Tenable Security Center Reviews

Vulnerability assessment and compliance auditing are our primary use cases. That includes baseline configuration scanning. We use it to protect everything in the enterprise environment: servers, workstations, pretty much all operating systems, networking gear. We are doing cloud and we are doing some IOT. We are not using their web application scanning tool.

The ability to view the plug-ins, the way that the plug-in library works, is really good. It's not an individual list of 80 million different CVEs. We can actually just say, "Hey, here's a plug-in," and it really helps us to boil things down. Instead of having a million CVEs, here's the specific plug-ins that are actually tying the CVE families together. That helps our platform owners, if there is an issue, to see what it is and understand better how to fix it.

Also, the fact that they display the very specific plug-in output in their details area helps our platform owners know, if there's an issue, specifically what was checked and what versions it was on at the time of the test. That's just huge. It increases the trust in the information from the tool. It cuts down on accusations of false-positives and it helps people do their job better.

It helps us to understand our cyber-exposure. At the end of the day, if you don't know what you have, then you cannot defend against it. Understanding what services, what technologies, and all those components will also give us an idea about how to predict what kinds of attacks are the things that we need to guard against in the future.

It also helps us focus resources on the vulnerabilities that are most likely to be exploited. Looking at what actually has an exploit available along with consideration of other things such as network proximity times and information about the threat - either VPR or CVSS - pulling all that together does allow us to identify pretty quickly what are the high-priority targets that we should work on.

One of the most valuable features is their distributed scan model for allotting engines to work together as a pool and handle multiple scans at once, across multiple environments. Automatic scanning distribution is a distinguishing feature of their toolset.

Also, the ability to trend data back as far back as we have disk space for, is helpful.

Finally, the ability to write custom audit files is a really helpful and useful feature. That's something that not a lot of assessment companies have gotten right. There's room for improvement, but literally being able to take the text file, open it up, and adjust the changes, write your own regex and write your own checks, is huge.

It's good at creating information, it's good creating dashboards, it's good at creating reports, but if you want to take that reporting metadata and put it into another tool, that is a little bit lacking. It does great for things for the API. For instance, if we say, "What vulnerabilities do we have?" or "How many things have we scanned?" those things are great. But if we want to know more trending stuff over time, it can create a chart, but that's in a format which is really difficult to get into another program. Integration into other reporting platforms, or providing more specific scanning program metadata, would be an opportunity.

It does have a fully-bolstered API which is available online that you can look at, but it is more aimed at getting more vulnerability information out instead of reporting information out.

We've had more problems with the underlying stuff that is running the operating system, as opposed to actually running Tenable. Tenable SecurityCenter has been pretty stable. We've only had one or two smaller technical issues. There have been other issues, but they've not been Tenable's fault.

It does have an upper limit. You can go on their website and see what their upper IP limit is.

We have seen that more and more teams want to get access to the data and get access to their vulnerability information, and it really has helped us grow our program.

Their tier-one, initial tech support is pretty bad. Their premium support is excellent. Whether premium support comes at an extra fee depends on how your negotiations go.

We migrated from Nexpose. We switched because Nexpose is not a scalable product for an enterprise. Also, in most instances, SecurityCenter is less false-positive prone and the detection seems to be better in most instances.

The initial setup was very straightforward. In fact, for some of our teams, we've actually done - "capture the flag" is a bad word for it - but effectively that type of an activity, and they pretty much go from naked box to Tenable scanning instances within a couple of hours. It's very easy to set up.

I can safely say that it can be deployed with one person. And it doesn't require a lot of maintenance. It depends on how much you use it for, but it's mostly just set-it-and-forget-it. Then there is just the mechanical stuff of patching the box and applying system updates, but it actually does a pretty good job most of the time.

We've seen return on investment through visibility, scan stability, ensuring that we're able to assess our environment. Also, ensuring that we are able to have good confidence in the data, and that we're able to do out-of-the-box reporting and various other dashboards that really help us drive our program and help sell our case.

We evaluated Qualys. It depends on whether you want to do on-prem or in the cloud. Qualys really is a black box. You literally put this thing on your network, you can't touch it, and if you want to do something like troubleshoot, it is just not very friendly from an "if things go wrong" perspective.

Make sure that your sizing is done correctly, in terms of the hardware size. When you do buy Tenable, a lot of times you'll use Professional Services to help you implement the tool. Whatever advice Tenable has, listen to it very specifically and also talk to them specifically about what your goals are. Instead of talking tactics, talk about goals. What's going to happen is that they may say "Hey, we're going to do things slightly differently than how you used to do it," but in a lot of instances, they're going to be right.

In terms of features that we're looking forward to, VPR is one that we're going to start using more. And they also recently had a SAML integration for single sign-on. That was a new feature in 5.9.

Overall, Tenable is easily a nine out of ten. It's not a ten because there is no perfect tool out there, and Tenable SecurityCenter does have its limitations.

The primary use case is to perform vulnerability assessments across the entire network.

