Tenable Vulnerability Management Reviews

The solution is quite friendly. 

Users get confused between VPR and CVSS ratings. 

I would rate the tool's stability an eight out of ten. 

I would rate the solution's scalability an eight out of ten. We have around 1000 users for the product. We plan to increase the tool's usage in the future. 

I have used Nessus before Tenable. We switched to Tenable since it covered the problem for us. 

The product's setup is very easy and the deployment took six months to complete. 

We relied on a third-party vendor to complete the tool's deployment. 

The tool is easy to use and user-friendly and I would rate it an eight out of ten. 

I primarily implement the solution for clients. It's mostly used for security purposes. 

The product has many features and continues to develop its capabilities at a rapid pace. 

It's done a lot of acquisitions and has really built out its cloud functionality. They're doing a good job of building out their cloud security.

The initial setup is mostly straightforward. 

The solution is stable. 

It can scale as necessary.

I'd like to see them improve their support.

It would be great if there was more integration with other third-party products. They have a robust API, so it's possible to write a script in Python and extend or integrate with another solution, however, will be great if they had this integration automatically.

I've been dealing with the solution for three or four years. 

The solution is stable. I haven't had any issues. There are no bugs or glitches. It doesn't crash or freeze. We use AWS infrastructure and find it to be very reliable. 

The general scalability is pretty good. It's easy to add on. We haven't had an issue with expansion. 

At this point in time, I'm not sure if our clients intend to increase usage. 

They need a better approach to support. When I have hard questions that need answers to, I prefer to jump to L3 support instead of getting pushed to L1. It's not solving my problems fast enough.

I've deployed Tenable.sc and other Tenable products. I've also dealt with FireEye.

I've been implementing the solution for four years. Therefore, I do not find it to be a difficult process. In general, it is easy to deploy, however, it depends on the client. If they are cooperative, it is easier. 

We need at least one person for deployment and maintenance. 

I can't speak to the exact cost of the solution. 

There may be some features that we have to pay for that are extra. However, when someone wants to use Tenable.io only for vulnerability scanning and vulnerability management, there is no hidden cost.

We are partners with Tenable and therefore tend to lean towards their products more than others. 

We're partners. I mainly implement the solution. 

I work with a variety of different versions. I use the whole Tenable portfolio.

I'd rate the solution eight out of ten.

I work for a company called Maxtec, and we are a distributor. One of the solutions that we used to distribute, not anymore, is Tenable. I've worked as the product manager for Tenable, and it is one of the products on which I've worked quite extensively. We stopped its distribution last year, and I stopped working with it at the beginning of 2022. We were using its latest version.

One of the biggest cutting-edge technologies that they were able to introduce is predictive prioritization. It has helped a lot of IT teams enormously that were heavily under the weight of vulnerabilities that they needed to remediate. Just in 2019, over 19,000 vulnerabilities were discovered, and about 10,000 of those vulnerabilities were rated between high and critical. The way predictive prioritization works is that it adds a lot of context and granularity, and it helps you understand which vulnerabilities actually pose an immediate risk to your environment. It eliminates the pressure that the IT teams were under in terms of remediation because now, they don't have to focus on 10,000 vulnerabilities. They can only focus on 3% of vulnerabilities that pose an immediate risk to their environment. That, for me, has been a cutting-edge technology and a game-changer in helping a lot of IT teams in focusing more on the risk that they need to address, at least within the next 30 days.

Tenable.io, in particular, is quite a powerful product. It looks at your traditional environment, which is pretty much anything that is on-premises, and it also goes a step ahead and covers your modern assets, which is anything that is currently sitting in the cloud. You get complete visibility of your entire environment and tech operation. The ability to give you visibility across the entire tech surface is one of the biggest advantages that Tenable.io has.

The use of agents comes in very handy when a lot of the workforce is working from home, such as during COVID-19. Some of the traditional tools would not be able to monitor any of those devices that people would be working with, such as laptops, because they are remote. You can only audit their machines if they are on the business premises, but with Tenable.io agents, you can maintain that level of continuous monitoring, even if they are not on-premises at the time of the scan. The agents run the scans locally on the machine.

Tenable.io is a cloud-managed solution, but the scanners are sitting on-premises. They've also got some public cloud scanners that are sitting all over the world. They've got something called frictionless assessments, which is quite an interesting approach for vulnerability scanning of anything that is sitting in your AWS. You don't have to deploy the scanners. They've got sensors in there that are able to give you continuous monitoring without deploying scanners, doing any configurations, or inputting any credentials.

They've been able to think about everything in terms of where the world is going and the type of assets that you've got. They've everything sorted out in that aspect, but you have to pay for most of the other components that they've got to give you complete visibility across your tech surface. If it already had those capabilities in-built, without having to add them on to take advantage of them, it would be a very compelling value proposition.

Their support needs to be improved in terms of turnaround time.

It is stable.

It is a cloud solution. Therefore, it is highly scalable. There is no limit to how many assets and devices you can handle.

