Tenable Security Center Reviews

It's a management tool. We are more scalable with the Tenable.io product. They are a security vendor with more than one cloud level. Now there are multiple products in my area.

It adheres to advanced security standards. It's mostly geared towards on-premise solutions rather than cloud-based ones. Many enterprises create views solely for internal units and prefer using internal tools without relying on external ones. It is chosen for its comprehensive system-wide solution. It continuously updates its sources to maintain current solutions. Security and confidentiality are top priorities; they avoid external leaks of information. Despite the misconception that such tools are primarily for cloud environments, Tenable manages its systems internally. This makes it a highly valuable asset in the field of data centers and database security, leveraging its own data centers effectively.

They have their own servers and prioritize trust. They address every compliance concern and offer options for automated and manual assessments. Tenable Security Center supports a wide range of applications and servers, capable of comprehensive scanning and handling of vulnerabilities. It can scan against the CI benchmark and provides standard dashboards for general product monitoring and scanning.

They are not currently handling call flows properly. Some call flows are being deleted from the registry but still show as active. Support is also lacking in onboarding properly in this area. This issue causes confusion and reflects poorly on their service. 

I have been using Tenable Security Center since 2014.

The solution is stable.

It is scalable for management in the market, compared to other products.

The initial setup is not easy because everything is on-premise. We need to enable specific ports for the engineering product, which are critical for internal purposes and cannot be easily changed. This complexity remains confined to the client side, where applications may require reboots.

Another issue arises with scanning and agent communication. While some agents communicate effectively with the Security Center, delays occur when numerous users access the service simultaneously, impacting real-time updates.

Managing involves two scanners and one dedicated server, requiring a week for proper setup and two personnel to maintain the system effectively.

While some clients focus solely on developing large-scale software solutions, the industrial sector is vast. Industries such as manufacturing and green technologies prioritize systematic design, maintenance of accounts, blueprints, and business identities—all of which necessitate robust data security. The investment in securing their data is crucial, ensuring that sensitive information remains protected from potential threats. Monitoring and documenting activities through systems like gateway or dedicated servers help management stay informed about ongoing operations and potential risks.

For enterprise customers, it's acceptable. However, for smaller enterprises or businesses, the budget may be too restrictive to consider such extensive solutions. When proposing to small-scale industries, they often show disinterest even when we offer a POC or trial. This reluctance is primarily due to cost considerations, which larger enterprises can manage more easily.

Tenable supports integrations with tools like Jira and Symantec, which are relatively easy to implement. However, when it comes to other cloud services beyond AWS and Azure, such as Oracle, support is less robust. Personal or niche cloud platforms may not receive adequate support.

There's a significant distinction between agent-based and non-agent-based approaches in Tenable's solutions. Agent-based scanning requires installation akin to antivirus software on servers, whereas non-agent-based methods operate differently. This difference impacts reporting and usability, particularly evident in Google Cloud environments where agent-based scanning is mandated.

Accessing and managing Tenable is straightforward for administrators, but specialist knowledge may be necessary for certain configurations or troubleshooting. Small-scale businesses implementing Tenable Security Center may find it cost-prohibitive compared to Tenable.io for cloud solutions, which offers more affordable options and promotions.

Overall, I rate the solution a nine out of ten.

The product is useful for vulnerability management. The Auto-Remediate feature is good. The tool enables centralized vulnerability management.

The product should provide risk-based vulnerability management. It is a popular feature. Large environments can have a lot of vulnerabilities. We need to prioritize them for remediation. So, risk-based vulnerability management is useful for large enterprises.

I have been using the solution for almost ten years.

We don't face many challenges with the product’s stability. We have two or three issues in a year.

The tool is easy to scale. Almost 1,800 users are using the tool in our organization.

The technical support is good. When we raise the issues to Tenable’s support persons, they respond well.

The initial setup was easy. One engineer is required to deploy the solution in two hours. We do not face challenges in maintaining the product.

