Tenable Security Center Reviews

We primarily use the solution for vulnerability scanning across the network . 

A few months back, I conducted a Deployment on Tenable SecurityCenter for a Reputed  Private Bank. Also I had to teach the Usage and features and then show them how the scan things work and how results can help analyze and report. also helped developing some use case like Scheduling scan and email that to specific users for mitigation, Generating Alert for particular level of vulnerability etc.

Tenable has come a long way than we found earlier, Asset Criticality Report and Predictive Prioritization helps us finding the most critical loophols in minutes, Security Engineers can now focus more on Remediation. Less of false positive eases our vulnerability program and saved time.

In Tenable SecurityCenter, the Risk-based approach for Prioritizing vulnerability is something that is unique to any vulnerability management platform. Compared to Qualys and Rapid7, Tenable VPR is a special thing that those products don't have. The security over the CVSS and V1 and V2 with the VPR feature help an organization reveal the exact risk of any asset. There might be thousands of vulnerabilities, however, the most impactful vulnerabilities are listed and prioritized in the VPR. 

As tenable SecurityCenter is powered by popular Nessus technology, It is really easy to set up.

The solution is stable and considered as the most solid vulnerability management platform in the industry. 

Tenable.sc provides a wide range of dashboards which makes it easy to grasp the vulnerability profile of the organization. These dashboards allow us to view vulnerabilities in different categories in a simple to understand format. The upgrade to Tenable.sc+ has improved on this as well. Regularity of plugin updates are also exceptional. The speed at which tenable has pushed plugin updates and overall platform updates is great. Also the automatic update capability makes maintenance very simplified. Easy to use User interface. For someone who is not familiar with Tenable.sc, the interface is not difficult to follow along and the documentation makes it very simple for anyone

The solution has a very nice Asset discovery feature that gives you gives you unified visibility of your entire attack surface, As It leverages Nessus Sensors, a mix of active scanners, agents, passive network monitoring, and CMDB integrations to maximize scan coverage across your infrastructure to reduce vulnerability blind spots. This mix of data sensor types helps you track and assess both known and unknown assets and their vulnerabilities

The solution is a bit on the expensive site. In a country like  Bangladesh, most of the customers don't have a budget that could afford Tenable SecurityCenter. They'd rather go for Qualys and Nexpose, which cost less. The licensing policy is something they can improve. 

Support could be faster.

I've used the solution for last 5 years now. 

The solution is verry stable. That said, some customers complain about the results and how they are shown. Compared to Nessus, if a customer gets used to using Nessus, and then comes into Tenable SecurityCenter, then the compliance results are an area where they might find a difference. In Nessus, the compliance results are shown in past and failed. In Tenable.sc, it's shown in medium and high. This could be more clear. 

Tenable can be scaled easily, just to add additional IP's on the licensing and that's it.

I haven't really dealt much with technical support. In the initial stage, however, when I started deploying Tenable SecurityCenter, I faced a bit of a challenge implementing the Nessus Network Monitor. I figured it out, and now I don't have issues. 

Support is top-notch, however, in terms of response times, they are slow, and they need to be faster. 

Positive

I have also worked with Qualys for a long time.

In our country, People are yet not comfortable adopting SaaS/cloud based solutions also,there are some government jurisdictions that require data to be within the country and an on-prem solution is always needed for the organization. Other solutions, Qualys and Rapid7, are mainly cloud designed. Tenable SecurityCenter is the only solution that can be fully on-prem for small to mid Enterprises. 

Also, Tenable is better for compliance requirements in terms of regulations around vulnerability management. it has reporting on compliance with pre-defined checks, metrics and proactive alerts on violations for industry standards like CERT, NIST, DISA STIG, DHS CDM, FISMA, PCI DSS etc. and regulatory mandates. while it comes to other solutions i dint find the compliance feature as good as Tenable 

The initial setup is simple. It's not complex at all. 

You can go with the installer for Tenable SecurityCenter, which has an installer file for Linux and Unix platforms only. talking about the Nessus scanners, It can be deployed anywhere, including on Windows machines or Linux. There is not much of a challenge to it.

The time it takes to deploy varies. For example, what is the implementation size? How many IPs, and what are the sites? Those things change the timing. If it's a stand-alone setup, it can take around one to two hours to deploy. If you are also talking about onboarding the IPs, and scanning all those IPs, it can take a working day to complete.

The legecy container security is already in it's EOL, if it gets added to Tenable Security Center, users can take full toll of on prem container scanning.

Its cost depends on the Number of Assets. The licensing is per year. 

i had also worked and evaluated Qualys.

We sell Tenable.

I'm using something around version five. I have installed the demo version of it in my Docker.

The product really stands out in comparison to the competition. However, the price tag is a bit on the higher.

I would advise new users to scan all assets and grab the results and set up all security postures and do stats for mitigating those attacks which are critical. For the first time, I would recommend they go for the critical and high vulnerabilities first in order to mitigate effectively very early on. 

I'd rate the solution nine out of ten.

The tool helps with vulnerability assessment and vulnerability management.

The tool gives us fewer false positives. Compared to its competitors, the solution’s reports are more accurate.

We experienced some difficulties with the solution’s support.

I have been working with the solution for two years. I use the tool’s latest version.

I would rate the tool’s stability a nine out of ten.

I would rate the tool’s scalability a ten out of ten. You can place sensors for the scanners and easily scale up.

