Tenable.sc OverviewUNIXBusinessApplication

Tenable.sc is the #2 ranked solution in top Vulnerability Management tools. PeerSpot users give Tenable.sc an average rating of 8.4 out of 10. Tenable.sc is most commonly compared to Tenable.io Vulnerability Management: Tenable.sc vs Tenable.io Vulnerability Management. Tenable.sc is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Tenable.sc Buyer's Guide

Download the Tenable.sc Buyer's Guide including reviews and more. Updated: November 2022

What is Tenable.sc?

Tenable.sc is a vulnerability management tool that provides complete visibility into the security posture of your distributed and complex IT infrastructure. The solution is designed to help you understand your risk and know which vulnerabilities and assets to prioritize first. It provides a risk-based view of your IT, security, and compliance posture so you can quickly identify and investigate issues. It provides visibility into your dynamic attack surface so you can manage and measure your cyber risk.

Tenable.sc Features

Tenable.sc has many valuable key features. Some of the most useful ones include:

  • On-prem and hybrid deployment options: The solution gives you the option to manage your data with on-prem or hybrid deployment options that align with your most complex deployment requirements, all while reducing risk for your organization.
  • Asset discovery: This feature enables you to discover and identify IT assets that hit your network, including servers, desktops, laptops, network devices, web apps, virtual machines, mobile, and cloud.
  • Streamlined compliance: Tenable.sc makes it easy for you to understand and report on compliance with pre-defined checks, metrics, and proactive alerts on violations for industry standards and regulatory mandates.
  • Pre-built integrations and a documented API and integrated SDK: The solution includes out-of-the-box integrations available for credentialed scanning, SIEM, SOAR, ticketing & patching systems. Additionally, you can easily create your own integrations by leveraging a fully documented API.

Tenable.sc Benefits

There are many benefits to implementing Tenable.sc. Some of the biggest advantages the solution offers include:

  • Continuous visibility: With this solution, you can continuously track known and discover unknown assets and their vulnerabilities, allowing you to identify threats and unexpected network changes before they turn into breaches.
  • Prioritize vulnerabilities: The solution makes it easy for you to combine asset and vulnerability data, threat intelligence, and data science for easy-to-understand risk scores.
  • Breadth and depth of coverage: You can discover new vulnerabilities and provide insights to help mature your organization’s vulnerability assessment practices.
  • Automate processes: With Tenable.sc, you can leverage a fully documented API and pre-built integrations so you can import third-party data, automate scans, and share data with your IT systems.

Reviews from Real Users

Tenable.sc is a solution that stands out when compared to many of its competitors. It offers a great set of features, including a very good UI, reporting and alerting, and helpful filtering. 

Oni R., Technical Consultant at iValueAsia, says, “In Tenable SecurityCenter, the risk-based approach for prioritizing vulnerability is something that is unique to any vulnerability management platform.” He also adds, “Tenable.sc provides a wide range of dashboards which makes it easy to grasp the vulnerability profile of the organization.”

Another reviewer, an Information Security Analyst at a retailer comments, “The UI, the user interface, is really, really good. It's really simple. I started with no prior experience in vulnerability management and picked it up in less than a day, pretty quickly. It's very intuitive.”

Additionally, an Information Security Analyst at a tech services company expresses, "Tenable SC is good for reporting and alerting. The filtering feature is also very valuable. Its integration with multiple vendors is quite good. It can be integrated with SIEM solutions and PAM solutions such as Thycotic, which is very helpful."

Tenable.sc was previously known as Tenable Unified Security, Tenable SecurityCenter.

Tenable.sc Customers

IBM, Sempra Energy, Microsoft, Apple, Adidas, Union Pacific

Tenable.sc Video

Tenable.sc Pricing Advice

What users are saying about Tenable.sc pricing:
  • "I use a local license to perform penetration testing and I'm pretty happy with everything when it comes to pricing and licensing."
  • "We're happy with the licensing cost and find it affordable."
  • "Tenable SC is priced per asset, with the basic solution starting around US$12,000 for 500 assets."
  • Tenable.sc Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    OniRahman - PeerSpot reviewer
    Technical Consultant at a tech consulting company with 51-200 employees
    Real User
    Top 5
    Great Predictive Prioritization and Risk-based VM with good reliability
    Pros and Cons
    • "Support is knowledgeable."
    • "Support could be faster."

