We use Rapid7 InsightVM and Tenable.io Vulnerability Management for similar purposes: a vulnerability assessment. At present, Rapid7 InsightVM is running in our IT infrastructure, while Tenable.io is running in our ICS and OT security, which includes our plants, premises, systems, SCADA systems, and PLCs. We usually find more vulnerabilities in these legacy systems, such as Windows XP and Windows 7, than in Rapid7 InsightVM. However, the use cases for vulnerability assessment are the same.
Team Lead - Cyber Security & Compliance at Al Tuwairqi Group
User-friendly, stable, and scalable
Pros and Cons
- "A new user can easily understand the workflow, even if they are creating users for other divisions and the user is a beginner."
- "The initial setup is complex and has room for improvement."
What is our primary use case?
What is most valuable?
The solution is more user-friendly than Rapid7 InsightVM. A new user can easily understand the workflow, even if they are creating users for other divisions and the user is a beginner. They can easily use the system to get the data they need or fulfill their requirements.
What needs improvement?
I believe that Tenable.io is currently the best vulnerability management system. Compared to other vulnerability systems such as Rapid7 InsightVM, I find Tenable.io to be one of the best. However, Tenable.io lacks a platform to exploit or test the vulnerabilities it identifies. For example, if I identify a critical vulnerability, I cannot use Tenable.io to determine the risk of exploitation. Unfortunately, Tenable.io does not have a platform to test this.
The initial setup is complex and has room for improvement.
For how long have I used the solution?
I have been using the solution for five years.
Buyer's Guide
Tenable Vulnerability Management
March 2025

Learn what your peers think about Tenable Vulnerability Management. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
After deploying Tenable, I spoke with the technical support a maximum of two or three times. They are very knowledgeable and know their stuff well. We always received immediate support from them.
How was the initial setup?
The initial setup can be difficult. We need to configure the case. If we are starting from the beginning, we need to set up each IP range and make sure our firewall covers it. We also need to whitelist the Tenable.io IPs. This initial setup can be challenging.
What's my experience with pricing, setup cost, and licensing?
Compared to other VM solutions, Tenable.io Vulnerability Management is expensive.
What other advice do I have?
I give the solution a nine out of ten.
If we are using the solution for the first time, we should be sure to understand what aspects of the target we are trying to use Tenable.io for, such as what kind of information assets we have, whether they are general devices or specific devices, or if they are deployed in the DMZs. This way, we can ensure that we get the desired results. Therefore, before logging in or implementing Tenable.io for the first time, new users should be sure to have a good understanding of their requirements.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Senior Consultant at Tata Consultancy
Reliable with good scanning and good performance
Pros and Cons
- "It is quite straightforward to set up."
- "We'd like to see a bit more user-friendliness."
What is our primary use case?
The solution is mainly for vulnerability scanning management. It's more like an extension of the Nessus.
What is most valuable?
I like the ten points of scanning.
The performance is good.
It is quite straightforward to set up.
The solution is stable, and it is quite scalable.
What needs improvement?
We'd like to see a bit more user-friendliness. They need to work on that aspect of the solution.
For how long have I used the solution?
We've recently adopted the solution and have been dealing with it for just over a year or so.
What do I think about the stability of the solution?
The product offers good performance. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
This is a scalable solution. It's easy to expand.
I'm not sure how many users there are, however, my understanding is there are more than ten people.
How are customer service and support?
We've never had any real difficulties, and therefore we haven't really dealt with support.
How was the initial setup?
The solution is easy to set up. It's straightforward. It's not overly complex.
It's based on landscape dependencies. However, it's easily deployed. It can take a few weeks to set up. If you are deploying across the globe, it might take longer.
What was our ROI?
I don't work in an area that would keep track of ROI. I can't say we have been following that.
What's my experience with pricing, setup cost, and licensing?
We pay for an annual license.
If there are extra fees, it depends on what use cases you want to deploy. If you want to use simple vulnerability management and you want to extend it to application scanning, then pricing modules will be different.
What other advice do I have?
I'd recommend the solution to others.
I would rate the solution nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Tenable Vulnerability Management
March 2025

Learn what your peers think about Tenable Vulnerability Management. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Security Manager at Yarix S.r.l.
An easy-to-use, mature, stable, and scalable solution for vulnerability assessment
Pros and Cons
- "Tenable.io Vulnerability Management is an easy-to-use product. I"
- "The shortcoming of the solution that needs improvement is related to its capability to do vulnerability assessments on applications."
What is our primary use case?
In my company, we use Tenable.io Vulnerability Management is a good solution for vulnerability assessment on the infrastructure and not on the applications. The solution is useful for conducting vulnerability assessments on IT infrastructures. We use Tenable to discover assets on the network and the vulnerabilities in the vulnerability management cycle.