The tool provides competitive pricing. We pay a yearly license fee. There are no additional costs associated with the tool.

We explored other products, but Tenable was more user-friendly. Tenable has better accuracy, too.

We are satisfied with the solution. Overall, I rate the product a nine out of ten.

We use it to scan both our workstations and servers for vulnerabilities. This includes vulnerabilities related to software, operating systems, and package vulnerabilities. It helps us gain an overview of our organization's security status, which in turn guides our patching strategies and decision-making. 

We use agents for scanning and authenticated logins, but we do not utilize the scanner part that performs web scanning.

We've got better insights into our vulnerabilities and weaknesses. This has led us to a better situation where we have better control. Our ability to manage the situation has improved. 

Previously, we lacked a good overview, but now we possess detailed reports. We generate these reports internally and disseminate them to other responsible teams. Now, we have made it a part of our daily workflow and it helps us monitor vulnerabilities and related matters. It aids us in pinpointing weaknesses and facilitates more effective updates. If something slips, it becomes visible.

However, this is a significant feature, although it could potentially offer even more assistance. 

The scanning part, the agent part – that's the valuable aspect. The agent and plugin components function reasonably well. But setting up scans, those tasks are working decently. 

There are some logical elements that require consideration to understand their functionality, but they perform their function. 

Certain aspects require effort. The solution's built-in reporting components are somewhat clumsy. So, this is an area of improvement. 

Therefore, we export data and integrate it with our other reporting tools - the Elastic Stack, also known as Elasticsearch. We find it more comfortable to generate reports from Elasticsearch because we're well-versed in creating those dashboards there. It's more convenient for us to extract and integrate information in the same manner.

We've been in discussions with Tenable regarding a specific enhancement. It is a concept known as VPR, which stands for Vulnerability Priority Rating. This is related to the CVSS (Common Vulnerability Scoring System) value, which rates vulnerabilities on a scale from one to ten. However, the CVSS alone doesn't accurately determine the severity of a vulnerability; it doesn't indicate how exploitable it is. The VPR takes into account additional factors, such as how widely the vulnerability is being exploited in the wild and the volume of reports from affected sites. 

And if we want to have it on our dashboard, this is something that doesn't work well for us in that sense. We cannot extract it from the Tenable system; we're restricted to using Tenable's own dashboard and reports. However, there's certainly some logic or rationale behind it. It's not directly tied to the CVSS, but rather some other factors. So, it's not a one-to-one correlation with the CVSS, although CVSS is a metric commonly employed in various other systems for assessing vulnerabilities. 

Aligning these metrics and incorporating an additional feature indicating the early harmfulness of a vulnerability is lacking. We're hopeful that the CVSS framework is undergoing changes. I've heard that version four, while not specifically linked to Tenable, is likely to introduce more meaningful values. These values won't be solely focused on severity but also on the level of exploitability. For instance, if exploiting a vulnerability requires local access and specific conditions, it might not merit a higher score like ten; it could be lower due to limited feasibility. Thus, certain developments could be anticipated in this regard. Tenable is also working on its own approach, known as CPR (Cyber Exposure Priority), but this feature is not exportable, unfortunately.

In future releases, I would like to see a feature that provides insight into the actual degree of harm associated with certain vulnerabilities. Ideally, I'd want this information to be exportable to align it with other vulnerabilities. It's possible that I might have the same CVSS value from another source, not necessarily Tenable. We're not using Tenable IO for container security, where we have a separate collection of CVs for containers. However, it's challenging to compare them directly due to the differing numbers and systems. If we could implement this VPR concept for other CVs as well, we could customize it to better suit our needs.

We've been using this solution for close to five years. We probably use the latest version.

I would rate the stability an eight out of ten. Occasionally, there are some maintenance tasks that might cause a slight uptick in activity, but we have monitoring mechanisms in place. Fortunately, it hasn't experienced any major breakdowns. 