    What is our primary use case?

    We primarily use the solution for vulnerability scanning across the network . 

    A few months back, I conducted a training on Tenable SecurityCenter for a Reputed Bank. I had to teach the Usage and features and then show them how the scan things work and how results can help analyze and report. also helped developing some use case like Scheduling scan and email that to specific users for mitigation, Generating Alert for particular level of vulnerability etc.

    What is most valuable?

    In Tenable SecurityCenter, the Risk-based approach for Prioritizing vulnerability is something that is unique to any vulnerability management platform. Compared to Qualys and Rapid7, Tenable VPR is a special thing that those products don't have. The security over the CVSS and V1 and V2 with the VPR feature help an organization reveal the exact risk of any asset. There might be thousands of vulnerabilities, however, the most impactful vulnerabilities are listed and prioritized in the VPR. 

    As tenable SecurityCenter is powered by popular Nessus technology, It is really easy to set up.

    The solution is stable and considered as the most solid vulnerability management platform in the industry. 

    Tenable.sc provides a wide range of dashboards which makes it easy to grasp the vulnerability profile of the organization. These dashboards allow us to view vulnerabilities in different categories in a simple to understand format. The upgrade to Tenable.sc+ has improved on this as well. Regularity of plugin updates are also exceptional. The speed at which tenable has pushed plugin updates and overall platform updates is great. Also the automatic update capability makes maintenance very simplified. Easy to use User interface. For someone who is not familiar with Tenable.sc, the interface is not difficult to follow along and the documentation makes it very simple for anyone

    The solution has a very nice Asset discovery feature that gives you gives you unified visibility of your entire attack surface, As It leverages Nessus Sensors, a mix of active scanners, agents, passive network monitoring, and CMDB integrations to maximize scan coverage across your infrastructure to reduce vulnerability blind spots. This mix of data sensor types helps you track and assess both known and unknown assets and their vulnerabilities

    What needs improvement?

    The solution is a bit on the expensive site. In a country like  Bangladesh, most of the customers don't have a budget that could afford Tenable SecurityCenter. They'd rather go for Qualys and Nexpose, which cost less. The licensing policy is something they can improve. 

    Support could be faster.

    For how long have I used the solution?

    I've used the solution for last 4 years now. 

    Buyer's Guide
    Tenable.sc
    November 2022
    Learn what your peers think about Tenable.sc. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    656,474 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    The solution is verry stable. That said, some customers complain about the results and how they are shown. Compared to Nessus, if a customer gets used to using Nessus, and then comes into Tenable SecurityCenter, then the compliance results are an area where they might find a difference. In Nessus, the compliance results are shown in past and failed. In Tenable.sc, it's shown in medium and high. This could be more clear. 

    What do I think about the scalability of the solution?

    Tenable can be scaled easily, just to add additional IP's on the licensing and that's it.

    How are customer service and support?

    I haven't really dealt much with technical support. In the initial stage, however, when I started deploying Tenable SecurityCenter, I faced a bit of a challenge implementing the Nessus Network Monitor. I figured it out, and now I don't have issues. 

    Support is top-notch, however, in terms of response times, they are slow, and they need to be faster. 

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    I have also worked with Qualys for a long time.

    In our country, People are yet not comfortable adopting SaaS/cloud based solutions also,there are some government jurisdictions that require data to be within the country and an on-prem solution is always needed for the organization. Other solutions, Qualys and Rapid7, are mainly cloud designed. Tenable SecurityCenter is the only solution that can be fully on-prem for small to mid Enterprises. 

    Also, Tenable is better for compliance requirements in terms of regulations around vulnerability management. it has reporting on compliance with pre-defined checks, metrics and proactive alerts on violations for industry standards like CERT, NIST, DISA STIG, DHS CDM, FISMA, PCI DSS etc. and regulatory mandates. while it comes to other solutions i dint find the compliance feature as good as Tenable 

    How was the initial setup?

    The initial setup is simple. It's not complex at all. 

    You can go with the installer for Tenable SecurityCenter, which has an installer file for Linux and Unix platforms only. talking about the Nessus scanners, It can be deployed anywhere, including on Windows machines or Linux. There is not much of a challenge to it.

