Tenable Security Center Reviews

We primarily use the solution for vulnerability scanning across the network . 

A few months back, I conducted a Deployment on Tenable SecurityCenter for a Reputed  Private Bank. Also I had to teach the Usage and features and then show them how the scan things work and how results can help analyze and report. also helped developing some use case like Scheduling scan and email that to specific users for mitigation, Generating Alert for particular level of vulnerability etc.

Tenable has come a long way than we found earlier, Asset Criticality Report and Predictive Prioritization helps us finding the most critical loophols in minutes, Security Engineers can now focus more on Remediation. Less of false positive eases our vulnerability program and saved time.

In Tenable SecurityCenter, the Risk-based approach for Prioritizing vulnerability is something that is unique to any vulnerability management platform. Compared to Qualys and Rapid7, Tenable VPR is a special thing that those products don't have. The security over the CVSS and V1 and V2 with the VPR feature help an organization reveal the exact risk of any asset. There might be thousands of vulnerabilities, however, the most impactful vulnerabilities are listed and prioritized in the VPR. 

As tenable SecurityCenter is powered by popular Nessus technology, It is really easy to set up.

The solution is stable and considered as the most solid vulnerability management platform in the industry. 

Tenable.sc provides a wide range of dashboards which makes it easy to grasp the vulnerability profile of the organization. These dashboards allow us to view vulnerabilities in different categories in a simple to understand format. The upgrade to Tenable.sc+ has improved on this as well. Regularity of plugin updates are also exceptional. The speed at which tenable has pushed plugin updates and overall platform updates is great. Also the automatic update capability makes maintenance very simplified. Easy to use User interface. For someone who is not familiar with Tenable.sc, the interface is not difficult to follow along and the documentation makes it very simple for anyone

The solution has a very nice Asset discovery feature that gives you gives you unified visibility of your entire attack surface, As It leverages Nessus Sensors, a mix of active scanners, agents, passive network monitoring, and CMDB integrations to maximize scan coverage across your infrastructure to reduce vulnerability blind spots. This mix of data sensor types helps you track and assess both known and unknown assets and their vulnerabilities

The solution is a bit on the expensive site. In a country like  Bangladesh, most of the customers don't have a budget that could afford Tenable SecurityCenter. They'd rather go for Qualys and Nexpose, which cost less. The licensing policy is something they can improve. 

Support could be faster.

I've used the solution for last 5 years now. 

The solution is verry stable. That said, some customers complain about the results and how they are shown. Compared to Nessus, if a customer gets used to using Nessus, and then comes into Tenable SecurityCenter, then the compliance results are an area where they might find a difference. In Nessus, the compliance results are shown in past and failed. In Tenable.sc, it's shown in medium and high. This could be more clear. 

Tenable can be scaled easily, just to add additional IP's on the licensing and that's it.

I haven't really dealt much with technical support. In the initial stage, however, when I started deploying Tenable SecurityCenter, I faced a bit of a challenge implementing the Nessus Network Monitor. I figured it out, and now I don't have issues. 

Support is top-notch, however, in terms of response times, they are slow, and they need to be faster. 

Positive

I have also worked with Qualys for a long time.

In our country, People are yet not comfortable adopting SaaS/cloud based solutions also,there are some government jurisdictions that require data to be within the country and an on-prem solution is always needed for the organization. Other solutions, Qualys and Rapid7, are mainly cloud designed. Tenable SecurityCenter is the only solution that can be fully on-prem for small to mid Enterprises. 

Also, Tenable is better for compliance requirements in terms of regulations around vulnerability management. it has reporting on compliance with pre-defined checks, metrics and proactive alerts on violations for industry standards like CERT, NIST, DISA STIG, DHS CDM, FISMA, PCI DSS etc. and regulatory mandates. while it comes to other solutions i dint find the compliance feature as good as Tenable 

The initial setup is simple. It's not complex at all. 

You can go with the installer for Tenable SecurityCenter, which has an installer file for Linux and Unix platforms only. talking about the Nessus scanners, It can be deployed anywhere, including on Windows machines or Linux. There is not much of a challenge to it.

The time it takes to deploy varies. For example, what is the implementation size? How many IPs, and what are the sites? Those things change the timing. If it's a stand-alone setup, it can take around one to two hours to deploy. If you are also talking about onboarding the IPs, and scanning all those IPs, it can take a working day to complete.

The legecy container security is already in it's EOL, if it gets added to Tenable Security Center, users can take full toll of on prem container scanning.

