We performed a comparison between Cloudflare and Tenable.sc based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Tenable.sc is best for those who need advanced scanning and vulnerability detection with a focus on compliance, while Cloudflare is ideal for those in need of good load balancing, DDoS protection, and a user-friendly GUI, with an emphasis on application monitoring. Tenable.sc needs to work on their penetration testing, pricing, ticketing systems, and user interface. In contrast, Cloudflare needs to focus on better reporting, support response time, traffic routing, and dashboards.
Service and Support: Tenable.sc is praised for their excellent customer support and responsiveness. On the other hand, Cloudflare's customer service has received mixed reviews, with some users experiencing poor response times and difficulty resolving issues.
Ease of Deployment: Tenable.sc and Cloudflare both have easy and straightforward initial setup processes. Tenable.sc's cloud version is especially easy, while Cloudflare provides step-by-step instructions. However, some companies may need more equipment and time to deploy Cloudflare.
Pricing: Tenable.sc's pricing is based on the number of IP addresses to be scanned, while Cloudflare's pricing is generally considered expensive but offers unlimited bandwidth. Some users suggest a custom pricing model for enterprise customers based on usage for Cloudflare, while overall it is considered cost-effective.
ROI: Tenable.sc provides cost savings by reducing the need for manpower and ensures a favorable return on investment. On the other hand, Cloudflare is geared towards preventing downtime and minimizing losses that could amount to millions of dollars.
Comparison Results: Tenable.sc is the preferred option over Cloudflare for vulnerability management and compliance scanning, according to user reviews. Tenable.sc offers advanced scanning capabilities, accurate vulnerability detection, and prioritization, as well as a risk-based approach and asset discovery. Cloudflare, on the other hand, excels in load balancing and DDoS protection but lacks the same level of vulnerability management features as Tenable.sc.
"The security baseline and vulnerability assessments is the valuable feature."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"The first thing that stood out was the ease of installation and the quick value we got out of the solution."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"The solution is very user-friendly."
"The UI is good."
"The most valuable feature is the web application firewall."
"We're using dynamic components to build flexible pages to create and manage Git merge requests for code and reviews."
"From what I've seen so far, there are no negatives to report as of yet"
"The most valuable feature of Cloudflare is that it has a free version. They give us the free version with the anti-DDoS features and also the load balancing solution."
"Generally, I am satisfied with this product."
"DDoS attacks target unprotected machines. Cloudflare detects and stops these attacks using internal systems. It identifies incoming DDoS attacks, issuing challenges or blocking them immediately."
"The web application firewall brought us good security and a view of the accesses/blocks of the entire domain and subdomain that were accessed both by region (country) and IPs."
"What is useful to me is being able to fulfill very customized scanning policies. In the clinical environment, because of vendor control, we can't perform credential-vulnerability scanning. And network scans, which I've done before, can cause a lot of impact. Being able to create very customized policies to be able to routinely scan and audit our clinical networks, while simultaneously not causing impact, is important to us."
"Tenable SC is good for reporting and alerting. The filtering feature is also very valuable. Its integration with multiple vendors is quite good. It can be integrated with SIEM solutions and PAM solutions such as Thycotic, which is very helpful."
"Tenable.sc's best features are the availability model, accident management, and scoring."
"The predictive prioritization features are pretty good. They do a lot of research and we trust the research that they do internally. They have knowledge of what's going on with many companies, where we only get a view into what's going on here. So the ability to get best practices out of them as part of this solution, is valuable to us."
"One of the most valuable features is their distributed scan model for allotting engines to work together as a pool and handle multiple scans at once, across multiple environments. Automatic scanning distribution is a distinguishing feature of their toolset."
"The solution is very intuitive and the dashboards are simple to use."
"The tool provides us insight into the happens of the network and its hosts. It provides me with a list of hosts."
"The tool gives us fewer false positives. Compared to its competitors, the solution’s reports are more accurate."
"The remediation workflow within the Wiz could be improved."
"Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
"The only thing that needs to be improved is the number of scans per day."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
"We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"The solution could work at being less expensive. It costs a lot to use it."
"The product support needs to be accessible from more places, a wider area of coverage."
"The product needs to improve its automation."
"Cloudflare does not have an on-premise solution. If they had different approaches they could be better suited to accommodate more customers, such as on-premise and hybrid deployments. For example, hybrid deployments would be useful where you could move the traffic from the enterprise to the cloud."
"In the last two years, there has been a certain amount of downtime when using the VDM."
"It should be easier to collect the logs with companies like Sumo. However, based on my discussions with the salespeople, I understand that's how they make their money. With the enterprise product, they want people doing those kinds of enterprise features to do the logging. They want them to pay a lot of money, and that's where I have an issue with them. That should be a default. You should be able to get the log no matter what. The logging should be universal."
"The solution could use more analytics on the backend to give us more insights into everything. More reports would be helpful."
"One area of improvement is in the Access Rules. Hypothetically, if we wanted to block or challenge traffic outside of the United States, the only way to currently do that (as far as I know) is to enter every single country outside of the United States. That could be a labor intensive job. A solution could be to enable users to create a rule where traffic is only allowed within a certain country."
"The product could be user-friendly, and they could enhance the web application's security features."
"The GUI could be improved to have all concerns and priorities use the same GUI, allowing them to see all tickets, assign vulnerabilities, and assign variation failures to each member of their team."
"Tenable SC could improve by making the creation of the initial reports easier that correspond to our network."
"The solution needs to improve its support. I would like to see a bird's eye view of my network architecture. I would also like to see the continuous view feature in the tool."
"The solution should provide better web application features and support."
"The pricing is reasonable, but this could be brought down more aggressively, such as we see with Rapid7, Tenable SC's main competitor."
"The solution's user interface has some issues."
"The solution should include compliance-based scanning."
Cloudflare is ranked 11th in Cloud Security Posture Management (CSPM) with 56 reviews while Tenable Security Center is ranked 10th in Cloud Security Posture Management (CSPM) with 48 reviews. Cloudflare is rated 8.4, while Tenable Security Center is rated 8.2. The top reviewer of Cloudflare writes "It's easy to set up because you point the DNS to it, and it's working in under 15 minutes". On the other hand, the top reviewer of Tenable Security Center writes "A security solution for vulnerability assessment with automated scans". Cloudflare is most compared with Akamai, Azure Front Door, Imperva DDoS, AWS Shield and Microsoft Azure Application Gateway, whereas Tenable Security Center is most compared with Tenable Vulnerability Management, Qualys VMDR, Tenable Nessus, Rapid7 InsightVM and Forescout Platform. See our Cloudflare vs. Tenable Security Center report.
See our list of best Cloud Security Posture Management (CSPM) vendors.
We monitor all Cloud Security Posture Management (CSPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