What is most valuable?
Tenable.io Vulnerability Management is an easy-to-use product. It is a good solution, as per Gartner's SIEM Magic Quadrant. The product has a lot of documentation and blogs, so you can get lots of support from its communities while also finding a lot of online materials that can help you improve the solution's uses or implement it according to your use cases.
What needs improvement?
The shortcoming of the solution that needs improvement is related to its capability to do vulnerability assessments on applications.
For how long have I used the solution?
I have been using Tenable.io Vulnerability Management for more than ten years.
What do I think about the stability of the solution?
It is a very stable and mature solution in the market since it has been around for over 15 years.
What do I think about the scalability of the solution?
The product has no scalability solution since it can manage hundreds to thousands of networks.
How are customer service and support?
The solution's technical support is good and quick to respond. If you have a problem, you can be sure that someone from the support team has a solution to your problem.
Which solution did I use previously and why did I switch?
Our company doesn't use any other products from Tenable apart from Tenable Nessus for vulnerability assessment. We also use NetSuite to manage the vulnerabilities' life cycle.
How was the initial setup?
The initial setup of Tenable.io Vulnerability Management was straightforward since it allows one to use a device, like a virtual machine, or one can use it on a public IP address if it is already deployed, making the process very quick and easy.
The solution is deployed on-premises.
The deployment process was very quick since it could be done using a virtual machine or the customer's network. You can do the deployment with the virtual machine by connecting to the management suite before launching the solution.
To do an assessment for all our customers, my company has over 200 users for the deployment and maintenance of the solution. There is a dedicated team in the company I currently work for to manage the solution. One technician is needed to do a vulnerability assessment.
What's my experience with pricing, setup cost, and licensing?
Yearly payments are to be made toward the licensing cost of the product. It is neither a cheap nor an expensive product.
What other advice do I have?
I recommended the solution to those planning to use it since it is a very good product. Though there are other good solutions like Qualys, Tenable is the best.
I rate the overall tool a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Cybersecurity Analyst / Third-Party Risk Analyst at San Jacinto Community College
Exposure management solution used to scan networks, identify assets and offers mitigation techniques
Pros and Cons
- "The vulnerability management itself is the most valuable feature as well as references to the mitigation techniques."
- "The user interface could be improved by being able to change the user interface to fit your position or your job. The graphs are set in stone and you can only print reports."
What is our primary use case?
We use this solution to scan our network to try to identify all our assets. It is very good at finding all assets depending on how you program it.
What is most valuable?
The vulnerability management itself is the most valuable feature as well as references to mitigation techniques.
What needs improvement?
The user interface could be improved by being able to change the user interface to fit your position or your job. The graphs are set in stone and you can only print reports.
For how long have I used the solution?
I have been using this solution for seven months.
What do I think about the stability of the solution?
The stability of this solution is good. The application is always available and you can also set the scans to not take up too much bandwidth.
What do I think about the scalability of the solution?
The scalability all depends on how much you want to spend. If you have 10,000 assets you want to scan, you'd have to pay for that. It is very easy to scale up or scale down, but it's going to cost you.
How are customer service and support?
I would rate their support ten out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
It has a steep learning curve but Tenable does offer free courses for beginners and paid courses to become a specialist. This assists with the ease of setting it up.
What's my experience with pricing, setup cost, and licensing?
The total cost we pay for this solution is over 45K. This is for a large education organization.
What other advice do I have?
I would advise others to take the courses provided and then to play around with the solution. This will speed up learning as this solution has a steep learning curve and can be intimidating at first.
I would rate this solution an eight out of ten due to not being able to change certain parts of the user interface.
I would rate this solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at a financial services firm with 1,001-5,000 employees
An exceptionally stable and scalable solution that helps users find vulnerabilities
Pros and Cons
- "It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
- "The reporting was never great in Tenable Vulnerability Management, so, in my company, we imported all the data into Ivanti RiskSense to start using it for reporting."
What is our primary use case?
I was the manager of the vulnerability patching team in my company, and we would use it to go through everything, discover our network, find what vulnerabilities existed, and then use that for a work plan and assignments to decide who would fix what vulnerabilities.
How has it helped my organization?
In my company, with the help of Tenable Vulnerability Management, we could find all the things that we didn't know existed. It would be too resource-intensive to manually go into every device and figure out in which version of a solution the vulnerability exists, which is something that Tenable Vulnerability Management does for you.
What is most valuable?
The solution's most valuable feature is the product's vulnerability database, as it knows what to scan.
What needs improvement?
There is no good work assignment system in the product. Specifically, if an SQL patch needs to be applied, then that needs to go to the SQL team, but Tenable wants to assign the ticket to an individual and not a team.
