Tenable Vulnerability Management Reviews

I was the manager of the vulnerability patching team in my company, and we would use it to go through everything, discover our network, find what vulnerabilities existed, and then use that for a work plan and assignments to decide who would fix what vulnerabilities.

In my company, with the help of Tenable Vulnerability Management, we could find all the things that we didn't know existed. It would be too resource-intensive to manually go into every device and figure out in which version of a solution the vulnerability exists, which is something that Tenable Vulnerability Management does for you.

The solution's most valuable feature is the product's vulnerability database, as it knows what to scan.

There is no good work assignment system in the product. Specifically, if an SQL patch needs to be applied, then that needs to go to the SQL team, but Tenable wants to assign the ticket to an individual and not a team.

The reporting was never great in Tenable Vulnerability Management, so, in my company, we imported all the data into Ivanti RiskSense to start using it for reporting.

I have been using Tenable Vulnerability Management for three to four years. I don't remember the version of the solution.

It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a ten out of ten.

I rate the technical support a seven out of ten.

Neutral

I have experience with another solution in the past, but I don't remember its name.

The product's initial setup was very straightforward.

The solution is deployed on an on-premises model and the cloud. With the endpoint in the product, everything was reported back to the cloud offered by Tenable.

I saw a return on investment from using the solution since I feel that finding the vulnerabilities is always much cheaper than dealing with a situation after your system gets hacked. In short, I would put it as insurance is cheaper than the fire.

In our company, we went through every other tool in the market and came down to Rapid7 and Tenable since they were the only two good options.

Network scans are very resource-intensive and can cause outages in some instances, which is a political and not a technical issue to solve.

I rate the overall tool a ten out of ten.

We use Rapid7 InsightVM and Tenable.io Vulnerability Management for similar purposes: a vulnerability assessment. At present, Rapid7 InsightVM is running in our IT infrastructure, while Tenable.io is running in our ICS and OT security, which includes our plants, premises, systems, SCADA systems, and PLCs. We usually find more vulnerabilities in these legacy systems, such as Windows XP and Windows 7, than in Rapid7 InsightVM. However, the use cases for vulnerability assessment are the same.

The solution is more user-friendly than Rapid7 InsightVM. A new user can easily understand the workflow, even if they are creating users for other divisions and the user is a beginner. They can easily use the system to get the data they need or fulfill their requirements.

I believe that Tenable.io is currently the best vulnerability management system. Compared to other vulnerability systems such as Rapid7 InsightVM, I find Tenable.io to be one of the best. However, Tenable.io lacks a platform to exploit or test the vulnerabilities it identifies. For example, if I identify a critical vulnerability, I cannot use Tenable.io to determine the risk of exploitation. Unfortunately, Tenable.io does not have a platform to test this.

The initial setup is complex and has room for improvement.

I have been using the solution for five years.

The solution is stable.

The solution is scalable.

After deploying Tenable, I spoke with the technical support a maximum of two or three times. They are very knowledgeable and know their stuff well. We always received immediate support from them.

The initial setup can be difficult. We need to configure the case. If we are starting from the beginning, we need to set up each IP range and make sure our firewall covers it. We also need to whitelist the Tenable.io IPs. This initial setup can be challenging.

Compared to other VM solutions, Tenable.io Vulnerability Management is expensive.

I give the solution a nine out of ten.

If we are using the solution for the first time, we should be sure to understand what aspects of the target we are trying to use Tenable.io for, such as what kind of information assets we have, whether they are general devices or specific devices, or if they are deployed in the DMZs. This way, we can ensure that we get the desired results. Therefore, before logging in or implementing Tenable.io for the first time, new users should be sure to have a good understanding of their requirements.

We use this solution to scan our network to try to identify all our assets. It is very good at finding all assets depending on how you program it.

The vulnerability management itself is the most valuable feature as well as references to mitigation techniques.

The user interface could be improved by being able to change the user interface to fit your position or your job. The graphs are set in stone and you can only print reports. 