    The time it takes to deploy varies. For example, what is the implementation size? How many IPs, and what are the sites? Those things change the timing. If it's a stand-alone setup, it can take around one to two hours to deploy. If you are also talking about onboarding the IPs, and scanning all those IPs, it can take a working day to complete.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is a bit high for the region. 

    Its cost depends on the Number of Assets. The licensing is per year. 

    What other advice do I have?

    We sell Tenable.

    I'm using something around version five. I have installed the demo version of it in my Docker.

    The product really stands out in comparison to the competition. However, the price tag is a bit on the higher.

    I would advise new users to scan all assets and grab the results and set up all security postures and do stats for mitigating those attacks which are critical. For the first time, I would recommend they go for the critical and high vulnerabilities first in order to mitigate effectively very early on. 

    I'd rate the solution nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
    Flag as inappropriate
    PeerSpot user
    Program Manager at a tech services company with 201-500 employees
    Real User
    Top 20
    Monitors our whole environment in real time and makes everything more secure
    Pros and Cons
    • "The feature we've liked most recently was being able to take the YARA rules from FireEye and put them into Tenable's scan for the most recent SolarWinds exploit. That was really useful."
    • "I will say it's a lot slower compared to an MS scan. It takes so much longer, so the performance could definitely be worked on."

    What is our primary use case?

    At work we use the enterprise version of Tenable, Tenable.io, and I also use Tenable.sc — which I refer to as SecurityCenter — for local scanning.

    I use Tenable SecurityCenter every day to scan our entire environment for vulnerabilities. I use a local license during the discovery process for penetration testing. So I'll do an en masse scan, and then also do a scan with Tenable to scan for IPs and vulnerabilities.

    User-wise, with Tenable SecurityCenter, there's different roles. We have security analysts, admin, etc. I'd say there's probably four or five different roles from people that can just go in and view. Security analysts can upload manual scans and create dashboards and download reports. Then administrators can create accounts, assign roles and responsibilities, and things like that.

    How has it helped my organization?

    Tenable SecurityCenter has absolutely improved our organization, by making everything more secure and helping ensure solid vulnerability management.

    What is most valuable?

    The feature we've liked most recently was being able to take the YARA rules from FireEye and put them into Tenable's scan for the most recent SolarWinds exploit. That was really useful.

    What needs improvement?

    I'm pretty happy with it, but I do see a lot of stuff coming out about risk-based vulnerability management. And so I've been looking at that. I don't think we're using that as of yet and it seems like a newer feature they're talking about a lot that I'm interested in.

    I will say it's a lot slower compared to an MS scan. It takes so much longer, so the performance could definitely be worked on.

    There was also an issue with SecurityCenter once where we had agents deployed on each device, and while it was scanning we were collecting the data real time. During this process, we had an enclave that was not submitting. It didn't have the agent installed because it wasn't connected to the enterprise network.

    They were scanning locally and submitting the scans and we would then upload them into SecurityCenter manually. Each time that there were any duplicates with host names or IPs, or that there were issues with the scanner device with authentication, it failed. But then you scanned it again and it was successful.

    When you uploaded that, SecurityCenter was counting it as two devices. And when you ran your report for unauthorized devices, even though it was scanned a second time successfully, the first time would show as a failure. So it was throwing off reporting.

    So we would run a report and say, "Okay, which device has failed scanning with authentication?" And it would give a device and we'd be like, "Well, here's the secondary scan showing that it was successful." And so we were having to manually go in there and delete the failed ones.

    And that was a pain in the butt. We eventually got that enclave online so we fixed the problem, but I felt that was a limitation of Tenable SecurityCenter that it couldn't see that.

    For how long have I used the solution?

    I have been using Tenable SecurityCenter for the past few years now.

    What do I think about the stability of the solution?

    We have only run into one troublesome issue that I can remember. It had to do with the way SecurityCenter inaccurately reported real-time scan results whenever there was a transient problem such as with a duplicate host name or IP, or with authentication.

    It was a pain to deal with, because we kept having to go in and manually delete all the failed (but actually successful) scan results.

    What do I think about the scalability of the solution?