Sometimes we encounter issues with resources, like logs populating hard drives, which require manual or semi-manual cleanup. Overall, it maintains a relatively stable performance level. I would rate it at around an eight out of ten in terms of stability.

It is hard to tell because the size of our organization is not very big. Our license covers a range of assets, from 500 to 1000 assets, which we monitor. From their perspective, this falls within a very low scale. 

So, we haven't encountered any scalability issues. Our scale is relatively small; we're not dealing with tens of thousands of assets.

The Security Center is actively scanning every day, targeting different resources with varying scanning frequencies. It operates on a daily basis, generating reports intermittently – some on a daily basis and others weekly. The usage is consistent and spans almost around the clock. 

Certain tasks are scheduled during nighttime, while others are executed during the day. Essentially, there's a continuous level of activity distributed over time to avoid creating spikes in network usage. 

We use it to its maximum potential but ensure it doesn't overly strain our network resources. There was a problem. When initially setting it up, we needed to be cautious. There's the potential to generate substantial network noise, especially if the agent and scanner tasks are simultaneously active. We had to significantly scale it down and task the settings from their defaults. Perhaps it's partly due to our network's capacity, but we encountered initial challenges in managing the traffic.

It is not super good and could do some improvements. I've had interactions with different parties, and while it's not exceptional, we were able to resolve issues with some effort. 

We encountered certain challenges. Initially, the local distributor downplayed the situation, claiming that upgrading to a new version would instantly resolve the issue. However, it wasn't that simple. It took time to resolve the matter. I had expected better support, especially since we had informed them in advance about the downgrade we were planning. I had hoped for proactive support detailing what to expect and what actions to take. Instead, we received assurances that everything would work seamlessly after the version change, which didn't prove to be accurate.

There was a miscommunication or misunderstanding in that regard. It was quite frustrating at the time.

Neutral

The initial setup is somewhere in the middle. It's not very easy. Assistance is needed, especially when dealing with version changes. For instance, when we transitioned from Tenable Plus to the regular Tenable, there were complexities in changing the licensing. It was not so easy to change. 

It might even lean a bit toward the difficult side, so I would rate my experience maybe a three out of ten, where ten is easy and one is difficult. 

We had the support of a third party. We had to use the help of our reseller and also find an engineer from Tenable. 

In certain cases, such as upgrades or downgrades, the documentation isn't always well-defined. You might encounter challenges that require external guidance. For instance, we faced a two-week period of difficulty this year due to a change we were making. It might not be an annual occurrence, but when significant changes are made, it can be far from a straightforward upgrade. Putting new versions in place doesn't guarantee seamless operation; there can be quite a bit of hassle around it.

This wasn't the initial deployment. This occurred when we were switching back from Tenable Plus to regular Tenable at the beginning of this year. It took us around two weeks to ensure that everything was properly transitioned. It's important to note that this was not a continuous two weeks; it involved time periods over the span of around two weeks. This change involved a transition to a simplified licensing structure. We opted to revert to Tenable without the Plus version, as it fulfilled our requirements and was also more cost-effective, approximately a quarter less. This process took place during that time, and it was a hassle.

Only one person was involved in the deployment. We don't have a big team.  We have a dedicated engineer who oversees this service. He took the lead in managing the deployment. He also engaged with relevant contacts internally and externally, including the local distributor and partners, but overall, it was primarily handled by this one engineer.

For maintenance, the same engineer who handled the deployment also manages the ongoing maintenance.

We purchase the solution through a local distributor, but we also directly communicate with representatives at Tenable. So, we acquire the license from their distributor, but we are direct users as well.

I would rate the pricing a nine out of ten, where ten is expensive.

The pricing might deter some companies from adopting this solution, especially in our region, which includes countries like Estonia and neighboring Eastern European nations. For us, the cost is a significant consideration, and we often face challenges when budgeting for it each year.