I have been using this solution for seven months. 

The stability of this solution is good. The application is always available and you can also set the scans to not take up too much bandwidth.

The scalability all depends on how much you want to spend. If you have 10,000 assets you want to scan, you'd have to pay for that. It is very easy to scale up or scale down, but it's going to cost you.

I would rate their support ten out of ten. 

Positive

It has a steep learning curve but Tenable does offer free courses for beginners and paid courses to become a specialist. This assists with the ease of setting it up. 

The total cost we pay for this solution is over 45K. This is for a large education organization. 

I would advise others to take the courses provided and then to play around with the solution. This will speed up learning as this solution has a steep learning curve and can be intimidating at first.

I would rate this solution an eight out of ten due to not being able to change certain parts of the user interface. 

I would rate this solution an eight out of ten. 

The product operates on a license-based model, where you purchase a license based on the number of IP addresses you intend to scan. For example, if you purchase a license for 50 IP addresses and your network has 200 users, it will only scan for those 50 IPs. You can gain visibility into all IPs within your environment, including subnets with a full license. Also, you can geographically segment your scanning targets based on the number of IPs allocated for each location.

The product is very friendly. It is easy to manage. Most of the information the tool provided was correct and helped to further investigate the vulnerability and its impact.

The most important feature is network scanning.

The solution’s pricing could be improved.

I have been using Tenable Vulnerability Management for one year.

I rate the solution’s stability an eight out of ten.

The solution is very scalable. It allows you to adjust according to your needs. You can add more features if you wish to purchase additional tools.

The initial setup is very easy. To deploy, run the setup command, and then it can deploy on your Linux and Windows platforms. I did it by myself.

The product is expensive but manageable.

I recommend the solution. Although, it varies from person to person experience. Rapid7 users can use free tools. I'm very satisfied with the product.

Overall, I rate the solution an eight out of ten.

We use the tool to find loopholes in the system.

The product fulfills our needs. It gives reports and finds vulnerabilities in our system. The product is easy to use. It is easy to integrate the tool with other products.

The solution must be promoted more in the market. It will make the customers more aware of the product.

My organization has been using the solution for a month.

The tool is stable.

Around 20 people use the product in our organization. We have one to three administrators. We are most likely to increase the usage of the product in the future.

It was easy to deploy the solution.

The tool is reasonably priced. There are no additional costs associated with the product.

I have known the product for some time. So, I implemented it. Overall, I rate the solution an eight out of ten.

In my company, we use Tenable.io Vulnerability Management is a good solution for vulnerability assessment on the infrastructure and not on the applications. The solution is useful for conducting vulnerability assessments on IT infrastructures. We use Tenable to discover assets on the network and the vulnerabilities in the vulnerability management cycle.

Tenable.io Vulnerability Management is an easy-to-use product. It is a good solution, as per Gartner's SIEM Magic Quadrant. The product has a lot of documentation and blogs, so you can get lots of support from its communities while also finding a lot of online materials that can help you improve the solution's uses or implement it according to your use cases.

The shortcoming of the solution that needs improvement is related to its capability to do vulnerability assessments on applications.

I have been using Tenable.io Vulnerability Management for more than ten years.

It is a very stable and mature solution in the market since it has been around for over 15 years.

The product has no scalability solution since it can manage hundreds to thousands of networks.

The solution's technical support is good and quick to respond. If you have a problem, you can be sure that someone from the support team has a solution to your problem.

Our company doesn't use any other products from Tenable apart from Tenable Nessus for vulnerability assessment. We also use NetSuite to manage the vulnerabilities' life cycle.

The initial setup of Tenable.io Vulnerability Management was straightforward since it allows one to use a device, like a virtual machine, or one can use it on a public IP address if it is already deployed, making the process very quick and easy.

The solution is deployed on-premises.

The deployment process was very quick since it could be done using a virtual machine or the customer's network. You can do the deployment with the virtual machine by connecting to the management suite before launching the solution.