Its cost depends on the Number of Assets. The licensing is per year. 

i had also worked and evaluated Qualys.

We sell Tenable.

I'm using something around version five. I have installed the demo version of it in my Docker.

The product really stands out in comparison to the competition. However, the price tag is a bit on the higher.

I would advise new users to scan all assets and grab the results and set up all security postures and do stats for mitigating those attacks which are critical. For the first time, I would recommend they go for the critical and high vulnerabilities first in order to mitigate effectively very early on. 

I'd rate the solution nine out of ten.

Our primary use case is compliance for our audits, for our customers. We were exposed in that we were not meeting contractual obligations.

We are monitoring our infrastructure: servers, switches, storage, routers, SAN storage, operating systems, and applications to the extent that the tool is able to see into them. We use it to hit the high ones like Adobe or Microsoft Office and the like. Some of the more niche products that we use may not be in their inventory of vulnerabilities.

It helps us prioritize based on risk and it also helps us prioritize manpower, to show we are getting the most value from the limited number of man-hours that all organizations face. We have the same problems: Where do we need to focus? Where do we need to focus money? And where do we need to focus additional expertise that we don't have or didn't think we needed.

Overall, we use it as a third-party — I don't want to say settle arguments — but as an expert opinion as to what is a true vulnerability is, versus what is something that isn't as high of a priority. It takes opinion — if two cybersecurity people are arguing or discussing if this thing is more important than that thing — and, since Tenable is not invested in our company, gives the best practice. It is very valuable in that sense.

In terms of cyber exposure, it allows us to centralize both vulnerability management and visibility. We have one place to look instead of going through: Okay, we're using the Microsoft tool, and now we're going to go use the Cisco tool, and now we're going to go use the Red Hat tool. It allows us to centralize and easily correlate all data together, and then use the prioritization or just understand where the gaps in our security posture lie. That's more valuable than saying, "Okay, here's this report for Microsoft, and now we're going to print out a report from Red Hat, and we're going to print out a report from Cisco, and we're going to print out a report from NetApp, and we're going to put them all together and then we're going to discuss it." Having it in a single view is very valuable to us in that it saves us a lot of time.

Tenable also helps us to focus resources on the vulnerabilities that are most likely to be exploited. And since it is continuously updated, it allows us to reevaluate quickly if there are new vulnerabilities found, versus ones that we're already working off and are already known to us.

And since cybersecurity and IT security are not a fix-it-and-forget-it scenario — it's a continuous process — having a tool like this, especially one that is continuously monitoring our environment, is very valuable. It's not that we're not doing this once a year, we're not doing this once a quarter. We're doing this every day.

Finally, the solution has reduced the number of critical and high vulnerabilities we need to patch first.

The continuous monitoring piece has been very valuable to us. 

The vulnerability priority setting in the software has been very useful to us as it allows us to focus on what's most important. We use it as a piece of our holistic look into our security stance.

The predictive prioritization features are pretty good. They do a lot of research and we trust the research that they do internally. They have knowledge of what's going on with many companies, where we only get a view into what's going on here. So the ability to get best practices out of them as part of this solution, is valuable to us.

The Vulnerability Priority Rating is also pretty good. It's a much more holistic view, instead of being very binary, which we tend to see. It lets us focus on what's most important to us, especially because it goes across many products that we have. It's good in that we see how each of these stacks up and where our priorities should be. Should they be in Cisco, should they be in Microsoft, should they be in Linux? That's very useful to us as well. We'd love to do all the work right now, but we have to pick some type of priority in terms of what we're going to focus on, before we focus on the less vulnerable items.

Using the product — especially very early on — even though we have things like prioritization, it can be a little verbose in that there's a lot of information being streamed out of the reports. What would be nice, and maybe we just haven't found it, would be more of an executive-type view. We still expect it to collect all this information, but we would like a feature that would allow us to show it to an executive or a director or someone like that and give them some type of high-level overview but not get into the nitty-gritty.

We started using this iteration of it two years ago, but we had been a previous customer of theirs as well.

We haven't had any problems with it. It seems stable. They make changes to it regularly, to both the vulnerability database and the product itself. They seem to be going through with a reasonable update path and they support previous versions for the expected amount of time.

We haven't seen any crashes or spikes.

