Try our new research platform with insights from 80,000+ expert users
Mohamed-Helmy - PeerSpot reviewer
Chief Information Security Officer at MIDBANK
Real User
It helps us discover network vulnerabilities to threats and piracy
Pros and Cons
  • "We use Tenable to scan all of our environments and plugins for vulnerabilities. Tenable helps us discover network vulnerabilities to threats and piracy."
  • "Tenable's reporting engine needs improvement. It needs to be more efficient and add more features."

What is our primary use case?

We use Tenable to scan all of our environments and plugins for vulnerabilities. Tenable helps us discover network vulnerabilities to threats and piracy. 

What needs improvement?

Tenable's reporting engine needs improvement. It needs to be more efficient and add more features.

For how long have I used the solution?

I've been using Tenable for one year.

What do I think about the scalability of the solution?

Tenable is scalable. 

Buyer's Guide
Tenable Security Center
November 2024
Learn what your peers think about Tenable Security Center. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.

How are customer service and support?

Tenable technical support needs improvement.

How was the initial setup?

Setting up Tenable SC was straightforward, and it took two months to deploy. 

What about the implementation team?

A third-party vendor implemented Tenable for us.  

What other advice do I have?

I rate Tenable SC nine out of 10. It needs some improvements in the reporting engine and training. For example, I need the ability to easily check what happened on Tenable specific dates.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Partner / Co-Founder at SKYTEK
Reseller
Has an extremely limited margin of error
Pros and Cons
  • "The solution is one of the most, if not the most, stable product available."
  • "The pricing is reasonable, but this could be brought down more aggressively, such as we see with Rapid7, Tenable SC's main competitor."

What is most valuable?

The dashboard is a valuable feature. So is the scanning, which is based on the nexus and the scripts. The solution offers an extremely limited margin of error, of obtaining false positives within it. These are its strengths. 

What needs improvement?

Everything in life has room for improvement. While I consider the solution to perform as it should, most customers, for the wrong reasons, wish for it to have the penetration testing capabilities. This is not a problem with the product, but with the demands of the customer and I remain uncertain if I can meet these. 

The pricing is reasonable, but this could be brought down more aggressively, such as we see with Rapid7, Tenable SC's main competitor. 

For how long have I used the solution?

An easily installable and very scalable and stable solution which boasts great dashboard and scanning features

What do I think about the stability of the solution?

The solution is one of the most, if not the most, stable product available. 

What do I think about the scalability of the solution?

The solution is scalable. It can go up many thousands of endpoints for scanning purposes.

How are customer service and support?

Technical support does what it should. The solution is pretty straightforward and simple. As such, as with all vulnerability management solutions, it will not need much technical support and this is rarely required. I am referring to the need to address bugs. Mainly, the support will focus on the search for new features or reports. 

How was the initial setup?

The initial setup is straightforward and very easy. 

What's my experience with pricing, setup cost, and licensing?

Though reasonable, the main competitor of Tenable SC, Rapid7, offers a more aggressive and better priced product. 

What other advice do I have?

The size of our customers run the gamut, from small medium to large, in certain cases exceeding 5,000 IPs. 

I would definitely recommend the solution. 

I rate Tenable SC as an eight-plus out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Buyer's Guide
Tenable Security Center
November 2024
Learn what your peers think about Tenable Security Center. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
reviewer1468566 - PeerSpot reviewer
Program Manager at a tech services company with 201-500 employees
Real User
Monitors our whole environment in real time and makes everything more secure
Pros and Cons
  • "The feature we've liked most recently was being able to take the YARA rules from FireEye and put them into Tenable's scan for the most recent SolarWinds exploit. That was really useful."
  • "I will say it's a lot slower compared to an MS scan. It takes so much longer, so the performance could definitely be worked on."

What is our primary use case?

At work we use the enterprise version of Tenable, Tenable.io, and I also use Tenable.sc — which I refer to as SecurityCenter — for local scanning.

I use Tenable SecurityCenter every day to scan our entire environment for vulnerabilities. I use a local license during the discovery process for penetration testing. So I'll do an en masse scan, and then also do a scan with Tenable to scan for IPs and vulnerabilities.

User-wise, with Tenable SecurityCenter, there's different roles. We have security analysts, admin, etc. I'd say there's probably four or five different roles from people that can just go in and view. Security analysts can upload manual scans and create dashboards and download reports. Then administrators can create accounts, assign roles and responsibilities, and things like that.

How has it helped my organization?

Tenable SecurityCenter has absolutely improved our organization, by making everything more secure and helping ensure solid vulnerability management.

What is most valuable?

The feature we've liked most recently was being able to take the YARA rules from FireEye and put them into Tenable's scan for the most recent SolarWinds exploit. That was really useful.

What needs improvement?