This solution has given us visibility of the vulnerability in our network. It also shows what needs to be done to negate the vulnerabilities by providing links to the solution for those issues. Generally, we are now able to manage our vulnerabilities better. We can identify them, prioritize them, and then negate them. It has improved our security posture.

The most valuable feature is its ability to scan for vulnerabilities in our important systems, networks devices, and so on.

The web application scanning area can be improved.

A feature that I would like to see is the ability to integrate with exploit tools. 

It's a really stable solution. So far, I have not had any issues. Once it was installed it was very stable, very few bugs. It has topped expectations.

It's easily scalable. If you are required to scan more assets then you just request for it to be expanded, such as from two thousand to five thousand. Scalability is not an issue.

The system is used by around thirty-five users including system admins, who ensure that the system is up, and the application admins who are responsible for fixing the issues that are picked up with the solution.

We use it across our entire network so we cannot expand its use any further.

Their technical support is quite good, and they're very responsive. If there is any issue they perform quite quickly. Also, the local partner is well versed in the solution so they give us the support we need.

We did not use a solution prior to this one.

The initial setup, including the GUI, is very straightforward.

The implementation took about three months, and then the maturation took about six months.

We have about two people for maintenance.

We were working with a local partner for the deployment.

We have seen ROI for this solution. It has reduced our security vulnerabilities. Even during the national audit, one of the findings is that this solution is helping us be more productive. We're able to find these issues before somebody else finds them. We can fix them before they are discovered by others.

The licensing costs for this solution are approximately $100,000 US, and I think that covers everything.

Before choosing this solution we evaluated Qualys Labs and Rapid7.

This is a good solution for evaluating vulnerability in the network. It gives wide coverage, and it is able to scan most platforms on the network.

I would rate this product an eight out of ten.

I primarily use this solution for vulnerability assessment on the assets that we have. This includes servers, network equipment, appliances, routers, firewalls, and switches. 

Before, we did manual management of our assets. We have an EXO file that has all our assets in it. They have the IP address and all the details of each equipment. We manually enrolled those assets to our vulnerability scanning tool for them to be scanned on a monthly basis and check what new vulnerabilities they may have. With the  Security Center, we are able to automate. We were able to automate how we enroll our assets in the Security Center, and the scheduling of when we scan each asset, and how we report them to respective system owners. We are trying to use it as a channel of a self-service platform to the system owners or system administrators. It helps to access the Security Center for them to review the vulnerabilities that the equipment or the servers may be assigned or under the domain.

We really love the Security Center dashboard. It performs vulnerability scanning and then outputs vulnerability data. When you are working with one, two, three, up to 10 IT pieces of equipment, managing the vulnerability data would just be fine, but when you are managing assets across an organization of 10,000+ employees, you have a really hard time normalizing those vulnerability data. The dashboard helps us out to map what things need to be prioritized, what is our current threat landscape and what would be the latest threats that we have in our network.

One of the challenges that we may have experienced with that platform would be the flexibility of how to modify or create. They have this configuration compliance audit function, so if ever an organization has their own configuration standards that should be set on their servers, you have to modify those plugins in Tenable for it to match the specific values that you are looking for when you perform the configuration assessment on your equipment. It is a small challenge because it uses regular expressions on their plugins and so we are having a hard time either creating a blank template from scratch. We usually base our compliance audit plugin on an existing one and then modify the values or describe whatever is not up to our standards. A good plugin editor is an additional option for the Security Center.

Whenever you have a vulnerability scan running of  5000 IP addresses all at the same time running, it tends to keep resources on the Tenable server itself, a huge amount of CPU and memory. Right now, it's still goes up, but at least it's below the threshold, which I think would be 73% or 75%.

As long as you can buy the license, you can easily add up until you need an additional scan engine.

We previously used Qualys Virtual Scanner Appliance.

Setup is easy as long as you have the right hardware requirements. The deployment took about a week. We used two network guys, two system admins, one application admin, and two security admins to implement the solution.

The longer process was on the hardening part of the components of the servers. We had to install everything on servers, all the dependencies, all of the software that Tenable needs, including the Security Center itself, and then once everything is installed, meaning everything is locked down, no other software is needed to be added to it. We performed a patch check and configuration checks on it to see they have met our standards. After that, we requested the connectivity performance from our firewall team and performed discovery across our network, if it will be able to see all the systems or all the IPs or all the networks that we have in our network. That would be one of the long processes that we took since there were a lot of different network segments that each engine or each Tenable component will pass through. We had to look for each one, just to make sure that we have the full coverage of our network.

We're able to save because we don't have to employ more staff members to help with the scheduling of the scans, running the reports or sending them out to the system owners. That alone is a big ROI. A massive security breach would cost us a lot. This is a preventative measure worth our investment.

Before, just preparing the monthly scans alone would take us about two weeks to set up. Then, we would have to wait for at least another two weeks for those assessments to be done, for the scanning to be done, and then it will take us about another two weeks to generate the report before we can send them out to the system owners. That's the reason why those were our main drivers, as well, for us to push the use of the Tenable Security Center as a self-service platform to the system owners. The quick turnaround time in terms of generating reports and sending them out to the respective system owners is significant.