The reporting was never great in Tenable Vulnerability Management, so, in my company, we imported all the data into Ivanti RiskSense to start using it for reporting.
For how long have I used the solution?
I have been using Tenable Vulnerability Management for three to four years. I don't remember the version of the solution.
What do I think about the stability of the solution?
It is a stable solution. Stability-wise, I rate the solution a ten out of ten.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution a ten out of ten.
How are customer service and support?
I rate the technical support a seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have experience with another solution in the past, but I don't remember its name.
How was the initial setup?
The product's initial setup was very straightforward.
The solution is deployed on an on-premises model and the cloud. With the endpoint in the product, everything was reported back to the cloud offered by Tenable.
What was our ROI?
I saw a return on investment from using the solution since I feel that finding the vulnerabilities is always much cheaper than dealing with a situation after your system gets hacked. In short, I would put it as insurance is cheaper than the fire.
Which other solutions did I evaluate?
In our company, we went through every other tool in the market and came down to Rapid7 and Tenable since they were the only two good options.
What other advice do I have?
Network scans are very resource-intensive and can cause outages in some instances, which is a political and not a technical issue to solve.
I rate the overall tool a ten out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Analyst at a consultancy with 10,001+ employees
Great data exportability, stable, and scalable
Pros and Cons
- "One of the most valuable features of Tenable.io Vulnerability Management is its exportability, which allows us to conduct risk assessments efficiently."
- "The UI has room for improvement."
What is our primary use case?
We use the solution for our vulnerability management program.
The solution is deployed in the cloud.
How has it helped my organization?
When the logging logic is lacking certain columns, Tenable.io Vulnerability Management provides comprehensive coverage, thereby simplifying the reporting process.
What is most valuable?
One of the most valuable features of Tenable.io Vulnerability Management is its exportability, which allows us to conduct risk assessments efficiently. This feature enables us to prioritize security issues based on their level of importance, without being distracted by other irrelevant details. Additionally, the system is frequently updated to ensure it complies with industry standards.
What needs improvement?
The asset identification has room for improvement. Since we are using a cloud-based scanner, we must scan devices based on their ID. However, we are encountering many issues with reporting. Assets are often being incorrectly merged or we encounter issues related to assets. If we had an agent with a scanning system, this issue may not have occurred, but it currently exists.
The UI has room for improvement. The previous version of the UI was better.
The technical support has room for improvement.
For how long have I used the solution?
I have been using the solution for nine months.
What do I think about the stability of the solution?
The solution is generally stable, although we have experienced two instances in the past where it was down. The first outage was related to the scanner and lasted a few hours, while the second was caused by storage issues that prevented us from clearing the logs.
What do I think about the scalability of the solution?
Scalability depends on our licensing agreement and the number of scanners we use. Currently, the number of scanners and our license allows for scalability up to a certain limit. Beyond that limit, we would need to purchase additional licenses to expand.
How are customer service and support?
The technical support team responds promptly to basic issues. However, when faced with major issues or more complex problems, it can take longer to receive adequate assistance due to a high volume of entries. In such cases, we are required to submit detailed logs, which the support team will analyze before we can proceed to ask further questions.
How would you rate customer service and support?
Negative
What's my experience with pricing, setup cost, and licensing?
Our current license covers 2,500 assets. If we want to add more assets we need to buy another license for another scanner.
What other advice do I have?
I give the solution an eight out of ten.
We have around nine people using the solution.
The necessary maintenance pertains to storage. As it will be hosted on a specific cloud instance, we need to periodically manage the storage when the logs become full. This involves manually logging into the deployment platform and clearing the storage every few months.
The features of Tenable.io Vulnerability Management are impressive, the management system is well-designed, and the scanning options are thorough. Additionally, there are numerous built-in templates available. However, when utilizing the twelve-day scanner, asset identification can become challenging because of the dynamic IP addresses, which the solution struggles to properly identify the devices.
Tenable.io Vulnerability Management is a leading solution for vulnerability management and excels at aggregating information.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Sr. Director - Group Head - IT Security (CISO) at Jubilant Organosys Ltd., India, Leading Chemical M
The dashboard is pretty intuitive, and it lets you do a drill-down analysis
Pros and Cons
- "The dashboard is pretty intuitive, and it lets you do a drill-down analysis of each vulnerability. That is something that brings a lot of value to the organization."
- "Tenable could improve visibility into assets, including automated asset tagging. You should be able to automatically tag assets based on location, function, ownership, etc. That would help us because we spend a lot of time identifying and tagging assets by hand."
What is our primary use case?
Vulnerability Management is used to discover assets and identify vulnerabilities across our IT landscape.
What is most valuable?
