six to eight years.

I have faced no stability issues with Tenable. In comparison, Rapid7 encountered challenges with data transfer to the cloud, requiring us to compress packets to manage network hiccups.

Both Tenable and Rapid7 are cloud-based solutions, which ensures excellent scalability. They can seamlessly scale the number of endpoints from 100 to 1,000,000 in a day.

Technical support from Tenable is rated six out of ten. It needs improvement in response time and addressing feature requests promptly. Other services like Rapid7 are more responsive.

Neutral

I used Rapid7, which is less expensive than Tenable. My preference now aligns with Tenable due to its superior user-friendliness and reporting capabilities, although some issues persist with installation complexity in various environments.

The setup experience for Tenable Vulnerability Management is rated nine out of ten, indicating that it is relatively easy.

Implementation involves coordination with internal network teams due to environmental complexities.

Tenable is costly, priced significantly higher than Rapid7. For instance, Tenable charges around $40 per device, while Rapid7 costs $10 to $15 per device.

I evaluated Rapid7 alongside Tenable. Although Tenable has a higher cost, its user-friendly interface and robust reporting made it a preferred choice.

I recommend Tenable Vulnerability Management for its comprehensive security capabilities and effective risk identification. However, potential users should be prepared for the higher expense compared to alternatives like Rapid7. 

My rating is eight out of ten, mainly due to the support aspect needing improvement.

Hybrid Cloud

Other

The main use case for using Tenable Vulnerability Management is understood.

The functions and features of the product that I find most useful in Tenable Vulnerability Management are noteworthy. I am satisfied with the analytics and reporting part of Tenable Vulnerability Management. Real-time risk prioritization in Tenable Vulnerability Management is useful for my security strategy. The main benefits that Tenable Vulnerability Management provides for me as an end user include saving time and money and streamlining processes.

In my opinion, I would like to see additional functions and improvements. Something related to AI would be a good addition.

I have been working with Tenable Vulnerability Management for three to four years.

My mark for stability for Tenable Vulnerability Management is eight.

My thoughts about scalability and the ability to scale and expand are important considerations.

Based on my experience, integrating Tenable Vulnerability Management with other tools is understood. My rating for customer service is three.

The initial setup for Tenable Vulnerability Management is fine.

In my opinion, the main competitor on the market for Tenable Vulnerability Management is worth comparing with.

I have purchased a license directly from Tenable, so I am working directly with Tenable and not through partners. My overall review rating for Tenable Vulnerability Management is eight.

Public Cloud

Amazon Web Services (AWS)

My experience is with Tenable Vulnerability Management, specifically regarding vulnerability management.

My particular use case for Tenable Vulnerability Management is vulnerability management, benchmark scanning, and I'm somewhat familiar with their product line, utilizing the CIS benchmarks and DISA STIG benchmarks.

Tenable Vulnerability Management is the backbone of our vulnerability management and has affected my organization positively.

The best features of Tenable Vulnerability Management are flexibility, breadth and scope, and the fact that their current vulnerabilities come out, and they have tests for them within a day or two.

Operationally, Tenable Vulnerability Management finds issues that would otherwise be missed, but I don't have an ROI.

The impact of Tenable's analytic capabilities shows that our other programs are working in our prioritization process.

I don't think I have any additional features to add for improvement, as Tenable Vulnerability Management does a pretty good job of what it does.

My pain points would have been on the internal side of lining assets up to owners, and that's not something that Tenable Vulnerability Management can help me with.

I have no suggestions for where they could do better.

I have one year of experience with Tenable Vulnerability Management.

Tenable Vulnerability Management is stable.

Tenable Vulnerability Management's scalability is fantastic.

I would evaluate Tenable Vulnerability Management's customer service and technical support as average.

I would rate them a seven on a scale from 1 to 10, with 10 being the best and 1 the worst.

Positive

I have not personally used a different vulnerability management solution.

The initial setup was pretty straightforward.

I made it my own, and the initial setup was done by Address Block, which I tied to elements in the CMDB.

I wasn't party to the comparison or purchasing, so I'm not completely sure.

I am unaware of the pricing, setup costs, or licensing details for Tenable Vulnerability Management.

I don't know why we switched to Tenable Vulnerability Management for vulnerability management, but my assumption is that it is the first solution they tried and we've been happy with it since.

I have used Tenable Vulnerability Management's reporting features to a lesser degree.

The metrics I track for decision-making include what systems need upgrading, what software needs replacing, and whether or not we can hold off on things, accept some risks, and get other risks resolved.

They have cloud scanners that are effectively point and click, and although I'm not sure if it's an extra licensing, we also have an on-prem scanner, which is a virtual appliance that I can download and put in place.

The data that we pull from Tenable Vulnerability Management is the data that we drive and use for decision-making, although we don't use that visibility extensively. I don't utilize the real-time visibility with Tenable Vulnerability Management.

On a scale of 1-10, I rate Tenable Vulnerability Management a 9.