There's on-premise hosting, which incurs some costs, but it's not a major factor. Additionally, we have an engineer providing support, but that's a shared responsibility across multiple tasks. So, licensing is the primary cost driver, and there aren't any other major expenses.

There are positives and negatives, but despite looking at other options, we haven't found anything better suited for us. So, we continue to use it and have plans to keep using it in the near future.

I would suggest running a proof of concept to evaluate the product's suitability. Test it on a smaller scale over a period of one to two months to see how it works. 

It's essential to assess whether the solution aligns with the organization's specific needs. Our approach involves using agent-based scanning, but this varies based on individual requirements.

Be aware of the network "noise" it might produce. Default scanning intensity might be too much and you might need to alter it in order to prevent network problems (DoS yourself).

My advice would be to give it a trial run before committing. It's hard to tell if it fits without firsthand experience. Additionally, the fact that Nessus, the scanning component of the security center, has been around for decades and even had open-source iterations in the early 2000s provides some confidence in its longevity and reliability. However, for newcomers, I would recommend testing it out on a smaller scale before making a decision.

Overall, I would rate the solution a seven out of ten.

We use the solution for patch and vulnerability management. We scan our critical systems, keep track of any exploitable vulnerabilities, and prioritize their remediation efforts in terms of patching. 

In the future, we hope to extend the solution to our cloud services. We are moving to Azure Cloud and planning to start a DevOps initiative that might include container deployment. We know Tenable has the CI/CD pipeline security support so we will seek that solution when we are ready. 

The solution has a lean and easy-to-use interface that is not confusing to first-time users.

The solution should include compliance-based scanning. 

I have been using the solution for three weeks but my company has been using it for one year. 

The solution is very stable. 

The solution is scalable and we are happy with the way it is operating. 

We currently have forty users and a team of four for maintenance. 

Technical support has been excellent and provides a lot of support when needed. 

The company was using OpenVAS, an open-source solution that is miles apart from Tenable. 

At a previous job, I used Rapid7 which compares strongly to Tenable. 

I did not handle the initial setup but know from previous implementations that setting up a vulnerability management solution can be somewhat complex because it involves loading assets, configuring the network, and authenticating.

The ROI is almost guaranteed because there is a lot of value in using the product and reporting that to our company. 

The price is reasonable based on our scope of work and how we use the solution. 

The rule is always garbage in, garbage out. Be sure to configure the solution well and take advantage of technical support to understand how things should work. Mistakes are made when people assume they know how to do things. I believe in using technical support to confirm the process and ensure everything is done correctly. 

I rate the solution a ten out of ten. 

We use the product to scan threats and conduct risk assessments for NCA. 

Tenable Security Center scans networks and gives reports. 

The solution is expensive. 

I haven't contacted the support team yet. 

Tenable Security Center's deployment is easy. 

The tool costs around 15,000 Saudi riyals monthly. 

I rate Tenable Security Center a five out of ten. 

In my previous job, Tenable Security Center was used for a financial institution covering approximately eight thousand assets including servers, computers, network devices, and web applications. The scope was to scan every device within the IT environment. It is a robust solution with numerous plugins that streamline the scanning process, providing powerful results.

Tenable Security Center provides an overall score of vulnerabilities, comparing an organization with others in the same industry. For example, it allows financial institutions to compare their vulnerability management to others in the same sector. This provides a comprehensive view of the organization's vulnerability status.

While Tenable Security Center is highly effective, there is always room for continuous improvements. The reports and plugins for reports and scans could benefit from enhancements. Overall, it is a very effective solution.

I have had experience with Tenable Security Center for about a year.

Tenable Security Center is stable and runs smoothly when correctly configured.

The customer service and support team at Tenable were extremely helpful. They assisted us with any questions and provided support throughout the deployment process, making them a ten out of ten.

Positive

I have experience with ManageEngine Vulnerability Manager Plus, which focuses on endpoint vulnerabilities and includes patch management, unlike Tenable Security Center.