    When it comes to scalability, so far so good, and no issues. We've got the whole environment monitored right now and I don't see any significant increases in use anytime soon.

    How are customer service and technical support?

    Their technical support is good. Because I don't give out tens much for anything, I would say in the eight to nine range, out of ten.

    Which solution did I use previously and why did I switch?

    For vulnerability management, Tenable SecurityCenter is the only one I've used in the past six years. Though we do use other tools in conjunction with it.

    We've pretty much used Nessus for scanning, vulnerability management, and reporting, and that's it. And it does it very well. And then I use different tools for other things. I'm sure Tenable had that on the plugins for other things, but we don't use those.

    How was the initial setup?

    The setup is straightforward.

    What about the implementation team?

    I personally implement SecurityCenter with a local license. And then we also have different roles like security analysts and administrators who can just go in and perform various functions such as uploading manual scans, creating dashboards, downloading reports, assigning accounts, and so on.

    What's my experience with pricing, setup cost, and licensing?

    I use a local license to perform penetration testing and I'm pretty happy with everything when it comes to pricing and licensing. 

    What other advice do I have?

    I can easily recommend Tenable SecurityCenter, and I have nothing really bad to say about it. I think it's a great tool for what it does. I enjoy the webinars, and the people that run the company seem very engaged with what's going on when you're into current events and the overall security climate, and they're continuously looking to improve.

    I can't speak to every option that they have, but I have no reservations recommending them.

    I would rate Tenable SecurityCenter an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Tenable.sc
    November 2022
    Learn what your peers think about Tenable.sc. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    656,474 professionals have used our research since 2012.
    Information Security Analyst at a retailer with 1,001-5,000 employees
    Real User
    Intuitive with excellent technical support and good stability
    Pros and Cons
    • "Their overall cost of service is pretty good."
    • "The biggest issue I have with the solution is when I'm using the scanning it picks up the original DNS of that device. That means, before we image it and actually change the DNS to something within our company structure, it'll just be random numbers and letters and Tenable will stick to that DNS for a long time."

    What is our primary use case?

    Essentially we use the solution to monitor hard devices on a network with it. That includes laptops, desktops, tablets, et cetera. I'm just using that to make sure that all of our patching is up to date.

    What is most valuable?

    The UI, the user interface, is really, really good. It's really simple. I started with no prior experience in vulnerability management and picked it up in less than a day, pretty quickly. It's very intuitive.

    Their overall cost of service is pretty good. 

    I've worked with my CS manager and with them a lot, and I'd say every case I've opened, they've reached out to me within two hours. They're pretty prompt in their responses and overall the company is really easy to get ahold of.

    Scaling the solution is very easy.

    The stability of the product is pretty good.

    What needs improvement?

    The biggest issue I have with the solution is when I'm using the scanning it picks up the original DNS of that device. That means, before we image it and actually change the DNS to something within our company structure, it'll just be random numbers and letters and Tenable will stick to that DNS for a long time. I'll be searching for a gallery or a laptop and I can't find it due to the fact that the DNS when it was scanned went in as something non-sensical, like M P X 23 Z. That's the biggest issue I have with it. it's some sort of strange glitch.

    For how long have I used the solution?

    While I started using the solution in January of last year, the company itself has been on the solution for about three years or so.

    What do I think about the stability of the solution?

    The stability of the solution has been quite good. I haven't experienced any real problems so far. It's been a rather smooth proess.

    What do I think about the scalability of the solution?

    Scaling the solution would be pretty simple. The process would require us to reach out to Tenable to get more licenses, however, that's a pretty simple process. Overall, it's pretty easy. Essentially it'd just be adding a list of all the new IPs into any asset groups that they would be involved in. I don't think it would take much longer than a week.

    How are customer service and technical support?

    Technical support is excellent. They are extremely responsive and very helpful. We are quite satisfied with the level of support we've received from them.

    I would give them a ten out of ten. They are very prompt and very knowledgeable. They are great at answering questions and walking you through anything step-by-step.

    How was the initial setup?

    When I started, the company was actually in the process of revamping the solution. 

    It was a two-day process and the company walked us through the entire thing. I had a Tenable engineer on-call with me for eight hours. It was a long process, however, it was easy as they were walking me through it, step-by-step.