On-premises

Other

We don't have a specific use case. My primary purpose for using Tenable is to conduct survivability tests, mainly to determine whether the system crashes, particularly when subjected to DOS attacks. I do not use it for more than that because, for other aspects, we have manual VAPT procedures in place.

Currently, I have only used Tenable for DOS attack-related purposes and thus, I am not fully acquainted with its other features. However, it provides survivability benefits. It helps me understand if the system is capable of withstanding certain levels of stress. Though it's not core technical security testing, it provides us with survivability insights.

I would suggest HP WebInspect as a better option than Tenable.io. My current client doesn't have access to it. However, from my experience, HPE WebInspect provides more extensive reports and detailed information about all findings. The count and type of findings are also more specific with HPE WebInspect. On the other hand, Tenable is not as deep or as comprehensive in covering vulnerability types. They could incorporate software composition analysis (SCA), which would be a beneficial addition. If they venture into the SaaS market, more thoughts can be shared. But currently, they are not.

I have used the solution for around one and a half years.

The stability is commendable, and I would rate Tenable ten out of ten. I have no concerns.

I do not have any contact with Tenable. I have been using it as a regular user.

Neutral

The setup process is quite simple.

It was set up by someone else, and I am not aware of who did it. I am just utilizing it.

I would recommend HP WebInspect, having used it for around two and a half years. It offers both cloud and standalone versions, both of which are fantastic. It is applicable for both legacy applications and the latest applications in the market. HP WebInspect features extensive libraries and recursive methods to traverse everything, which I find really impressive.

I would rate it four out of ten. For startups, freelancers, or companies between startup and midsize, Tenable is recommended. However, for midsize or enterprise-level companies, I would not prefer it. We use it because the client suggested it. Otherwise, my preferences might differ. The type of application matters, too. For new applications, such as those based on Node.js, Tenable could be a good option. However, for legacy technologies with complex databases, newer systems like Tenable are not recommended. If the budget allows, HP WebInspect is preferable. Budget considerations are as important as choosing the right technology. If limited by budget, Tenable is a viable option for new, growing companies, but not for enterprises. Overall, I rate the solution four out of ten.

Before, we built the assets on Tenable.sc and scanned them for asset discovery. Now, we are deploying Nessus Agent into all the machines. We have written the script, which is automatically deployed on the VM or the cloud. Previously, we could not identify the workstations that were offline for a certain period. With Nessus Agent, we don't have that problem. It increases our efficiency.

Nessus Agent is the best feature. When we scan the environment, the vulnerabilities are discovered. The integration of Tenable into our security ecosystem was very good. There were no complications. We integrated it with different tools like ServiceNow and SharePoint.

I'm not satisfied with the reporting structure. We cannot do much customization. We can do it in Tenable.sc. We need to maintain two different solutions. We need the on-premise tool for reporting purposes. We would like to have it all as a SaaS-based solution.

If we need to check for a zero-day vulnerability, we must run the scans manually to get the information. It is time-consuming. We need to do a traditional scan regularly to get zero-day information. It would be great if the zero-day vulnerabilities were published.

The reporting capabilities for compliance are bad. I can get the compliance reporting on certain cases, but it is not detailed. We do not have a clear understanding of the Cyber Exposure Score. I am unable to drill down and understand the Cyber Exposure Score.

I rate the tool’s stability an eight out of ten.

I rate the tool’s scalability a seven out of ten.

The customer service is good. The support team is very responsive.

Positive

Previously, we used Qualys for vulnerability scanning. However, we switched to Tenable because we felt that Tenable was the best solution for our organization’s requirements. We also use Tenable.sc, Tenable.io, and Tenable’s Cloud Security Posture Management.

The setup is not straightforward. We need to apply the filters. We can get the Cyber Exposure Score displayed on the document. However, we cannot get a deeper understanding of what makes the score high or low.

The product costs us around $137,000 annually for 4000 to 5000 assets.

We use a third-party tool to initiate scans. I don't know whether there is a way to monitor it in real-time. I will recommend the tool to others. Overall, I rate the product an eight out of ten.

We help clients with their overall cybersecurity assessment. Many start with free tools like Nessus, but eventually require more comprehensive solutions. We use Nessus and Tenable.io (formerly Nessus Professional) to scan environments and then convince clients of the value of a full Tenable.

Integrating Tenable into the workflow has improved our client's response times to critical vulnerabilities.

The notification system, including email and SMS alerts, is helpful. However, the actual response time depends on how closely clients monitor their Tenable systems. If they actively review alerts and notifications, it definitely helps their IT teams act quickly.

The risk prioritization is a good feature.  

Tenable lets you categorize vulnerabilities based on severity (zero-day, critical, high, medium, low) so clients can focus on patching the most urgent issues first.

I would rate Tenable's dashboards and reporting capabilities for illustrating security posture a nine out of ten, with ten being the best. 

Tenable already covers firewalls, web applications, and patch management very well.  