Although the setup requires preparation, it is manageable when everything necessary is set in advance, such as the firewall and user permissions.

The deployment involved about five to eight people, including a Tenable admin who coordinated with network, server, and PC teams. Tenable provided deployment assistance.

We were able to have a comprehensive view of all vulnerabilities across our assets, providing a single pane of glass to manage vulnerabilities.

The product is somewhat pricey, reflecting its valuable features and status as a high-quality solution in the vulnerability management market.

I rate Tenable Security Center ten out of ten. 

ManageEngine is also rated ten out of ten as it served different scopes and provided essential patch management features.

I'm the one who scans and performs assessments on clinical and medical equipment in our environment. I manage the clinical endpoint devices: MRI systems, bedside monitoring, Alaris pumps, fusion pumps, CTUs, EEGs, EKGs, wireless defibrillators, and a lot of IP cameras that are part of operation room labs. My colleague handles all the regular enterprise IT, database servers, etc. From a scanning standpoint, I do everything from discovery scanning to full-credential auditing and anything and everything in between. That's just for the medical space in a 24/7 production medical environment.

We're also using a bit of the Passive Vulnerability Scanner and, eventually, I want to get to using the agents, but we haven't gotten to that stage yet.

My department is not enterprise-managed. We don't use like tools like SCCM to push out patches. Everything is manual updating. I need to be able to track and audit against our devices and know what exactly what Microsoft hotfixes I need to see. I need to identify what specific patches are missing on devices. Or, for example, there was a Microsoft CVE alert that was put out a couple of weeks ago for RDP, Remote Desktop Protocol. I'm using the scanner now to try to identify what devices we actually need to look at to address risk on. Including IP cameras for our different labs, I manage over 40,000 devices. So I really need to know what exactly I need to focus on for a given vulnerability, such as the Microsoft one, as they come about. Tenable really helps with the identification piece, in a way that traditional IT policies and procedures and tools cannot.

It saves me time. When I get into actually identifying impacted assets in my environment - and having to deal with fewer false positives - it could save me up to eight to ten hours a week, for things like the RDP issue we're dealing with now; for the things that really come out as priorities.

Security Center helps to limit our organization's cyber exposure. In our environment there is a lot of stuff we can't deal with in terms of endpoints, but it has definitely helped in identifying the devices we have out there which haven't had Microsoft updates applied in years, potentially. It's really helped identify those, the low-hanging fruit. But then, you get into the devices that are relatively up to date but their vendor application has been the same for however many years. In the least, we're able to identify and understand which devices those are and what the risks are, even if we can't immediately address it.

In terms of reducing the number of critical and high vulnerabilities we need to patch, it has helped me to identify them, and I address them accordingly. As I said, there is stuff we can't address, but at least it helps us identify them, and we are able to address some of them. It's helped us identify vulnerabilities and put in compensating controls and mitigating controls. It has definitely reduced the risk exposure we've had.

Also, rather than rely on high-level communication from vendors about whether or not their products may be impacted, I can use scans to actually identify what is impacted or in scope for a given vulnerability. It used to be, a couple of years ago, if I had to identify systems, I had to know at a high level if some of these devices could be impacted. It would create a lot of false positives. Since we've been using the scanner, I've been able to narrow that down quite a bit. I still get false positives, but I certainly get a lot fewer than I used to. It helps me have a more managed focus with any scope I'm looking at.

What is useful to me is being able to fulfill very customized scanning policies. In the clinical environment, because of vendor control, we can't perform credential-vulnerability scanning. And network scans, which I've done before, can cause a lot of impact. Being able to create very customized policies to be able to routinely scan and audit our clinical networks, while simultaneously not causing impact, is important to us. That requires a lot of flexibility in how we create the policies, so flexibility in policy-creation is a big feature. 

For me, another useful feature of the tool is the dashboard and reporting. That is a big piece for me. The reporting covers most of my needs.

