Try our new research platform with insights from 80,000+ expert users
Bill Hsiao - PeerSpot reviewer
Senior Information Security Analyst at a computer software company with 10,001+ employees
Real User
It provides the end analysis results covering all the published vulnerabilities and information on the market
Pros and Cons
  • "Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
  • "It isn't easy to manage vulnerabilities in Tenable."

What is our primary use case?

I'm a security consultant using Tenable to help our clients perform vulnerability analysis.

What is most valuable?

Tenable provides the end analysis results covering all the published vulnerabilities and information on the market. 

What needs improvement?

It isn't easy to manage vulnerabilities in Tenable. 

For how long have I used the solution?

I have been using Tenable for around two years. 

Buyer's Guide
Application Security Tools
November 2024
Find out what your peers are saying about Tenable, Invicti, PortSwigger and others in Application Security Tools. Updated: November 2024.
816,636 professionals have used our research since 2012.

What do I think about the stability of the solution?

The stability is quite good. Tenable is probably the best among similar solutions.

What do I think about the scalability of the solution?

Tenable is scalable.

How was the initial setup?

The configuration is straightforward. It's easy to use and understand. You don't need to be a cyber security professional to use this solution. 

What other advice do I have?

I ratate Tenable.io Web Application Scanning eight out of 10. Tenable.io is still reliable, and we would recommend it depending on your needs. Tenable.io is a general solution, so it may not have specific features you need for your use case. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1112304 - PeerSpot reviewer
IT Manager at a manufacturing company with 10,001+ employees
Real User
Good reporting and integration, but it needs a user-friendly dashboard
Pros and Cons
  • "The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
  • "It would be great if there were a dashboard that is more user-friendly."

What is our primary use case?

We primarily use Tenable.io to scan all of our assets to identify vulnerabilities and determine risk percentages for each.

What is most valuable?

The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities.

This solution integrates well with other products.

What needs improvement?

It would be great if there were a dashboard that is more user-friendly.

We had some trouble integrating with ZeroNorth that required we contact technical support. This is an area that could be improved.

We are currently running several different scanners and it would be nice to see all of them in one place. For example, Tenable.io is used for assets, whereas we have different solutions for mobile and websites. Having all of these integrated into a single dashboard would be helpful.

For how long have I used the solution?

I have been using Tenable.io for more than a year.

What do I think about the stability of the solution?

In general, we do not have problems with stability. We did have an instance where the agents went down, but problems only occur once in a while.

What do I think about the scalability of the solution?

The scalability is decent and has not been a problem. We have approximately 50 users.

If this solution continues to work well then we will gradually increase usage to cover all of our assets.

How are customer service and technical support?

The technical support is responsive and they worked on our problem quickly. That said, it depends on how quickly support is needed. The SLA is one or two days, although that depends on the agreement.

When we contacted support during the integration with ZeroNorth, our agents went down and it took a week to come up again. I think that the response and resolution time from technical support could be improved, which would lead to less downtime.

Overall, I would say that they are responsive.

What's my experience with pricing, setup cost, and licensing?

The pricing is okay.

Which other solutions did I evaluate?

We evaluated several other products using a proof of concept for each. Tenable.io did well in comparison.

What other advice do I have?

For assets, this is a good product and I recommend it. We have done some other PoCs and in comparison, I think Tenable.io did well.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Application Security Tools
November 2024
Find out what your peers are saying about Tenable, Invicti, PortSwigger and others in Application Security Tools. Updated: November 2024.
816,636 professionals have used our research since 2012.
reviewer1248330 - PeerSpot reviewer
Security Specialist at a security firm with 51-200 employees
Real User
Top 20
Collects the vulnerabilities on the hostnames and sends them to the cloud
Pros and Cons
  • "It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
  • "They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."

What is our primary use case?

I work for a security company, and I implement Tenable for our customers. I just implement this technology. I'm not working with the users. 

Our main use case is for implementing and starting scans for the whole company or a specific host. It is used for creating reports or dashboards for the vulnerabilities of the whole company. As a product for web application scanning, the results are uploaded to the cloud, and the management is on the cloud, but we can implement an on-premises scanner, or we can scan the on-premises web applications of our customers.

What is most valuable?

It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on.

What needs improvement?

They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap.

For how long have I used the solution?

I have been working for this company for two years and eight months, and I have had many opportunities to implement Tenable.

What do I think about the stability of the solution?

It is a cloud solution. It has 100% reliability.

What do I think about the scalability of the solution?

Being a cloud solution, it must be scalable.

How are customer service and support?

In general, it is fast. In some cases, we need L3 support, which can take some time, but overall, it is really fast. As compared to other vendors who implemented such solutions, the support is fast.

How was the initial setup?

It is a complex solution. Tenable.io is an enterprise solution. So, it is not that easy to set up.

The deployment duration varies depending on the size of a company. It can take five days, and it can also take a month.

What about the implementation team?

We have our own team. The number of people required for its deployment varies, but we have been able to implement it for most of the projects with just three people.

For its maintenance, we have five or six people in support.

What other advice do I have?

I would rate it a nine out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
OniRahman - PeerSpot reviewer
Technical Consultant at a tech consulting company with 51-200 employees
Real User
A good automated scanning solution but could be more flexible with customization
Pros and Cons
  • "It is fully automated."
  • "The report customization needs to be better."

What is our primary use case?

Our primary use case for the solution is automated scanning. It doesn't require scripting knowledge or any of those suites or other tools. So it is fully automated, and we provide the credentials and URL. The tool does all scanning and will show the result per the requirement.

What is most valuable?