I'm pretty happy with it, but I do see a lot of stuff coming out about risk-based vulnerability management. And so I've been looking at that. I don't think we're using that as of yet and it seems like a newer feature they're talking about a lot that I'm interested in.

I will say it's a lot slower compared to an MS scan. It takes so much longer, so the performance could definitely be worked on.

There was also an issue with SecurityCenter once where we had agents deployed on each device, and while it was scanning we were collecting the data real time. During this process, we had an enclave that was not submitting. It didn't have the agent installed because it wasn't connected to the enterprise network.

They were scanning locally and submitting the scans and we would then upload them into SecurityCenter manually. Each time that there were any duplicates with host names or IPs, or that there were issues with the scanner device with authentication, it failed. But then you scanned it again and it was successful.

When you uploaded that, SecurityCenter was counting it as two devices. And when you ran your report for unauthorized devices, even though it was scanned a second time successfully, the first time would show as a failure. So it was throwing off reporting.

So we would run a report and say, "Okay, which device has failed scanning with authentication?" And it would give a device and we'd be like, "Well, here's the secondary scan showing that it was successful." And so we were having to manually go in there and delete the failed ones.

And that was a pain in the butt. We eventually got that enclave online so we fixed the problem, but I felt that was a limitation of Tenable SecurityCenter that it couldn't see that.

For how long have I used the solution?

I have been using Tenable SecurityCenter for the past few years now.

What do I think about the stability of the solution?

We have only run into one troublesome issue that I can remember. It had to do with the way SecurityCenter inaccurately reported real-time scan results whenever there was a transient problem such as with a duplicate host name or IP, or with authentication.

It was a pain to deal with, because we kept having to go in and manually delete all the failed (but actually successful) scan results.

What do I think about the scalability of the solution?

When it comes to scalability, so far so good, and no issues. We've got the whole environment monitored right now and I don't see any significant increases in use anytime soon.

How are customer service and technical support?

Their technical support is good. Because I don't give out tens much for anything, I would say in the eight to nine range, out of ten.

Which solution did I use previously and why did I switch?

For vulnerability management, Tenable SecurityCenter is the only one I've used in the past six years. Though we do use other tools in conjunction with it.

We've pretty much used Nessus for scanning, vulnerability management, and reporting, and that's it. And it does it very well. And then I use different tools for other things. I'm sure Tenable had that on the plugins for other things, but we don't use those.

How was the initial setup?

The setup is straightforward.

What about the implementation team?

I personally implement SecurityCenter with a local license. And then we also have different roles like security analysts and administrators who can just go in and perform various functions such as uploading manual scans, creating dashboards, downloading reports, assigning accounts, and so on.

What's my experience with pricing, setup cost, and licensing?

I use a local license to perform penetration testing and I'm pretty happy with everything when it comes to pricing and licensing. 

What other advice do I have?

I can easily recommend Tenable SecurityCenter, and I have nothing really bad to say about it. I think it's a great tool for what it does. I enjoy the webinars, and the people that run the company seem very engaged with what's going on when you're into current events and the overall security climate, and they're continuously looking to improve.

I can't speak to every option that they have, but I have no reservations recommending them.

I would rate Tenable SecurityCenter an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Cybersecurity Consultant at a tech services company with 11-50 employees
Consultant
Straightforward scanning and reporting and has a valuable vulnerability assessment feature
Pros and Cons
  • "The most valuable feature of this solution is the vulnerability assessment."
  • "The solution needs to improve the vulnerability assessment because we have experienced some challenges with accuracy."

What is our primary use case?

In our organization, we only use Nessus for vulnerability assessment. We are using Tenable.sc and Nessus as threat scanners.

What is most valuable?

The most valuable feature of this solution is the vulnerability assessment. Also, the scanning and reporting are very straightforward.

What needs improvement?

The solution needs to improve the vulnerability assessment because we have experienced some challenges with accuracy.

Tenable.sc would benefit from a more user-friendly interface for the hands-on users of the configuration assessment. It is difficult to modify the policies because they require significant expertise that regular users do not have. 

For how long have I used the solution?

I have been using Tenable.sc for more than five years.

What do I think about the scalability of the solution?

We have a team of four people that manage Tenable.sc on a daily basis.

How are customer service and support?

Customer service and support with Tenable is good. They are knowledgeable and responsive. I would rate their service a four and a half out of five. 

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup of Tenable.sc is very easy. I would rate the implementation a five out of five for ease of setup.

What about the implementation team?

We implemented the solution through our in-house team.

What other advice do I have?

For anyone considering implementing Tenable.sc into their organization, I would recommend that they have the proper design of the solution and the proper placement of the scanners before implementing the solution. 

Tenable is a good product, I have no concerns with it as a solution.