The dashboard is pretty intuitive, and it lets you do a drill-down analysis of each vulnerability. That is something that brings a lot of value to the organization.
What needs improvement?
Tenable could improve visibility into assets, including automated asset tagging. You should be able to automatically tag assets based on location, function, ownership, etc. That would help us because we spend a lot of time identifying and tagging assets by hand.
For how long have I used the solution?
I have used Vulnerability Management since February 2021.
What do I think about the stability of the solution?
There are factors within the organization that affect stability. Ultimately, your Tenable.io performance depends on your on-prem network infrastructure.
How are customer service and support?
I haven't used Tenable.io support, but my team has, and I haven't heard any complaints thus far.
Which solution did I use previously and why did I switch?
I used Qualys at my previous job for vulnerability validation, but I have used Tenable.io VM for quite a while now.
How was the initial setup?
Deploying Tenable.io VM is neither straightforward nor particularly complex. We run gateways in North America and India, respectively that talk to the Tenable.io console. It's not too complex. It was in place when I joined, but I believe it took no more than two weeks to deploy.
You need to create a tenant in the Tenable Cloud SaaS and configure user access. We have five analysts using the solution and one or two admins.
What was our ROI?
We see a return by identifying vulnerabilities and converting them into actionable items. The solution provides a lot of visibility into your environment.
What's my experience with pricing, setup cost, and licensing?
We pay an annual subscription, and I feel the cost is reasonable. The license covers everything, including support.
What other advice do I have?
I rate Tenable.io Vulnerability Management nine out of 10. It's an excellent product that's scalable, stable, and intuitive. It helps you to drill down into vulnerabilities.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Architect at ModusBox
Supports container scanning, and the technical support is good
Pros and Cons
- "The most valuable feature for me is container scanning because I am interested in CICD security."
- "It would be helpful if Tenable could be more clear with regard to everything the solution can and cannot do with the particular license that you have."
What is our primary use case?
I am a consultant and I advise my clients from a security standpoint. My goal is to get them to maximize value from Tenable.io. I am also a user of it.
What is most valuable?
The most valuable feature for me is container scanning because I am interested in CICD security. The standard infrastructure scanning is pretty robust, which is why I was focusing on containers.
What needs improvement?
We had some challenges with the implementation because of Docker Version 2, although with help from the support team, we were able to proceed.
It would be helpful if Tenable could be more clear with regard to everything the solution can and cannot do with the particular license that you have. The information is not available on the web site and they should be more upfront about it.
For how long have I used the solution?
I have been using Tenable.io for between six and eight months. My company had acquired it before I joined, although it was not being utilized properly.
What do I think about the stability of the solution?
I have never encountered any issues relating to stability. I have never seen a scan crash, and we've been able to configure multiple scans to run concurrently. Everything appears to run smoothly.
What do I think about the scalability of the solution?
Other than running multiple scans concurrently, we have not looked at scalability. However, I have no doubt that we will be able to get support in order to meet our expectations.
How are customer service and technical support?
The support team is very good and we are quite happy with them. When we had the trouble with Docker Version 2, they responded and were able to help us troubleshoot, and then guide us to the resolution. It now works the way we wanted it to.
Which solution did I use previously and why did I switch?
I have worked with the open-source solution OpenVAS, as well as with Rapid7 and Qualys. I can see that Tenable.io is going to be one of the big players because they are doing very well in this space.
What's my experience with pricing, setup cost, and licensing?
I think that the price is reasonable for now, although given that everybody is looking to cut costs, I think that they should take measures to lower it. There are additional features that can be licensed for an additional cost.
What other advice do I have?
My advice for anybody who is implementing this product is to have all of the requirements documented and ready in advance. You match the solution to your requirements. Out of the box, we found that Tenable.io matched almost all of our requirements. The only clarification that we needed had to do with the Tenable.io Web App license.
We have a good understanding of how Tenable.io works with containers and infrastructure, but when it comes to deep driving into applications, databases, APIs, and toolkits that you have in your environment, you need a separate license for that. This is what the Web Application license is.
In order to enjoy the maximum value, you need to have the appropriate licensing.
Overall, I am quite happy with Tenable.io.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Tenable Vulnerability Management Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Popular Comparisons
Microsoft Defender for Cloud
Tenable Nessus
Tenable Security Center
Orca Security
Claroty Platform
Microsoft Defender Vulnerability Management
Rapid7 Metasploit
Amazon Inspector
The NodeZero Platform
Buyer's Guide
Download our free Tenable Vulnerability Management Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Can you recommend API for Tenable Connector into ServiceNow
- What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
- Which one to buy out of the following products: Tenable SC, Tenable.io, Tenable.ep or Tenable.ad?
- What are the differences between Tenable.sc and Tenable.io?
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
- Which is the best vulnerability scanner tool?