In terms of verticals, in the public sector, we've seen a huge uptake. That could be because of compliance reasons. We've also seen it being used quite extensively within the banking and financial verticals. Those are the biggest users of the product. There has also been an uptake in other verticals but just not as big or as vast as the public sector and the finance and banking sector.

One area that they could improve is technical support. Oftentimes, it's not as good as it should be. The turnaround time could be improved quite significantly.

It is pretty easy and straightforward. For the cloud, you don't have to do anything on the management console. That is already set up for you. The only thing that you need to configure is your scanners that are sitting on-premise. For that, you just need a linking key that you obtain from Tenable.io so that there is directional communication between the cloud, your cloud instance, and various scanners that are sitting on-premises. It would be the same process if you want to install an agent, for example, on a machine. It would apply the same way. The only difference is that instead of choosing a scanner, you'd choose an agent.

For future users of Tenable.io, I would recommend using a layered approach. Tenable.io has an open API. So, it can be integrated with SIEM solutions. You can look at integrating it with privileged access management or any SIEM solution so that you've got all the data being pumped into a centralized location, and you are able to read the data alongside other security events coming from the SIEM and privileged access management solutions. 

Companies that are currently using Tenable.io can definitely start looking at integrating some of their security solutions for a much more robust security approach.

I would rate it a solid eight out of ten.

The solution is used for the vulnerability assessment of the network infrastructure.

The solution finds vulnerabilities, anomalies, and threats. Tenable has basic and ad hoc scanning features. The tool schedules scans for continuous monitoring. The main advantage of the solution is that it assesses the vulnerabilities and provides a CVE score. Reporting is very easy. The management dashboard is very easy. The tool has an easy-to-use interface. It is easy to implement the product.

The product is a bit expensive.

I have been using the solution for 7 years.

The solution is stable.

The solution is scalable up to a certain point. I rate the scalability a seven to eight out of ten. Our customers are medium to large businesses.

The support is very good.

Positive

The configuration is easy. My engineers can work on it seamlessly. The deployment of the basic solution does not take more than four to eight hours. We need one or two persons to deploy and maintain the product. There are no other challenges if we have the network and can access the IPs.

The product impacts our client's operational cost related to vulnerability management in a good way. It automates a few things and saves the engineers' costs.

I rate the pricing a seven out of ten.

We are resellers. The solution is easy to implement. It has an easy-to-use interface, enabling organizations to go faster to market. Overall, I rate the product a nine out of ten.

We use the software to manage vulnerabilities in our environment.

The product’s most valuable feature is remediation. It shows a list of vulnerabilities per server once you scan on cloud or on-premise instances. It helps us create remediation projects and assign the console’s responsibility to specific engineers. We can set up a follow-up date depending on the organization's requirements.

The product could be easier to set up on the cloud.

We have been using Tenable Vulnerability Management for three years.

I rate the platform's stability an eight out of ten. Once, a few of our subsidiaries complained that channel usage in the environment was consuming bandwidth.

We have five admins using Tenable Vulnerability Management in our organization. I rate the product’s scalability a seven out of ten. It has many features, and it is complicated to train someone on how to use Tenable. You have to schedule a session every day for almost two weeks for it.

It was challenging to contact the technical support team earlier. However, we have found the right contact and can reach out to them easily.'

I have used open-source applications before.

The product is complicated to set up on AWS. However, it is easy to implement on-premises. It involves discovering IP addresses and schedule scanning. It requires acquiring some knowledge about the process to familiarize yourself with the AWS environment. We have to complete the setup for the whole environment. The deployment for a vast environment involves migrating a lot of data from on-premise to the cloud.

We execute the implementation for most of the tools in-house. We take help from third-party vendors for the rest of it.

I rate Tenable Vulnerability Management a nine out of ten. I advise you to choose Tenable.iO as it is a cloud-based solution.

We use Tenable.io for vulnerability scanning.

I like the Cloud Scanning feature the most.

They can improve in the area of role management and compliance reporting.

They should include better customization of the dashboard and integration tools.

We have been partners with Tenable.io for four years.

It is pretty stable. I would rate it nine or maybe ten out of ten. I didn't realize that the solution will be dropped in availability.

It is a scalable solution. I would like to rate it a six out of ten.

Many times, I get some answers that are not suitable information for my query. Thus, I need to escalate our vendors and our contacts internally. When some task is escalated and some security engineer supports them, it becomes quite helpful. After all, we are a part of it. I am working with Tenable.io. So in general when I have some problems, it is a pretty big problem for me. And I need someone else for support. It is not a general problem that some customers can figure out.

Neutral

Two years ago, I was training for Rapid7. Since then, I have had no time to implement another solution. So we are just implementing Tenable.io right now. Also, we have some big Tenable.io projects. So, we are just working around Tenable.io. But I have some expectations to work in the future with another vendor for vulnerability management.

I don't have any comparative options from another vendor. I just work at the retail level. I know it has a pretty high cost for some features. It's a security vendor, and the security solutions are pretty high-priced. I think Tenable.io is available at the mid-range of prices, maybe the mid-high range.