I rate this product a nine out of ten overall.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Abu Imran - PeerSpot reviewer
Information Security Engineer at Nhq Distribution Ltd
Real User
Top 5
An easy-to-use tool that provides visibility over scan results along with multiple templates
Pros and Cons
  • "Compared to other products, the most valuable features of the solution are its ease of use and ability to provide visibility over scan results while providing many templates to users, making it a helpful tool."
  • "Though the solution's technical support is responsive, they do take a lot of time, making it one of the solution's shortcomings that needs improvement."

What is most valuable?

Compared to other products, the most valuable features of the solution are its ease of use and ability to provide visibility over scan results while providing many templates to users, making it a helpful tool.

What needs improvement?

Though the solution's technical support is responsive, they do take a lot of time, making it one of the solution's shortcomings that needs improvement.

For how long have I used the solution?

I have been using Tenable Security Center for two years. I use the solution's latest version.

What do I think about the stability of the solution?

Stability-wise, I rate the solution an eight out of ten.

What do I think about the scalability of the solution?

Scalability-wise, I rate the solution an eight out of ten.

It is difficult for me to comment on the number of users of the solution since our company's sales team manages it.

How are customer service and support?

The solution's technical support does respond to my company's queries.

Which solution did I use previously and why did I switch?

I haven't worked with other products apart from Tenable Security Center.

How was the initial setup?

The installation of Tenable Security Center is not difficult.

The solution is deployed on the cloud and on-premises.

The installation of Tenable Security Center takes an hour or two.

What's my experience with pricing, setup cost, and licensing?

I don't know about the product's pricing model since I am a part of the technical team. The pricing part is an area handled by my company's sales team.

What other advice do I have?

Two or three engineers in my company are involved in the maintenance of the solution.

I recommend the solution to those planning to use it.

I rate the overall product an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Information Security Expert at a comms service provider with 5,001-10,000 employees
Real User
Quick turnaround time but needs a good plugin editor
Pros and Cons
  • "We really love the Security Center dashboard. It basically performs vulnerability scanning and then outputs a vulnerability data."
  • "A good plugin editor would be a good additional option for the Security Center."

What is our primary use case?

I primarily use this solution for vulnerability assessment on the assets that we have. This includes servers, network equipment, appliances, routers, firewalls, and switches. 

How has it helped my organization?

Before, we did manual management of our assets. We have an EXO file that has all our assets in it. They have the IP address and all the details of each equipment. We manually enrolled those assets to our vulnerability scanning tool for them to be scanned on a monthly basis and check what new vulnerabilities they may have. With the  Security Center, we are able to automate. We were able to automate how we enroll our assets in the Security Center, and the scheduling of when we scan each asset, and how we report them to respective system owners. We are trying to use it as a channel of a self-service platform to the system owners or system administrators. It helps to access the Security Center for them to review the vulnerabilities that the equipment or the servers may be assigned or under the domain.

What is most valuable?

We really love the Security Center dashboard. It performs vulnerability scanning and then outputs vulnerability data. When you are working with one, two, three, up to 10 IT pieces of equipment, managing the vulnerability data would just be fine, but when you are managing assets across an organization of 10,000+ employees, you have a really hard time normalizing those vulnerability data. The dashboard helps us out to map what things need to be prioritized, what is our current threat landscape and what would be the latest threats that we have in our network.

What needs improvement?

One of the challenges that we may have experienced with that platform would be the flexibility of how to modify or create. They have this configuration compliance audit function, so if ever an organization has their own configuration standards that should be set on their servers, you have to modify those plugins in Tenable for it to match the specific values that you are looking for when you perform the configuration assessment on your equipment. It is a small challenge because it uses regular expressions on their plugins and so we are having a hard time either creating a blank template from scratch. We usually base our compliance audit plugin on an existing one and then modify the values or describe whatever is not up to our standards. A good plugin editor is an additional option for the Security Center.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Whenever you have a vulnerability scan running of  5000 IP addresses all at the same time running, it tends to keep resources on the Tenable server itself, a huge amount of CPU and memory. Right now, it's still goes up, but at least it's below the threshold, which I think would be 73% or 75%.

What do I think about the scalability of the solution?

As long as you can buy the license, you can easily add up until you need an additional scan engine.

Which solution did I use previously and why did I switch?

We previously used Qualys Virtual Scanner Appliance.

How was the initial setup?

Setup is easy as long as you have the right hardware requirements. The deployment took about a week. We used two network guys, two system admins, one application admin, and two security admins to implement the solution.