It scales just fine. We're a Fortune 500 company so, obviously, we have very large networks here. As far as we know, it should scale. We don't think we can outpace the scalability of it. There are best-practices that we need to follow, but will this product be able to meet our needs for future growth. We expect it to be able to handle that.

Usage will be increased. There are two parts to the business. There's the business that is our overall corporate business, which is covered 100 percent by the solution. And then there's the manufacturing and design business. On that side, the solution is still growing. We have two contracts with Tenable for their SC product.

We think technical support is pretty good. We have specific needs as defense contractors and they're able to meet those. We have a good account team. We have a customer success manager, Ryan Zentz, and we have a good account executive, Scott Mahan, and they do as much as they can to head off any issues that we have, instead of putting in a ticket or getting something escalated. They do a good job of helping us.

We previously used their lower version of security management. It was their single-install product, Nessus. We were using the standalone, non-enterprise version.

The solution would be fairly simple, but because of our implementation it was fairly complex and we hired Professional Services to do it. We're not a typical example. As a straightforward install, I think it would be very easy. But because of our size and scope, it was a little tricky.

We have multiple deployments so we hired Professional Services for two weeks to do them. Some installations were done in a few hours and some of them took a few days. But, overall, we hired ten days of Professional Services.

We were focusing on installing first in our non-production environments; getting familiar with the installation, the capabilities, and what the overhead of the product was going to be on the network. From there did some testing and ran that through some discussion and a panel of in-house experts and decided that we would be good to go forward with production. 

We then repeated that, where we would install in a small section of production, run a test to make sure that it didn't break anything or that it didn't cause undue harm. And then we went forward with expanding it out.

Now we have a process in place for installing for any new section of the network that comes up or any new infrastructure that we put together. It's a little easier for us to handle now that we're not tackling the big network. We're just handling delta changes over time.

We used their in-house professional services. Our experience with them was good. They had someone onsite and who was well-versed in the defense industry. He was able to get it installed and answer our questions. We didn't have any problem with him. We liked him so much that we brought him back for another week.

Having Tenable is a requirement. It is a compliance piece which is part of our business. But it is money well-spent in that it focuses us to work on problems that are prioritized and it allows us to cut down on the manual integration of multiple reports from Microsoft and Linux, etc. It does save us considerably in that we can have less staff assigned to it, versus having a Linux team and a Windows team and a NetApp team, etc.

Running with a much smaller team of two people probably saves 80 percent of manpower. I would assume that the team would be ten people or so if we had to mash together multiple reports and spend time doing that.

I don't know our licensing costs but they're in the seven figures. We have an enterprise license, so I believe everything is tied up in that. We do not have any additional cost other than our large enterprise license.

The licensing is a little involved from both sides. That may be due to our specific implementation of it because we are a defense contractor. I feel we rely a lot on their customer service and they rely on us to do a lot of manual labor to get licensing installed or to get licensing. If there were some type of smoother transaction, that would be great.

I would like more self-service in the granting and rescinding of SC licenses, and that way we wouldn't have to be involved with customer service as much or with our account executive.

We did two sets of white papers looking at the competition. We did a white paper in 2015 and another one in 2018. We selected Tenable after the 2018 white paper was written.

Between 2015 and 2018, the market had contracted considerably. Many of the products that we evaluated in 2015 had either been bought out by a competitor or just no longer existed. When we looked at it in 2018, Tenable had the strongest pedigree. They also had the ability to scale the deployment, versus some of the other products. 

We looked at Ivanti, which really wasn't designed for vulnerability management; it was a bolt-on. We looked at Qualys. That was too heavy-handed. It was a good product, but there was too much overhead in managing or maintaining that product.

Tenable was the best fit for our needs. Tenable is also the provider for the ACAS solution for the US government. Since the vast majority of our customers are government customers, and our auditors are government officials, it was seen as an easy way to get past an audit, or at least that we would be looked upon favorably.

We did not test any of the competitors. We had done some tests in 2015, but again, many of those competitors were no longer in business or they had been bought out. The other product that made it as a finalist was Qualys, but there was a significant commitment and infrastructure needed. We felt that if that was the minimum just to get it tested, then it was not going to work for us on an enterprise scale.

Go in with open expectations. Companies don't realize how big their infrastructure really is before they can get a single pane of glass view, which Tenable provides. Don't be disheartened when you run that first scan. It is a process. This is not a sprint, this is a marathon. If you're not willing to invest in this for the long run, then maybe your organization just isn't ready.