I work with Tenable.io and implement this solution for many customers. I would rate it eight out of ten.

The solution needs either two engineers or one security specialist to maintain it.

Our primary use case for this solution is to satisfy the requirement for vulnerability assessments regarding internal assets, CPI assets and web applications. We deploy the solution on private cloud.

The ease of use in terms of scanning assets is valuable, and it has a diverse checklist when it comes to vulnerability databases. Hence, it has a comprehensive database for exploits and vulnerabilities, which is why we continue using it.

The response times from the customer service and support team could be improved. Additionally, the pricing could be better.

We have been using the solution for approximately four years.

The solution is stable.

The solution is scalable, and we currently have 15 users utilizing it.

The response times of customer service and support can be faster. I rate them a six out of ten.

Neutral

We previously used different solutions but chose to switch because of the flexibility regarding cloud.

The initial setup is straightforward, and it took a couple of hours.

We implemented the solution in-house.

Licensing is approximately $6,000 annually.

I rate the solution an eight out of ten. The solution is good, but pricing, support and flexibility can be improved.

Primarily we're a partner of Tenable and what we've done is we've essentially created a middleware. We created a middleware on top of Tenable.io engine, the API, and the middleware was developed back in 2003. It has gone through about three different iterations since then. 

Essentially, we simplify their user interface. It's been designed so that the managed service providers, the MSPs, are able to use the Tenable system with our interface on top. In a sense, what we've done is dramatically dummied down the Tenable interface through the use of our own GUI. We connect to the Tenable API in the backend, however, they're doing the heavy lifting, so to speak, and we're just presenting the information in a much more logical, easily understood manner. 

The API is pretty good.

The solution works well for enterprise-level organizations.

They're a standup product. They really are. They're one of the first in the industry which means they're a quite well-established site. It's pretty hard to improve upon. 

The initial setup is pretty straightforward.

They are on a good trajectory as a company and investing in R&D in the right ways.

The stability is excellent. 

The scalability is pretty good.

The solution seems to focus too much on enterprises, and they really need a product that works for SMBs. The enterprise product is too expensive for smaller companies, however, they really are looking for a product like this in the market.

It's too technologically advanced for SMBs - Tenable is kind of a little bit like flying a 747. There's a lot of bells and whistles and switches and things like that, that quite frankly are not used or not understood largely by the average user. If they don't begin to cater to smaller organizations, they'll likely lose market share.

They could use a better user interface that could be developed a lot better than it is. It really could be more intuitive.

I've used Tenable for 20 years or so. 18 to be exact. It's been a good amount of time. I have a lot of experience with the company.

The stability is excellent. There are no bugs or glitches. It doesn't crash or freeze. It's one of the reasons we chose it. It's reliable and the performance is excellent.

Aside from their licensing, which needs some serious reworking, when you get the licensing in order the scaling is not that bad. It's pretty much on-par in terms of what others are doing. However, getting the provisioning of the licensing and all of that stuff through their partners, namely Ingram Micro, is nothing short of pulling teeth really. 

I've never used technical support in the past. I've never had a need to. Therefore, I wouldn't be able to assess them. I can't say how knowledgeable or responsive they are.

We've only been with Nessus. Nessus Professional came out way back in the day, in 2002, 2003, there was WebInspect which was then, bought by IBM. We used WebInspect which was another iteration of vulnerability scanning. It's kind of like Burp Suite, which is commonly used now. That was our only other experience. That was very far back, it's almost another lifetime.

The initial setup is pretty straightforward. We've got staff members that are certified for decades, two decades or more, and they know their way around quite easily. It's quite easy in that regard to set up.

In terms of the pricing side, I would say that they've lost a little touch on the pricing. It seems that the enterprise companies are the ones that primarily use Tenable for DIY security. However, the needs are much greater adoption in terms of the SMB space. These companies are screaming for attention. They've gotten interest from the hackers as hackers seem to be quite focused on the SMB space - which means they need protection. Most of the VA companies that are out there are servicing the enterprise and they all need the help. They've got the budget, they've got the resources, they have the CISSP certified guys on the bench taking care of their needs.

In terms of the volume of users interacting with the solution, you're looking at tens of thousands. As a service provider, we use the solution for companies of all sizes.

We're a partner for Tenable Nessus.

The Tenable.io is what we're using currently. It suits our needs best due to the fact that it's in the cloud. The API is okay. It's not wonderful. Seems to serve a purpose.

The biggest problem with the solution is that if you're a small company, you're not going to be able to afford it, nor are you going to be able to manage it.

I would recommend other organizations use the product. People probably don't consider the amount of, let's say, understanding or comprehension that they need of their own network to truly be able to deploy and manage and get the results they're looking for, however. Many often underestimate all their skillsets. Tenable has a number of features and functionalities and it can be a little confusing for, let's say, a non-security savvy person. It could be a little bit of a challenge, to be honest. I'd suggest any company that considers it also does their homework first.

I'd rate the solution at a seven out of ten. It gets the job done. It really is smooth to operate once it's set up. It is for the most part pretty easy to set and forget.