The longer process was on the hardening part of the components of the servers. We had to install everything on servers, all the dependencies, all of the software that Tenable needs, including the Security Center itself, and then once everything is installed, meaning everything is locked down, no other software is needed to be added to it. We performed a patch check and configuration checks on it to see they have met our standards. After that, we requested the connectivity performance from our firewall team and performed discovery across our network, if it will be able to see all the systems or all the IPs or all the networks that we have in our network. That would be one of the long processes that we took since there were a lot of different network segments that each engine or each Tenable component will pass through. We had to look for each one, just to make sure that we have the full coverage of our network.

What was our ROI?

We're able to save because we don't have to employ more staff members to help with the scheduling of the scans, running the reports or sending them out to the system owners. That alone is a big ROI. A massive security breach would cost us a lot. This is a preventative measure worth our investment.

What other advice do I have?

Before, just preparing the monthly scans alone would take us about two weeks to set up. Then, we would have to wait for at least another two weeks for those assessments to be done, for the scanning to be done, and then it will take us about another two weeks to generate the report before we can send them out to the system owners. That's the reason why those were our main drivers, as well, for us to push the use of the Tenable Security Center as a self-service platform to the system owners. The quick turnaround time in terms of generating reports and sending them out to the respective system owners is significant.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Pedro Brandao - PeerSpot reviewer
Information Security Officer at SEG Automotive Germany, GmbH
Real User
Very intuitive with good dashboards
Pros and Cons
  • "The solution is very intuitive and the dashboards are simple to use."
  • "Security can always be improved."

What is our primary use case?

We use Tenable for security. I'm an information security officer and we are customers of Tenable. 

What is most valuable?

The solution is very intuitive as are the dashboards. It provides good visibility to the vulnerabilities in the company. 

What needs improvement?

We currently have local authentication for Tenable but I'm looking to create connections with our active directory. I'm having some issues with that and it's holding things up. I'd like to have access to some training or documentation. As a security officer, I think there can always be improvements made to that aspect of a product. 

For how long have I used the solution?

I've been using this solution for a few years but only for the past couple of months in this new company I've joined. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable. 

How was the initial setup?

The initial setup is reasonably straightforward. We currently have about five IT people who are users of this solution. 

What other advice do I have?

I like this tool a lot but I work in the security area, so my concerns are always about security and how we can increase the security of everything that we have. It's important to be cautious about who gets access to what. 

I rate this solution eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Security Analyst at Arkansas Department of Finance and Administration
User
Lacks a powerful and flexible query engine, not a useful solution for network event investigations

What is our primary use case?

I use SecurityCenter currently to investigate daily network security events from reports I receive. Our network support team uses it to track, manage, and remediate system vulnerabilities. It works well for the latter, not so much for the former.

How has it helped my organization?

In terms of vulnerability mitigation, SecurityCenter has worked quite well and is a perfect replacement for GFI LanGuard. Unfortunately, it's also being posed to my team as what we're supposed to use in place of ArcSight Express, which I've worked with for several years now.  SecurityCenter could be much more useful to our agency as a whole if it were configured better, but I'm not sure that the team that directly manages that system knows how to do that, or has the right licenses they need to bring in all of the data my team needs in SecurityCenter to make good use of it.  Basically, it comes down to two teams trying to use the same product for very different purposes, and while one team is pleased with the results, the other (mine) is not.

What is most valuable?

The 'raw syslog' search functions are fairly nice for tracking down debug info from an event, but it's usefulness is extremely low when compared with ArcSight in terms of its usefulness in network event investigations. SecurityCenter's strongest focus seems to be its vulnerability scanning, but I'm told I should be able to use it to replace ArcSight, and from experience with both products, I know that's not the case.  To be honest, if my mission were more aligned with our other team's goals, I might like SecurityCenter a lot more than I do; but as is, it's like trying to fit a square peg into a round hole.

What needs improvement?

Security Center's vulnerability scanners are excellent in terms of compliance reporting, and the dashboards certainly seem to make the less technical of our staff all starry-eyed, but to be honest, I find SecurityCenter to be lacking in too many ways where my usage of it has been concerned.  Dashboards, to me, are much less interesting than a powerful and flexible query engine, and that's an area where I find SecurityCenter most lacking.

For how long have I used the solution?

Less than one year.

Which solution did I use previously and why did I switch?

ArcSight Express; my employers sought a less expensive solution. If I'd had any sway on the decision, it wouldn't have happened, or at least, it would have happened differently.  The two products compliment each other well, but separately, they're designed with very different goals in mind.

Which other solutions did I evaluate?

No, I wasn't given the opportunity. SecurityCenter was brought in, vetted, and implemented by a separate team from the one I work with daily.

What other advice do I have?

Know what you're getting into, and know the difference between security compliance suites and SIEM suites. The two are very different, which is why I'm very unhappy using SecurityCenter, because it's been forced upon me as a replacement for a product that it doesn't even compete with.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Tenable Security Center Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Tenable Security Center Report and get advice and tips from experienced pros sharing their opinions.