In terms of integrations, so far, from what we've seen and for what we're trying to accomplish, it's been pretty flexible.

The Vulnerability Priority Rating is useful. I run scans on all of our medical equipment and we have stuff that's still Windows 2000. Equipment is so expensive to upgrade and replace. I find a lot of it shows up red for vulnerabilities that we really can't do anything about. The predictive stuff helps prioritize some of those risks. At a high level, it helps narrow that scope. There is still a lot of manual work on my end because, as I mentioned, I really have to know what equipment I'm looking at exactly from a medical standpoint. But it does help narrow the scope.

In terms of the reporting, it's good for IT tools, but it doesn't give me contextual insight into what device, what kind of medical equipment it is. And in my world, that's a big deal. That's a con, given what my needs are. We can't integrate it with our biomed database to correlate data. So I can know what vulnerabilities are on it by IP address, but it doesn't tell me what device it is. Is it an MRI or a workstation? Is it the workstation which is running MRI's or is it the one that's just pulling patient images? Things like that are things that I need to know, and usually the tool can't do that in and of itself. With that said, we do have some work toward some other integrations to try to improve some of that.

Also, I don't know of a process right now to do what I'll call mass risk-acceptance. I have thousands of devices which allow high and critical vulnerabilities and there's really not much I can do about it. But if we put a firewall in front of it, the risk of the whole device is accepted. I need to be able to accept all those risks in the tool. It's really not easy to do within my workflow at this time. There are ways to get around it, but they're not conducive to what I do in my work.

If I want to have a very low-managed scan policy, it's a lot of work to create something which is very basic. If I use a tool like Nmap, all I have to do is download it, install it, type in the command, and it's good to go. In Security Center, I have to go through a lot of work to create a policy that's very basic.

Finally, the way we're using it now, for routine scans, it's only good for as long as a device is active on the network. That's one of my biggest concerns at this time: What about the stuff I don't have access to on the network when it runs the scans?

We have quirks every now again. Sometimes, when I click into the analysis dashboard, I get errors. For example, it will say it can't pull up a specific query. I just let the problem persist. I can work around it and, eventually, it just seems to fix itself.

Beyond that, it's been pretty stable. We have a lot of firepower behind it and in my experience, it has always been up. There aren't that many operational issues with it.

When you throw in the Passive Vulnerability Scanner, just being able to spit out more hardware if we need it, it seems like it scales well, at least with respect to our environment. When we first had it, we only had a handful of servers powering it and scans took forever. I don't know how many servers we have on the back end powering it now, but it's a lot faster. We've added to it to give it more juice. That's been pretty easy and straightforward as well.

I don't generally talk to tech support. That's handled by my colleague or someone else in the security team. But I talked to them when I was at my previous organization where we used Security Center. From what I vaguely remember they were helpful.

We used Rapid7 Nexpose. In our view, Security Center is a more thorough tool. It has more plugins to scan against a lot of vulnerabilities, and it is a bit more granular. Overall, it's been a better tool to use.

As for the initial setup, that would be a tech question. The only thing I've set up is the Passive Vulnerability Scanner. That was pretty straightforward. When I got to the point of setting it up with Security Center, it took my colleague and me under an hour. That was just our first one. It's pretty straightforward once you know how to do it.

We have an enterprise issue, so for us to be able to capture all that is needed from the clinical side, we would have to have deployed it at every site. It's because there is a lot of Layer 2 traffic. Since we have Security Center centralized, traffic will route out. Since we have networks at the sites that don't route out, we can't scan that traffic remotely. The idea is to have one at each site but, because of the standards in our organization at this time, we can't do that.

It's less a question of ROI and more a question of cost avoidance, meaning avoiding the potential cost from having a vulnerable device that can be breached. Security is a sunk cost in any organization. You never truly know its value until you have an incident.

