The first of the valuable features is how easy it is to access all of the information that's gathered from the assessments. That was one of the differentiators when we did an RFP a year-and-a-half ago or so. With a lot of other technologies, like Rapid7, if you're using Nexpose you effectively have to be a DBA to get some of the lower-level results from the scans. And Qualys wasn't very intuitive. (We actually had both Nexpose and Qualys in-house, historically. We had really good experience with all the leading platforms). How easy it is to get the data is a big feature.

The next big one is supportability. In a large enterprise, we have many types of technologies. The technology we previously had didn't even support authentication to a lot of those technologies.

In terms of vulnerability prioritization through Tenable's Predictive Prioritization, internally we have something called a residual risk calculation. Whether through manual vulnerability research or through scanning, vulnerabilities go through this residual risk calculation. We already had a pretty big data set of what the base CVSS scores look like, compared to what they should be for our environment. We use that data set to compare against the Predictive Prioritization to really pressure-test whether or not Predictive Prioritization was accurate for our environment. This far, it's wildly similar. It seems to be very accurate. We shared a bunch of data with Tenable to give them some affirmation as to what we were seeing across our enterprise.

Regarding their Vulnerability Priority Rating, so far so good. I love what they've done with their integration, looking toward the future. It's a great step forward. I don't think it's in its final form, it's not its final iteration, but it's definitely a good step forward.

Through porting, we can see how the improvement is happening over a period of time. We can see the overall scenario from the last year, where were we were and where we currently stand.

The scanning itself is really the core of the tool, and it's what we're most interested in.

The features that I have found most valuable are that it is easy to set up. I is easy to manage and every report already has a template so it is easy for us to generate a template with a compliance and execute authority. All the reports we can generate as if it is a new requirement.

Another valuable feature is that we can manage everything with only a single console on the Tenable SecurityCenter. We can pull and define the policy. We can perform every task on the Tenable SecurityCenter.

One more thing is that Tenable SecurityCenter has an R3 feature which makes it very easy to manage or at least own the asset policy that we define.

Another great feature is that it is very easy to generate reports for management. There is no need to manually create them, everything is by steps. We can add on all the templates, we can cost them on the template and we can do everything in the Tenable SecurityCenter.

Lastly, the Tenable SecurityCenter is aligned for customer with the compliance and regulatories. as well.