We find the scanning and reporting features most valuable.

What needs improvement?

For the OWASP there is a predefined dashboard but a detailed report template would have been perfect . The report customization needs to be better. It can be more flexible in the customization. Additionally, the API Scanning features can be improved.

For how long have I used the solution?

We have been using the solution for a couple of years and currently use Tenable.io and Tenable Vulnerability Management, which are grouped in a single dashboard.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

I rate customer service and support a six out of ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We used Qualys WAS previously but the exact scanning and reporting features we were looking was not there.

How was the initial setup?

The initial setup is straightforward. It uses the external scanners provided, so it does not require additional effort to configure it in our WAS. Furthermore, it does not require any time to deploy because it comes pre-configured with Tenable.io Web Application Scanning.

What's my experience with pricing, setup cost, and licensing?

The minimum license starts from $3,578.

What other advice do I have?

I rate the solution a seven out of ten. The solution is good, but the API scanning features and the flexibility of the report customization can be improved. My advice to new users considering the solution is to go through the documentation on YouTube videos provided by Tenable, and you can get started right away.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Software Asset Management/Software & Cloud Analytics Consultant at Crayon Group
Real User
Top 20
Gives detailed information about vulnerabilities but support is not responsive
Pros and Cons
  • "We can get detailed information about vulnerabilities."
  • "Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive."

What is our primary use case?

We used the solution to asses the security risk of our client's customer-facing platform. 

What is most valuable?

We can get detailed information about vulnerabilities. 

What needs improvement?

Tenable.io Web Application Scanning is not very user-friendly and you need a lot of information to get proper reports. The tool's support is not very responsive. 

For how long have I used the solution?

I have been working with the solution for more than half a year. 

What do I think about the stability of the solution?

I would rate Tenable.io Web Application Scanning's stability a nine out of ten. 

What do I think about the scalability of the solution?

I alone use the product.

How was the initial setup?

I would rate the tool's setup a seven out of ten. We encountered some challenges during the installation process. We have deployed it over the cloud which took about a week to complete. You need to make the environment ready, connect and scan it. 

What's my experience with pricing, setup cost, and licensing?

Tenable.io Web Application Scanning is expensive for small businesses. 

What other advice do I have?

I would rate the solution a nine out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
reviewer1674711 - PeerSpot reviewer
Senior Cyber Security Specialist at a tech services company with 1,001-5,000 employees
Real User
User-friendly GUI, simple to manage, the support is excellent and quick to respond
Pros and Cons
  • "Tenable.io Web Application Scanning is very easy to use."
  • "The reporting has a very limited customization capability."

What is our primary use case?

Tenable.io Web Application Scanning is very useful for scanning container exposure, and also for scanning all of the external IP addresses for any organization using Tenable predefined scanners.

What is most valuable?

It's a good product. It works as expected.

Tenable.io Web Application Scanning is very easy to use.

It provides very reliable results.

It is very useful. 

The GUI is very easy to use, for anyone.

It is easily managed by someone who lacks prior knowledge, information, or experience.

What needs improvement?

The reporting in Tenable.io Web Application Scanning is not as good as the reporting in Tenable SC. Tenable SC's reporting is extremely powerful.

The reporting has a very limited customization capability. It would be beneficial if this feature could be enhanced.

For how long have I used the solution?

I have been using Tenable.io Web Application Scanning for three years.

What do I think about the stability of the solution?

Tenable.io Web Application Scanning is extremely stable.

What do I think about the scalability of the solution?

Tenable.io Web Application Scanning is very easy to scale. 

The scalability surpasses Tenable.sc. All of the resources are based on the cloud. You don't need to add any extra resources if you want to add any external scanning or any internal scanners for the hardware specifications. This solution is very scalable.

How are customer service and support?

I have dealt with technical support once. They were very good and very responsive.

Which solution did I use previously and why did I switch?

I have also worked with Tenable SC. Asset management is a bit different.

How was the initial setup?

There is no need to install anything. You get it pre-installed from the vendor.

You have access to the GUI, and log in with your credentials.

What's my experience with pricing, setup cost, and licensing?

It follows the same licensing scheme as Tenable.io and Tenable SC.

A separate license is required for support.

I can't be certain, but I believe the fees are determined by the number of IP addresses or users.

What other advice do I have?

I would recommend this solution to others who are interested in using it.

I would rate Tenable.io Web Application Scanning an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer889494 - PeerSpot reviewer
Security Consultant at a tech consulting company with 51-200 employees
Consultant
Multi-faceted solution that offers good replication testing and vulnerability assessment
Pros and Cons
  • "Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
  • "I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."

What is most valuable?

Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product. 

What needs improvement?

I would like for them to add intervening proxy, whereby you can alter the get/put requests. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing traffic packets which will actually help you in exploiting any vulnerability in detail.

What do I think about the stability of the solution?

It is quite stable. We haven't had any bugs. 

What do I think about the scalability of the solution?

There is no need to scale, because generally the customers, whenever they scan their applications, they generally take a couple of applications at a time. And Tenable.io is already cloud instituted so you don't have to worry about that aspect.

How are customer service and technical support?

I never needed to contact support. It is very easy to understand and easy to configure. 

What other advice do I have?

I would rate it an eight out of ten. 

To make it a ten, I would like for there to be more flexibility for the testers. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Application Security Tools Report and find out what your peers are saying about Tenable, Invicti, PortSwigger, and more!
Updated: November 2024
Product Categories
Application Security Tools
Buyer's Guide
Download our free Application Security Tools Report and find out what your peers are saying about Tenable, Invicti, PortSwigger, and more!