What is our primary use case?
We use Tenable Security Center for vulnerability assessment purposes within our security infrastructure. The solution helps identify management-related issues and automatically forwards the ticket to our stakeholders, as well as an auto-alert mechanism. Additionally, we have integrated it with our SI solution.
The primary use case involves automated scheduled scans. We have established an asset inventory, and there is a scheduled quarterly automated scan. This process sends the results, thereby reducing manual tasks. The more automation we implement, the fewer errors occur, resulting in a faster and more efficient process.
We also use it for continuous network monitoring. We scan network devices such as Cisco routers, load balancers, and WAN devices. If any suspicious network activity arises, the system saves the results.
Our organization also uses Power BI. There are a lot of scripts that are already integrated to check compliance within the organization. We aim for at least 75% of the benchmark. Tenable's solution assists in representing the level of compliance achieved, whether it be 70%, 80%, 90%, or 95%. We have installed agents on various server types, and adding them to the scan does not require manual credential entry each time. The solution provides comprehensive results on the dashboard for each service by simply clicking on the play button.
What is most valuable?
The most important features are the dashboard and reporting. The dashboard provides statistics with graphs and bar charts for our management. We can be amazed at how much compliance and patch management are followed; everything can be represented in a single interface.
The solution is connected to our network. We can easily track it with the Tenable Security Center. Without the solution, it's very difficult to track whether or not a new asset is added.
The solution’s configuration is vast. There are so many configurations leading to confusion. It varies from organization to organization based on the Center and new compliance. Suppose some organizations follow the ISO Center. If your organization is a financial organization, it may follow PCS standards. If your organization is healthy enough, it may follow HIPAA standards. You can configure it according to the organization’s compliance. Hence, it's very flexible.
What needs improvement?
Additional costs are associated with using the solution, as additional scanners are required for different endpoints connected to the Tenable Security Center. If Tenable Security Center could extract information from these scanners automatically rather than manually, it would enhance user-friendliness for customers.
For example, suppose I manually conducted CIS hardening or compliance scoring in a separate data centre. These scores should also be reflected in the Tenable Security Center dashboard. Since the scanner is connected to the Tenable Security Center, the dashboard should display the direct scan results from the general security centre and the connected scanners.
There could be unusual activities or attacks with the rising AI-related issues or threats that the Tenable Security Center could track in the future.
For how long have I used the solution?
I have been using the Tenable Security Center for 4.5 years.
What do I think about the stability of the solution?
The product is very stable.
I rate the solution’s stability a ten out of ten.
What do I think about the scalability of the solution?
The solution’s scalability is good. If you have a license, it's very scalable.
Only two users are good enough for the solution.
I rate the solution’s scalability a nine out of ten.
How are customer service and support?
There were no delays from customer support. They usually give instant responses for both online and local support.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Tenable is the most user-friendly solution in the market among the other competitors. I also use Qualys and Rapid7 in separate organizations.
How was the initial setup?
The initial setup took very little time to deploy and more time for asset management. The selection of the assets depends on your organization. Considering the installation and normal scan, it took less than a day to deploy.
I rate the initial setup a nine out of ten, where one is complex and ten is easy.
What's my experience with pricing, setup cost, and licensing?
The solution’s pricing is reasonable but depends on the country's foreign reserves. You have to buy it at the price of USD. Hence, it depends on your country's currency rate.
What other advice do I have?
It is very difficult to manage internal servers from the server team. You should go for the cloud if you want to manage any extra hardware or VM.
We were able to integrate with other security solutions, like SIEM, and activate monitoring. There were no challenges in integrating it. However, it doesn't support all types of SIEMs except major SIEMs like IBM QRadar and Splunk.
I recommend first configuring your alert monitoring system and doing the configuration with the advice of OEM support staff. It's very easy to use. If you want to compare it with other solutions, you can use the beta version or demo version, and you will be confident and strong and use it happily and without any pain.
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.