    What about the implementation team?

    When we did a recent re-vamp, Tenable was on hand to walk us through the entire process. We had a very positive experience with them.

    What's my experience with pricing, setup cost, and licensing?

    I don't handle the billing and therefore don't have an exact idea of how much the solution costs.

    Which other solutions did I evaluate?

    We just renewed the solution and didn't look into any other product on the market before we did.

    What other advice do I have?

    We are just customers and end-users of the product.

    If a company does decide to implement the solution, I'd advise working with Tenable engineers during the process, and even afterward, in order to ensure everything is set up appropriately.

    I'd rate the solution at an eight out of ten We've had a largely very positive experience with the solution so far.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Mohamed Elnahas - PeerSpot reviewer
    Head Of IT Risk and Security at AWB
    Real User
    Top 10
    The product is our second solution, and we are happy that it meets our requirements
    Pros and Cons
    • "The product is our second solution, and we are happy that it meets our requirements."
    • "We would like to see the inclusion of external IPs and simplified reporting that's easier to deal with"

    What is most valuable?

    The reporting vulnerability is very helpful when you link it with the people who close it with the admin and support team, giving them the criticality to find how to close each item.  And it's up to date with all the vulnerabilities on the market thanks to prompt updates from the cloud.

    What needs improvement?

    In the next release, we would like to see the inclusion of external IPs and simplified reporting that's easier to deal with.

    For how long have I used the solution?

    We have been using this solution for about two years.

    What do I think about the stability of the solution?

    The solution has been very stable up till now. I would give it nine or 10 out of 10 for scalability

    What do I think about the scalability of the solution?

    For our size, it's scalable. It covers all the bank infrastructure and all that we have.

    Two or three people from the security team manage the solution, but they extract it for the IT team to take action in different areas, including infrastructure and domain support. So 10 or more people assess the reports to fix the issues.

    How are customer service and support?

    We are happy with the support from the Tenable side. But sometimes the vendor's people move between areas too often, causing occasional shortages on technical issues inside the country. When you raise tickets, the vendor sometimes takes some time to respond, but they are always helpful. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Previously we used Rapid7, but we switched after comparing it with the solution because it had some additional features that we needed.

    How was the initial setup?

    Overall, the initial setup was smooth and easy. Later we had to integrate it with other solutions in the system, but it didn't take long.

    What about the implementation team?

    We had a consultant for two weeks at the beginning but in the end, we completed it, doing most of the work ourselves and gaining valuable experience. And, of course, we had to set up our systems inside the bank and the structure of the scope of the vulnerability, so that made it about a month.

    Four people were involved in the deployment, two from the vendor and two from our team.

    What's my experience with pricing, setup cost, and licensing?

    We're happy with the licensing cost and find it affordable.

    We paid for three years, mostly for the finances and sourcing, but all features are inclusive.

    I would rate our licensing cost as eight on a scale of one to ten.

    What other advice do I have?

    I would give the product an overall rating of nine out of 10.

    The product is a very good solution. I would advise potential users to look at other solutions. The product is our second solution, and we are happy that it meets our requirements.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Information Security Analyst at a tech services company with 51-200 employees
    Real User
    Top 20
    Good reporting, alerting, and filtering capabilities and good integration with multiple vendors
    Pros and Cons
    • "Tenable SC is good for reporting and alerting. The filtering feature is also very valuable. Its integration with multiple vendors is quite good. It can be integrated with SIEM solutions and PAM solutions such as Thycotic, which is very helpful."
    • "There is not much room for improvement. However, there should be a guide that describes the step-by-step procedures for doing tasks. Otherwise, training is required from a senior guy to a junior guy."

    What is our primary use case?

    We had a requirement to connect multiple branches into one console. We installed Nessus at multiple locations and then connected Nessus. We did the service scan and got the report on the central site with Tenable SC.

    How has it helped my organization?

    Previously, we were using Nessus, which required a lot of manual work in terms of reporting. We do a lot of customization, and Tenable SC has been very helpful. Reporting is just a click away in Tenable SC, whereas it used to take a long time to create a similar report and customize it in Nessus. 

    What is most valuable?

    Tenable SC is good for reporting and alerting. The filtering feature is also very valuable.