Basically it reviews our threat landscape vulnerability. So, we just want to be sure that we check compliance in terms of our configuration and compliance to our policies. But, the key is to make sure that we are not exposed to vulnerabilities that can be exploited. So, it's more of just securing our threat landscape.

It easily detects issues, and alarms the site.

One valuable feature is the Assurance Report Card. with the Assurance Report Card, we are able to give our overview about security posters in just a glance. And with a report to cut this we can quickly, our executives can quickly consume that without going into the difficulties of the vulnerability issue.

In terms of the configuration of the reports, there's some level of flexibility that we are not able to achieve. In terms of configuring the reports to achieve certain percentages and all of that. So, that's really the main thing I've noticed. But, apart from that, I think it's one of the best vulnerability management tools I've used, in terms of giving us the full visibility into the environment.

One to three years.

There were no crashes, or anything of that sort. The solution is stable. At times, we have had the typical bugs, but it's not something I would say is a big deal. It is maybe once in a quarter--insignificant.

I did not have any issues with scalability. This is because once you scope the main control, the Security Center box, you do proper saving on the main box in terms of storage. Initially, when we did the first installation, we did not properly size our storage. So, we quickly entered issues. But, since it was  Linux box, we were able to reconfigure and make development for additional storage. Once we did that, there has not been anything that tested the scalability. So, when the growth becomes a little high, we just add a box and provide a scanner. Then, you define the territory within which you can scan, because each scanner can be assigned to a given territory in terms of sub-nets, and so on.

The tech support was fairly good enough. I would not rate them as top-notch, but it was fairly good enough. I would give it a rating between 70-80%.

I considered Rapid7 Nexpose and Metasploit in the past.

It was pretty straightforward.

It is slightly more expensive than other solutions in the same sphere.

If you are considering a product like this, you must take into account and properly plan, scope, and scan. You need to know how to properly place your scanners and how to schedule automatic scans. You need to properly schedule your scans, so for example you don't need to scan your data center during that day when your business is most active, you can schedule your scans to run in the middle of the night, when your systems are least active.

If you wake up on LAN, then you can even scan clients during the night. You schedule wake up on LAN, your boxes are woken up on LAN, then the scanning is run, and then the boxes are shut down once the scan is over. So that's proper scoping and planning with this solution.

I use SecurityCenter currently to investigate daily network security events from reports I receive. Our network support team uses it to track, manage, and remediate system vulnerabilities. It works well for the latter, not so much for the former.

In terms of vulnerability mitigation, SecurityCenter has worked quite well and is a perfect replacement for GFI LanGuard. Unfortunately, it's also being posed to my team as what we're supposed to use in place of ArcSight Express, which I've worked with for several years now.  SecurityCenter could be much more useful to our agency as a whole if it were configured better, but I'm not sure that the team that directly manages that system knows how to do that, or has the right licenses they need to bring in all of the data my team needs in SecurityCenter to make good use of it.  Basically, it comes down to two teams trying to use the same product for very different purposes, and while one team is pleased with the results, the other (mine) is not.

The 'raw syslog' search functions are fairly nice for tracking down debug info from an event, but it's usefulness is extremely low when compared with ArcSight in terms of its usefulness in network event investigations. SecurityCenter's strongest focus seems to be its vulnerability scanning, but I'm told I should be able to use it to replace ArcSight, and from experience with both products, I know that's not the case.  To be honest, if my mission were more aligned with our other team's goals, I might like SecurityCenter a lot more than I do; but as is, it's like trying to fit a square peg into a round hole.

Security Center's vulnerability scanners are excellent in terms of compliance reporting, and the dashboards certainly seem to make the less technical of our staff all starry-eyed, but to be honest, I find SecurityCenter to be lacking in too many ways where my usage of it has been concerned.  Dashboards, to me, are much less interesting than a powerful and flexible query engine, and that's an area where I find SecurityCenter most lacking.

ArcSight Express; my employers sought a less expensive solution. If I'd had any sway on the decision, it wouldn't have happened, or at least, it would have happened differently.  The two products compliment each other well, but separately, they're designed with very different goals in mind.

No, I wasn't given the opportunity. SecurityCenter was brought in, vetted, and implemented by a separate team from the one I work with daily.

Know what you're getting into, and know the difference between security compliance suites and SIEM suites. The two are very different, which is why I'm very unhappy using SecurityCenter, because it's been forced upon me as a replacement for a product that it doesn't even compete with.

I primarily use Tenable.sc to search availability and for our workstation server and data center.

Tenable.sc's best features are the availability model, accident management, and scoring. It also gives fewer false positives than its competitors.

Tenable.sc's user interface could be improved.

I've been using Tenable.sc for about two months.

Tenable.sc is very stable.

Tenable.sc is scalable.

Tenable's technical support is good.

The initial setup was easy as we use the cloud version.

Tenable.sc is more expensive than its competitors.

I would give Tenable.sc a rating of eight out of ten.