![Tenable SecurityCenter Continuous View [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,f_auto,q_auto,w_100/rw5701949i9vrej5ogyntundp5zk.jpeg)
One thing that is missing from the Predictive Prioritization is some extra context. I've given this feedback to their engineering leadership. What's missing is integrating with certain data sources like the CMDB. If you knew a given asset was supporting a Tier-1 application, you would naturally rate the vulnerability on that asset higher than you would that same vulnerability on an asset that's in a protected enclave. There are other areas with room for improvement. When it comes to traditional network-based vulnerability assessment Tenable is, hands-down, the best solution. I'm highly confident in that statement. When it comes to some of the other areas they have ventured into, like dynamic application scanning, I think they are lagging behind the curve. They have a lackluster solution, to the point where I think they need to determine, as a company, whether or not that's a space they even want to play in. And if they want to play in that space, they need a significant investment in it. In the container space, they are not really viewed as a market leader yet. I think they've got a way to go in container vulnerability management. There are a bunch of other solutions out there, like Anchor, that a lot of folks use. That's definitely an area of opportunity. Also, you see a bunch of other technologies that lay on top of platforms such as Tenable for risk prioritization. Tenable is dabbling in that with their Predictive Prioritization, dabbling in ranking solutions. That needs to be a continued focus. I think there is a lot of opportunity there, and it has gone down a good path, but that needs to be a continued focus. The difficulty with that is that it's limited. When you look at an enterprise vulnerability management program, Tenable's solutions aren't going to cover every aspect. If you think about the SDLC, aside from some of their container scanning, they don't really have much embedded in the SDLC. You're going to have a bunch of different types of scanning that all need to come together to effectively rank your priorities, or the solutions that need to be implemented. Tenable is really just looking at one piece, which is primarily your operating system, databases, and middleware. They're not really looking at any of the applications.