    Its integration with multiple vendors is quite good. It can be integrated with SIEM solutions and PAM solutions such as Thycotic, which is very helpful.

    What needs improvement?

    There is not much room for improvement. However, there should be a guide that describes the step-by-step procedures for doing tasks. Otherwise, training is required from a senior guy to a junior guy.

    What do I think about the scalability of the solution?

    Our usage is the same. Currently, no increment is required in terms of the license.

    How are customer service and technical support?

    They are good.

    Which solution did I use previously and why did I switch?

    We used to use Rapid7, but there were too many false positives. So, we switched to Nessus, but in Nessus, we faced the challenge of reporting. Nessus required a lot of manual work in terms of reporting. Tenable SC has been quite helpful for reporting. 

    How was the initial setup?

    It is not straightforward. When you do integrations, it turns into a complex solution, but this complexity is required. If security is a priority, then complexity will be there for enterprise security.

    It didn't take a long time. In one month, we were able to configure and run the reports. Everything was done within a month. We were in desperate need of such a solution, and this solution came. We already knew about integrations from the white papers and documents available on the Tenable website. They were very helpful. So, doing integration was not an issue. We did it without much effort. 

    What about the implementation team?

    I was heading this project as a project manager.

    What other advice do I have?

    It is a much better solution than other competitors. It provides almost everything that is required in terms of vulnerability management. If you are looking for overall enterprise security in terms of integrations and vulnerability management, you should go for Tenable SC or Tenable SCCV.

    I would rate Tenable SC a nine out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    JoaoManso - PeerSpot reviewer
    CIO / IT Consultant at RedShift
    Reseller
    Top 5
    Strong on prioritization of vulnerabilities
    Pros and Cons
    • "Tenable SC's most valuable features are the low number of false positives and the strong capability of providing prioritization for the vulnerabilities detected."
    • "Tenable SC could be improved with additional connectivity to external company postures and the capability of managing and sustaining agents in the systems directly without additional platforms in the middle."

    What is our primary use case?

    I primarily use Tenable SC for vulnerability management i.e. to detect vulnerabilities in servers, workstations, and some IoT, produce, prioritize, and validate a mitigation strategy, and keep the mitigation on track so the CISO can detect changes in the posture. 

    What is most valuable?

    Tenable SC's most valuable features are the low number of false positives and the strong capability of providing prioritization for the vulnerabilities detected.

    What needs improvement?

    Tenable SC could be improved with additional connectivity to external company postures and the capability of managing and sustaining agents in the systems directly without additional platforms in the middle.

    For how long have I used the solution?

    I've been working with Tenable SC for seven years. 

    What do I think about the stability of the solution?

    In seven years, we haven't had any problems with Tenable SC's stability. Sometimes a specific update doesn't feed exactly as expected, but the problem is always covered quickly by Tenable, and with a stable version, it's very, very stable.

    What do I think about the scalability of the solution?

    Tenable SC's system can be multiplied by different installations and have on-top management and a single pane of glass. So it can scale with only one system - almost to half a million assets. And with multiple systems, we can have more than a million assets without problems.

    How are customer service and support?

    Tenable's American technical support is excellent, though the European version is not quite as good as it takes longer to provide the right information.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup is very, very easy, even with the on-prem version, and depending on the customer's size and the complexity of the infrastructure, it can be done in one day.

    What was our ROI?

    Tenable SC can cut manpower costs on manual scans and analysis by more than half within one or two years.

    What's my experience with pricing, setup cost, and licensing?

    Tenable SC is priced per asset, with the basic solution starting around US$12,000 for 500 assets. There's an additional cost for advanced support.

    What other advice do I have?

    Tenable SC is suitable for medium and large companies, but it's not feasible for small ones. If you're in the US, I advise buying services from Tenable to implement the system instead of trying to implement it yourself. There are always some tricks that come with knowledge of the product that will make for a faster and better installation. Similarly, if you're in EMEA or Asia, please choose a good integrator. I would give Tenable SC a rating of nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    VictorAkidiva - PeerSpot reviewer
    Security Architect at ModusBox
    Real User
    A lean and easy-to-use interface for patch and vulnerability management
    Pros and Cons
    • "The solution has a lean and easy-to-use interface that is not confusing to first-time users."
    • "The solution should include compliance-based scanning."