I would rate the tool’s setup an eight out of ten. The tool’s deployment is very straightforward and it took only one day to deploy the solution. The solution’s deployment is simple and efficient.

I would rate the tool an eight out of ten. The tool has community support. From my experience of using the solution, I would recommend it to anyone looking to use it.

Tenable SC can be used in any company for vulnerability management life cycle.

It's a very useful tool.

Internal ticketing systems require improvement. 

The GUI could be improved to have all concerns and priorities use the same GUI, allowing them to see all tickets, assign vulnerabilities, and assign variation failures to each member of their team.

I have been working with Tenable SC for more than five years.                                                             

Tenable SC is very stable.

According to the sizing that we are dealing with in this first stage, it is very scalable.

We have not experienced any issues with the scalability of Tenable SC.

The information security team has access to the solution. The number of users varies from one environment to another. It ranges, from five users to ten users maximum.

The same number of users can easily deploy and maintain this solution, included the access manager, administrator, and anyone who can configure the policies they test.

Tenable technical support is very good. They are very helpful, and responsive.

We had experienced some delays in two or three tickets we started, but that may have been because of the client, they were very unresponsive.

Overall, the technical support is very good.

I have worked with Rapid 7 and Qualys.

The installation is very straightforward. It's the easiest solution that I have ever implemented.

The installation was quick, taking no more than one or two minutes.

I completed the installation myself. It can easily be installed by anyone.

The license is perpetual and is based on the number of IP addresses you want to scan in your organization.

The support comes with a different license.

Tenable SC is without a doubt a good choice.

I would rate Tenable SC a nine out of ten.

Our primary use case for Tenable SC is its vulnerability scanning capability. 

I think the vendor training provided for Tenable SC could be a lower price. It's quite expensive for the training. 

I have been working with Tenable SC for 4 years.

The stability of the Tenable SC product is satisfactory. 

I find Tenable SC to be a very scalable product. 

The initial setup of Tenable SC is not unmanageable. 

With regards to the setup of Tenable SC, I would advise others to spend time using the module, get familiar with the product, and in addition read the manual that is provided. 

We primarily use Tenable SC for vulnerability scanning and did not evaluate other options. This meets our needs.

I would say there are approximately 30 users in our organization using the Tenable SC product. 

I use this solution to perform vulnerability assessments and then patch my systems using third-party tools.

The vulnerability scan is pretty fast and once you give it the right access privileges on the target system, you get very clear and precise details of the vulnerabilities.

This solution has a much lower rate of false positives compared to competing products.

It can operate in hybrid mode, too. The greatest strength of the product comes up when the agent is deployed on the endpoint to be scanned. Thereafter, even if the agent is out of the office network, it can still be scanned and will also send back data to the parent console.

The dashboard and the templates used to delvelop reports are awesome.

It is easy to run, scan, and categorize an asset as and when needed. The same asset can be present in two or more groups based on the identification.

This solution can now be deployed in cloud setups.

This solution provides a good reporting system and with a reasonably good level of third-party integration. McAfee has leveraged this capability beautifully in its Policy Orchestrator.

We need to give more customer demos and also highlight the strengths of the product that have been developed over a twenty-year period.

The vulnerability scan does not work correctly until the access privileges are set by the system administrator.

This system is stable under normal configurational mode. It is important to understand how many hosts it will handle and size the system accordingly.

This is a very highly scalable system.

I have not contacted technical support so far, as there was no issue to escalate.

We did not use another solution prior to this one.

I have worked on a few demos and they have been pretty straightforward to setup.

I perform the deployment of this solution.

Yet to be calculated.

Costing is pretty reasonable compared to the competition.

We evaluated Rapid7 and Qualys before choosing this solution.

I primarily use Tenable for scanning and reporting.

Tenable's most valuable features are the credential scan, vulnerability reports, and vulnerability ratings (VPR).

Tenable has some problems with agents going offline during scanning and lag between agents and the security center. In the next release, Tenable should include automated patching and integration with SSCM so missing patches can be pushed from there.

Tenable is stable.

I'm satisfied with Tenable's technical support.

Positive

The initial setup was easy.

Tenable is open-source.

I would rate Tenable eight out of ten.

In my previous company, we were using both Tenable IO and Tenable SC. We had the on-prem and the cloud versions. IO was a cloud version, and SC was on-prem.

In my new company, they do use Tenable, but I'm not part of that team. They have the latest version.

I found the dashboard features very useful. It made it easy to track remediation progress. I could publish dashboards to remediation teams and track the progress on the dashboards.

The reporting side can be improved. The dashboards are nice, but exporting things out for reports for management was a little tough.

We had the on-prem version and the cloud version, and I wasn't a big fan of having different consoles. It would have been nice to be able to have all those features in the cloud version because on-prem is a little tough to manage.

I've been using it for about two years. I switched positions about six months ago, and at the moment, I am not using it. 

I find it stable.

It was pretty straightforward.

We had a consultant from Tenable with us.

I would rate it a seven out of ten.

I primarily use Tenable.sc to search availability and for our workstation server and data center.

Tenable.sc's best features are the availability model, accident management, and scoring. It also gives fewer false positives than its competitors.

Tenable.sc's user interface could be improved.

I've been using Tenable.sc for about two months.

Tenable.sc is very stable.

Tenable.sc is scalable.

Tenable's technical support is good.

The initial setup was easy as we use the cloud version.

Tenable.sc is more expensive than its competitors.

I would give Tenable.sc a rating of eight out of ten.