I don't know how to assess our vulnerability status compared to that of our peers. The defense industry is fairly secretive about what goes on. But I think we're doing the right things. Having the licensing and the investment that we put in place puts us ahead in the industry. I can only really speak for myself, but I think that we are doing the right things, and investing the right dollar. And if our competitors are doing that, good for them. If not, I wish they would.

Security Center is generally run by either the information security manager or the information security officer. There are a few dozen people who have access to it and their roles would be two-fold: There are the lower-level, cybersecurity folks who are dealing with it on a day-to-day basis. And there are the more managerial types who would be getting reports and making decisions off of it. Lastly, the general IT staff would be using the reports or the remediation recommendations for making changes to their environment.

For deployment and maintenance of the solution we don't need that many. We had Professional Services in and we added a team of four to the Professional Services engineer to help us get it stood up over those two weeks. In terms of ongoing support of the solution, we have one or two people who are tasked with updating the vulnerability database and verifying scans and the like. But it's not overly burdensome. They are information security officers or cybersecurity specialists.

I would rate Security Center at eight out of ten. First, it's a little heavy-handed for us from a licensing perspective and second, there are some features and functionality that we'd like to see in the future which would make it more user-friendly for non-technical or more managerial types. It seems that the product is really written for technologists, especially on the reporting side.

We use the product as a security tool for VMs and web applications.

The product could be user-friendly, and they could enhance the web application's security features.

We have been using Tenable Security Center for a year.

It is a stable product. Our customers utilize just one security center due to the scope of the budget. It doesn't have any adverse effect on the business.

Tenable Security Center on the cloud side is preferred in larger enterprises, but Nexpose might be a suitable option in smaller organizations. The POC implementation for the banking sector is lengthy. I prefer cloud-based scanning for its ease and scalability.

The tickets are passed quickly. Their support manager works proactively in scheduling meetings and solving the issues with the team. They provide the best support care for the customers.

We used Netsparker and Nexpose before. We switched to Tenable SC for better pricing and efficient scanning features. Additionally, it provides features for data security and cloud usage for clients who want to avoid sending information through the cloud.

The initial setup process is simple. If the customers do not have scanners, we can complete it quickly within an hour.

Tenable SC helps us save about 20% of the price compared to Nexpose, which involves buying three different licenses.

The product helps with web application security. I advise others to use Tenable IO and NAS, especially in regions with specific data protection regulations like GDPR and PDPA.

I rate it a nine out of ten.

The solution is being used to assess Windows servers and ESXi servers, and VMware ESXi.

The most valuable features of the solution are the dashboards and speed of the test.

Tenable.sc is user-friendly.

The user interface can be improved.

I have been using Tenable.sc for a month.

The solution is stable.

The solution appears to be easily scalable.

Previously to using the solution the organization used Tripwire. The switch was made because Tripwire was not being updated often, the reporting was very bad, and the support was no good.

The initial setup was easy and took only two weeks to deploy.

The implementation was done through a consultant.

For 500 users the licensing fee is roughly $100,000.

I rate Tenable.sc nine out of ten.

I use the solution in my company for vulnerability risk assessment, and we are quite happy with it.

The tool's initial configuration is not so easy. The hardware requirements related to the tool need to be better because we need a lot of memory to achieve speed in the solution. If our company needs to react at times, we need to upgrade more memory in the hardware. In general, Tenable Security Center is a very good solution according to me.

I have been using Tenable Security Center for six months. My company works in partnership with Tenable Security Center.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight out of ten.

I use the solution for quite a huge amount of computers in my company, and I see that its scalability is quite nice since it offers an unlimited number of scanners, so I think it's ready for big enterprises.

In the Czech Republic, the tool is mostly used by medium and enterprise-sized businesses consisting of 1,000 to 15,000 users.

I rate the technical support a nine out of ten.

Positive

I have previous experience with Tenable Security Center's competitive solutions, and now I see why Tenable is okay.

I rate the setup phase a six on a scale of one to ten, where one is difficult and ten is easy.

The solution is deployed on the cloud and on an on-premises model, but our company mainly relies on the latter.

The solution can be deployed in a few hours since you need to download the tool's initial package, which is quite big, but once it is done, the deployment process becomes really fast and can be done in 20 to 30 minutes.

I rate the solution's price as seven on a scale of one to ten, where one is cheap and ten is expensive. The tool is quite expensive.

I don't use the product for compliance support.

In terms of the product's valuable feature for threat detection, I would say that the solution's reporting overview in the dashboard is nice. The prioritization of vulnerabilities in the tool is very nice.