The pricing is more than Rapid7 Nexpose. PVS and the agents, etc., are all part of that agreement. So it's pretty comprehensive, but I don't know how much it is.

In my own work, I've used some open-source solutions like Nmap. I've messed around with Retina, another open-source solution. Most of the stuff I've used has been freeware, open-source tools. In terms of a commercial competitor, the one I've used most is Nexpose, Rapid7's tool.

One thing I liked about Rapid7 Nexpose, that Security Center does not have, is that when we scheduled scans in Rapid7 Nexpose, there was a graphical calendar that showed when scans are taking place. Security Center doesn't have that. It's a small thing, but it helps to visualize what's happening.

In my type of medical environment, when you get into an operational technology environment, PVS or something that's a passive scanner is more the way to go than something that actively goes out and scans and tries to interrogate endpoints, because that can cause impact. When dealing with the healthcare space or, say, the electrical grid, the consequences can be very widespread or can cause significant impact. Something like PVS is a great idea to look into.

If you're scanning operational technology, definitely use connectionless-oriented discovery policies. For example, perform UDP scans instead of TCP scans. From my experience, TCP scans have definitely brought down systems.

When it comes to insight, it helps but, the way we're using it now, scans only pick up what's active on the network, while the scan is occurring. For my environment, I perform most of my scans overnight, so I'm missing a lot of stuff that is used during the day in the clinical environment. That includes point-of-care devices, ultrasonography, and some other stuff. I don't scan the networks during the day, for the most part, so I do miss a lot of that stuff. PVS, the passive scanner, would pick up on a lot of that. When talking about actually detecting intrusion, I think it would be more powerful if we're able to get it deployed everywhere.

Two people in our organization actively use it for a lot of scanning. Some of the other security guys use it, but for the most part, it's just my colleague and I who use it. I have my scheduled, routine scans that run automatically and there are the scans I schedule for overnight. I run discovery scans daily. I run my vulnerability audit scans every other month. I'm doing the RDP scans now. I log into it daily and I run scans in it several times a week manually, outside of the scheduled scans. I use it heavily.

Right now there is just one person who manages the solution. I handle some of the PVS stuff but it's my colleague who is running the show.

Overall, I would give Security Center a nine out of ten. Of all the tools I've used, when it comes to managing the vulnerabilities and risks of a whole enterprise environment, I don't think I've used a better tool than Security Center. The reason I say nine and not a ten, is because I like to have a lot of control. When I use a Nmap, I'm able to write my own scripts. Security Center has a lot of that built-in, but I feel like there's very deep and more granular control once you know how to use some of the open-source tools out there.

My company uses Tenable Security Center to detect and manage our environment's vulnerabilities.

Feature-wise, Tenable Security Center is a very fast tool with many dashboards and reports, and it covers all our systems.

The solution's user interface has some issues. Sometimes, when it comes to a table's interface, shortening a column which in general should be enabled for every column, is not possible. The aforementioned details can be considered for improvement.

I have been using Tenable Security Center for a year. I am using the solution's latest version.

The stability of Tenable Security Center can be described as a straightforward one.

Stability-wise, I rate the solution a ten out of ten.

It is a very scalable solution. Scalability-wise, I rate the solution a ten out of ten.

In my company, we have 20 users of the solution.

The solution is extensively used in our company.

I don't plan to increase the solution's usage since it is used by the security department only.

The technical support is good and provides a quick response whenever contacted by us.

Previously, I have used Tripwire IP360.

My company started using Tenable Security Center because of its reporting capabilities, including the number of reports and dashboards.

The initial setup was straightforward.

The deployment took place in a week.

During the deployment process, we first define your network zones, then we define your organization, define the scan policies, and then finally, we schedule the scanning.

The installation phase can be done in-house, but we chose to seek the help of a consultant.

My company needs to make yearly payments towards the licensing costs. The pricing of the solution falls in the mid-range level, so it is not too expensive.

Overall, I rate the solution a nine out of ten.