It's a fantastic product, but there are some things to consider. One is the price. Compared to on-prem solutions, the SaaS model can be expensive. 

Price is definitely a concern and needs improvement, especially for the Indian market. While it's a fantastic product, it should be more accessible to small and medium-sized businesses (SMBs). 

Currently, only larger enterprises seem to be able to afford and evaluate it thoroughly.

So, pricing can be improved and be more affordable for the Indian market, specifically for SMBs.

Another area of improvement is customer service and support. Tenable needs to include support in the pricing/license. Currently, they push clients to get support from partners or channel distributors, who often charge a lot. 

Even for a simple one-time setup, they may charge three to four lakhs, and then additional annual charges for ongoing support. We have the technical skills to handle basic tasks, but relying on Tenable itself often results in just receiving emails or being redirected back to channel partners.

So, support should be bundled with the product cost.

We've been using Tenable for a while now. 

I would rate the stability a seven out of ten. 

I would rate the scalability an eight out of ten. We work across all verticals, including enterprises and medium-sized businesses.  

Customer support is a challenge. Tenable charges extra for it, which means clients have to buy the license separately and then pay for additional support services like SQ. This creates significant friction.  

Negative

I would rate my experience with the initial setup a nine out of ten, with ten being very easy to set up.

We offer both deployment models, cloud as well as on-premises, but the cloud model hasn't been very successful. Because Cloud deployment is a SaaS model, which will likely be expensive.

There are cost concerns with SaaS.

Deployment is quick. 

The entire deployment took around one hour.

While I can't quantify specific cost savings, Tenable offers a valuable solution.  

I would rate the pricing a five out of ten. It is in the middle. 

We have many other products available. Tenable can be compared to SOGo vulnerability management, for example.

Tenable is an advanced solution. If you're looking for a high level of threat protection, it provides clear visibility and gives you insights into what needs to be done next. However, general vulnerability management, especially for small and medium-sized businesses (SMBs), SOGo might be a more suitable option.

SOGo offers flexible subscription models like monthly or yearly, and it caters to smaller user bases like 50 or 200 users. Tenable, on the other hand, recommends a minimum of 150 licenses, which might be overkill for smaller organizations.

Overall, I would rate the solution a seven out of ten. 

I use it to scan assets to evaluate vulnerabilities, define the risk, and create a resolution process for vulnerability management.

It has greatly impacted us by providing asset visibility, allowing us to know which assets have higher vulnerabilities and to calculate the risk for them. 

The return on investments is adequate since we need this vulnerability management, and without Tenable, visibility was not possible. It saved us time and improved our security.

The most useful feature in managing vulnerabilities is risk management.

It needs additional reporting and intelligence features, as well as enhancements in AI-driven detection, which is still in its early stages.

I have been working with Tenable Vulnerability Management for six years.

The technical support is fast and efficient, and I am satisfied with it. I would rate their support nine out of ten.

Positive

I worked with Qualys before Tenable. I find Tenable to be better due to its broader system coverage, better efficiency on discovery, and better capabilities of analysis.

If you have knowledge of networking and security, the initial setup is easy. If you don't, it can be difficult and you might make dangerous mistakes.

The return of investments is good enough as vulnerability management is crucial for us.

The pricing is expensive, and the cost depends on the number of assets. However, the cost is not the most important thing due to the value it provides.

I evaluated Qualys before using Tenable.

Small companies might find it difficult because of the knowledge required to drive vulnerability management successfully. If you lack that knowledge, you should contract the service.

I'd rate the solution eight out of ten.

Public Cloud

Other

We actually needed clarity on the vulnerabilities in our infrastructure. We used the solution to scan and make a report for us on what is vulnerable in our infrastructure and what is not, what we can improve and update, and what is good as it is.

It is a very, very user-friendly tool. To make some sense, you just need to put in your domain and click a button to scan and give you a piece of customized information about your infrastructure. It is very easy to use to schedule a scan, and it can consume a lot of CPU resources. So, you can schedule a scan between 1 AM to 3 AM, and it works very well for us.

I didn't work a lot with the solution. My experience was pretty smooth. I don't have any recommendations for improvement. Maybe it's because I don't use it a lot.

The only drawback of the solution is that it is expensive. The pricing should be kept lower.

I have experience with Tenable.io Vulnerability Management. I used it six months ago. I used it for two years. I am a customer of the solution.

It is a very stable product.

The setup is easy. Tenable.io Vulnerability Management is known for its ease of setup.

Tenable.io is not known for being a cheap product. You definitely can have another product that could be cheaper than Tenable.io. If you have a real concern with your budget, maybe another platform would be of interest to you.

You can find other tools that are way cheaper, with similarities to Tenable.io. I would say it may not be the same tool, but similar.

The solution's user interface was very good.

It's one of the best tools available for vulnerability management. I would definitely recommend the solution to those planning to use it.

I rate the overall solution a ten out of ten.