We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
IMO, the previous version (Nessus) is more interesting in costs for some projects.
Tenable has recently added a presentation/analytics layer to its products but using a non-viable cost model (you can generate the same results and dashboards combining Nessus and others ETL/Presentation tool spending 1/10 of value).
Tenable needs to revalidate its cost model urgently.
In terms of the pricing side, I would say that they've lost a little touch on the pricing. It seems that the enterprise companies are the ones that primarily use Tenable for DIY security. However, the needs are much greater adoption in terms of the SMB space. These companies are screaming for attention. They've gotten interest from the hackers as hackers seem to be quite focused on the SMB space - which means they need protection. Most of the VA companies that are out there are servicing the enterprise and they all need the help. They've got the budget, they've got the resources, they have the CISSP certified guys on the bench taking care of their needs. In terms of the volume of users interacting with the solution, you're looking at tens of thousands. As a service provider, we use the solution for companies of all sizes.
The pricing is a bit high. It could be better.
The solution is not too expensive.
I think that the price is reasonable for now, although given that everybody is looking to cut costs, I think that they should take measures to lower it. There are additional features that can be licensed for an additional cost.
Which do you use and why?
In the past vulnerability assessment has been the primary approach used to detect cyber threats.
Risk-based vulnerability management has become increasingly popular.
How do each of these approaches work, and which do you think is more effective?