The real-time monitoring capabilities of the product are very useful for our company, as they help us to be more in control and interact more actively.

The tool's dashboard and reporting capabilities match our company's needs since we are able to modify the basic view to create a new dashboard, and it works out very well for our needs.

Speaking about how Tenable Security Center's integration capabilities with other tools have affected our company's security operations, I would say that I have very little experience with the integration part, but from what I can see in the product's documentation and description, it can be really well-integrated with a lot of systems, like service desk in ServiceNow and other security vendors, which is good for our company. I can say that the integration capabilities of the product are good.

I would definitely recommend the product to those who plan to use it.

I rate the tool a nine out of ten.

The solution is a vulnerability scanner that helps us check if we are covered on the audit and compliance aspect. It provides us with critical alerts in case we encounter any vulnerabilities. The tool also helps us with patching. It also gives us notifications whenever certificates like SSL expire.

The tool provides us insight into the happens of the network and its hosts. It provides me with a list of hosts. 

The product gives us reports whenever we setup a scan. 

The solution needs to improve its support. I would like to see a bird's eye view of my network architecture. I would also like to see the continuous view feature in the tool. 

The tool is pretty stable. I would rate it a ten out of ten. 

I would rate the tool's scalability a nine out of ten. My company has two users for the tool. 

I wasn't part of the tool's initial deployment. However, when we had to install the upgrades, we had to do the deployment all over again. The tool's deployment was easy. 

We have seen ROI with the tool's use. 

I would rate the tool a seven out of ten. 

The dashboard is a valuable feature. So is the scanning, which is based on the nexus and the scripts. The solution offers an extremely limited margin of error, of obtaining false positives within it. These are its strengths. 

Everything in life has room for improvement. While I consider the solution to perform as it should, most customers, for the wrong reasons, wish for it to have the penetration testing capabilities. This is not a problem with the product, but with the demands of the customer and I remain uncertain if I can meet these. 

The pricing is reasonable, but this could be brought down more aggressively, such as we see with Rapid7, Tenable SC's main competitor. 

An easily installable and very scalable and stable solution which boasts great dashboard and scanning features

The solution is one of the most, if not the most, stable product available. 

The solution is scalable. It can go up many thousands of endpoints for scanning purposes.

Technical support does what it should. The solution is pretty straightforward and simple. As such, as with all vulnerability management solutions, it will not need much technical support and this is rarely required. I am referring to the need to address bugs. Mainly, the support will focus on the search for new features or reports. 

The initial setup is straightforward and very easy. 

Though reasonable, the main competitor of Tenable SC, Rapid7, offers a more aggressive and better priced product. 

The size of our customers run the gamut, from small medium to large, in certain cases exceeding 5,000 IPs. 

I would definitely recommend the solution. 

I rate Tenable SC as an eight-plus out of ten. 

We work as System Integrators and my team has experience in using Tenable Security Center. We provide solutions to work for various customers in BFSI, Telcos, and the Government sector. 

We use this solution mainly for vulnerability assessment and management. With the scanning feature set, we do the reporting and provide easy operation and implementation for our customers. 

The initial product price is quite high, and in our country, this market is very price sensitive, and we have multiple segments of customers. If I invest ten dollars on behalf of my customers and profit just five percent; in such a market, how does the solution provider ensure expansion from our side? This should be taken care of by the channel or legal system. Due to this, we need to work in a very tight situation. 

The solution is completely stable and operation is user-friendly. 

We are facing some challenges related to our channel. We are not having partner channel engagement if it's changed. Most probably due to the addressable market size, the solution providers are not putting that much purpose into the partners. 

I have been using the solution for one year. 

I would rate the stability a ten out of ten. The solution is completely stable. 

I would rate the scalability an eight out of ten.

For the first-time implementation, in a few cases, we needed to call technical support to help with license activation. Tech support was good. 

The initial setup of the solution is quite easy and the operation is user-friendly. The deployment time of this solution is not very lengthy. It depends upon the customers and how frequently they are providing us with the time slot to deploy. On-premise deployment doesn't take more than two to three days. Cloud deployment is also quite easy. 

This solution's price is quite high compared to other competitive solutions. 

I would rate the product a nine out of ten. I would advise to focus on partner relationship development and enablement. If your partner is not confident enough or they are not getting training or direct channel attachments, then it becomes difficult for System Integrator professionals.