To do an assessment for all our customers, my company has over 200 users for the deployment and maintenance of the solution. There is a dedicated team in the company I currently work for to manage the solution. One technician is needed to do a vulnerability assessment.

Yearly payments are to be made toward the licensing cost of the product. It is neither a cheap nor an expensive product.

I recommended the solution to those planning to use it since it is a very good product. Though there are other good solutions like Qualys, Tenable is the best.

I rate the overall tool a nine out of ten.

We actually needed clarity on the vulnerabilities in our infrastructure. We used the solution to scan and make a report for us on what is vulnerable in our infrastructure and what is not, what we can improve and update, and what is good as it is.

It is a very, very user-friendly tool. To make some sense, you just need to put in your domain and click a button to scan and give you a piece of customized information about your infrastructure. It is very easy to use to schedule a scan, and it can consume a lot of CPU resources. So, you can schedule a scan between 1 AM to 3 AM, and it works very well for us.

I didn't work a lot with the solution. My experience was pretty smooth. I don't have any recommendations for improvement. Maybe it's because I don't use it a lot.

The only drawback of the solution is that it is expensive. The pricing should be kept lower.

I have experience with Tenable.io Vulnerability Management. I used it six months ago. I used it for two years. I am a customer of the solution.

It is a very stable product.

The setup is easy. Tenable.io Vulnerability Management is known for its ease of setup.

Tenable.io is not known for being a cheap product. You definitely can have another product that could be cheaper than Tenable.io. If you have a real concern with your budget, maybe another platform would be of interest to you.

You can find other tools that are way cheaper, with similarities to Tenable.io. I would say it may not be the same tool, but similar.

The solution's user interface was very good.

It's one of the best tools available for vulnerability management. I would definitely recommend the solution to those planning to use it.

I rate the overall solution a ten out of ten.

We use the solution for our vulnerability management program.

The solution is deployed in the cloud.

When the logging logic is lacking certain columns, Tenable.io Vulnerability Management provides comprehensive coverage, thereby simplifying the reporting process.

One of the most valuable features of Tenable.io Vulnerability Management is its exportability, which allows us to conduct risk assessments efficiently. This feature enables us to prioritize security issues based on their level of importance, without being distracted by other irrelevant details. Additionally, the system is frequently updated to ensure it complies with industry standards.

The asset identification has room for improvement. Since we are using a cloud-based scanner, we must scan devices based on their ID. However, we are encountering many issues with reporting. Assets are often being incorrectly merged or we encounter issues related to assets. If we had an agent with a scanning system, this issue may not have occurred, but it currently exists.

The UI has room for improvement. The previous version of the UI was better.

The technical support has room for improvement.

I have been using the solution for nine months.

The solution is generally stable, although we have experienced two instances in the past where it was down. The first outage was related to the scanner and lasted a few hours, while the second was caused by storage issues that prevented us from clearing the logs.

Scalability depends on our licensing agreement and the number of scanners we use. Currently, the number of scanners and our license allows for scalability up to a certain limit. Beyond that limit, we would need to purchase additional licenses to expand.

The technical support team responds promptly to basic issues. However, when faced with major issues or more complex problems, it can take longer to receive adequate assistance due to a high volume of entries. In such cases, we are required to submit detailed logs, which the support team will analyze before we can proceed to ask further questions.

Negative

Our current license covers 2,500 assets. If we want to add more assets we need to buy another license for another scanner.

I give the solution an eight out of ten.

We have around nine people using the solution.

The necessary maintenance pertains to storage. As it will be hosted on a specific cloud instance, we need to periodically manage the storage when the logs become full. This involves manually logging into the deployment platform and clearing the storage every few months.

The features of Tenable.io Vulnerability Management are impressive, the management system is well-designed, and the scanning options are thorough. Additionally, there are numerous built-in templates available. However, when utilizing the twelve-day scanner, asset identification can become challenging because of the dynamic IP addresses, which the solution struggles to properly identify the devices.

Tenable.io Vulnerability Management is a leading solution for vulnerability management and excels at aggregating information.