    What is our primary use case?

    We use the solution for patch and vulnerability management. We scan our critical systems, keep track of any exploitable vulnerabilities, and prioritize their remediation efforts in terms of patching. 

    In the future, we hope to extend the solution to our cloud services. We are moving to Azure Cloud and planning to start a DevOps initiative that might include container deployment. We know Tenable has the CI/CD pipeline security support so we will seek that solution when we are ready. 

    What is most valuable?

    The solution has a lean and easy-to-use interface that is not confusing to first-time users.

    What needs improvement?

    The solution should include compliance-based scanning. 

    For how long have I used the solution?

    I have been using the solution for three weeks but my company has been using it for one year. 

    What do I think about the stability of the solution?

    The solution is very stable. 

    What do I think about the scalability of the solution?

    The solution is scalable and we are happy with the way it is operating. 

    We currently have forty users and a team of four for maintenance. 

    How are customer service and support?

    Technical support has been excellent and provides a lot of support when needed. 

    Which solution did I use previously and why did I switch?

    The company was using OpenVAS, an open-source solution that is miles apart from Tenable. 

    At a previous job, I used Rapid7 which compares strongly to Tenable. 

    How was the initial setup?

    I did not handle the initial setup but know from previous implementations that setting up a vulnerability management solution can be somewhat complex because it involves loading assets, configuring the network, and authenticating.

    What was our ROI?

    The ROI is almost guaranteed because there is a lot of value in using the product and reporting that to our company. 

    What's my experience with pricing, setup cost, and licensing?

    The price is reasonable based on our scope of work and how we use the solution. 

    What other advice do I have?

    The rule is always garbage in, garbage out. Be sure to configure the solution well and take advantage of technical support to understand how things should work. Mistakes are made when people assume they know how to do things. I believe in using technical support to confirm the process and ensure everything is done correctly. 

    I rate the solution a ten out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Senior Cyber Security Specialist at a tech services company with 1,001-5,000 employees
    Real User
    Top 5Leaderboard
    Excellent, responsive support; it is dependable, scales well, and is simple to install
    Pros and Cons
    • "It's a very useful tool."
    • "The GUI could be improved to have all concerns and priorities use the same GUI, allowing them to see all tickets, assign vulnerabilities, and assign variation failures to each member of their team."

    What is our primary use case?

    Tenable SC can be used in any company for vulnerability management life cycle.

    What is most valuable?

    It's a very useful tool.

    What needs improvement?

    Internal ticketing systems require improvement. 

    The GUI could be improved to have all concerns and priorities use the same GUI, allowing them to see all tickets, assign vulnerabilities, and assign variation failures to each member of their team.

    For how long have I used the solution?

    I have been working with Tenable SC for more than five years.                                                             

    What do I think about the stability of the solution?

    Tenable SC is very stable.

    What do I think about the scalability of the solution?

    According to the sizing that we are dealing with in this first stage, it is very scalable.

    We have not experienced any issues with the scalability of Tenable SC.

    The information security team has access to the solution. The number of users varies from one environment to another. It ranges, from five users to ten users maximum.

    The same number of users can easily deploy and maintain this solution, included the access manager, administrator, and anyone who can configure the policies they test.

    How are customer service and support?

    Tenable technical support is very good. They are very helpful, and responsive.

    We had experienced some delays in two or three tickets we started, but that may have been because of the client, they were very unresponsive.

    Overall, the technical support is very good.

    Which solution did I use previously and why did I switch?

    I have worked with Rapid 7 and Qualys.

    How was the initial setup?

    The installation is very straightforward. It's the easiest solution that I have ever implemented.

    The installation was quick, taking no more than one or two minutes.

    What about the implementation team?

    I completed the installation myself. It can easily be installed by anyone.

    What's my experience with pricing, setup cost, and licensing?

    The license is perpetual and is based on the number of IP addresses you want to scan in your organization.

    The support comes with a different license.

    What other advice do I have?

    Tenable SC is without a doubt a good choice.

    I would rate Tenable SC a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Tenable.sc Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Product Categories
    Vulnerability Management
    Buyer's Guide
    Download our free Tenable.sc Report and get advice and tips from experienced pros sharing their opinions.