Tenable Vulnerability Management Reviews

We use Rapid7 InsightVM and Tenable.io Vulnerability Management for similar purposes: a vulnerability assessment. At present, Rapid7 InsightVM is running in our IT infrastructure, while Tenable.io is running in our ICS and OT security, which includes our plants, premises, systems, SCADA systems, and PLCs. We usually find more vulnerabilities in these legacy systems, such as Windows XP and Windows 7, than in Rapid7 InsightVM. However, the use cases for vulnerability assessment are the same.

The solution is more user-friendly than Rapid7 InsightVM. A new user can easily understand the workflow, even if they are creating users for other divisions and the user is a beginner. They can easily use the system to get the data they need or fulfill their requirements.

I believe that Tenable.io is currently the best vulnerability management system. Compared to other vulnerability systems such as Rapid7 InsightVM, I find Tenable.io to be one of the best. However, Tenable.io lacks a platform to exploit or test the vulnerabilities it identifies. For example, if I identify a critical vulnerability, I cannot use Tenable.io to determine the risk of exploitation. Unfortunately, Tenable.io does not have a platform to test this.

The initial setup is complex and has room for improvement.

I have been using the solution for five years.

The solution is stable.

The solution is scalable.

After deploying Tenable, I spoke with the technical support a maximum of two or three times. They are very knowledgeable and know their stuff well. We always received immediate support from them.

The initial setup can be difficult. We need to configure the case. If we are starting from the beginning, we need to set up each IP range and make sure our firewall covers it. We also need to whitelist the Tenable.io IPs. This initial setup can be challenging.

Compared to other VM solutions, Tenable.io Vulnerability Management is expensive.

I give the solution a nine out of ten.

If we are using the solution for the first time, we should be sure to understand what aspects of the target we are trying to use Tenable.io for, such as what kind of information assets we have, whether they are general devices or specific devices, or if they are deployed in the DMZs. This way, we can ensure that we get the desired results. Therefore, before logging in or implementing Tenable.io for the first time, new users should be sure to have a good understanding of their requirements.

The solution is mainly for vulnerability scanning management. It's more like an extension of the Nessus.

I like the ten points of scanning. 

The performance is good.

It is quite straightforward to set up.

The solution is stable, and it is quite scalable. 

We'd like to see a bit more user-friendliness. They need to work on that aspect of the solution.

We've recently adopted the solution and have been dealing with it for just over a year or so.

The product offers good performance. There are no bugs or glitches. It doesn't crash or freeze. 

This is a scalable solution. It's easy to expand. 

I'm not sure how many users there are, however, my understanding is there are more than ten people.

We've never had any real difficulties, and therefore we haven't really dealt with support.

The solution is easy to set up. It's straightforward. It's not overly complex. 

It's based on landscape dependencies. However, it's easily deployed. It can take a few weeks to set up. If you are deploying across the globe, it might take longer. 

I don't work in an area that would keep track of ROI. I can't say we have been following that.

We pay for an annual license.

If there are extra fees, it depends on what use cases you want to deploy. If you want to use simple vulnerability management and you want to extend it to application scanning, then pricing modules will be different.

I'd recommend the solution to others. 

I would rate the solution nine out of ten.

In my company, we use Tenable.io Vulnerability Management is a good solution for vulnerability assessment on the infrastructure and not on the applications. The solution is useful for conducting vulnerability assessments on IT infrastructures. We use Tenable to discover assets on the network and the vulnerabilities in the vulnerability management cycle.

Tenable.io Vulnerability Management is an easy-to-use product. It is a good solution, as per Gartner's SIEM Magic Quadrant. The product has a lot of documentation and blogs, so you can get lots of support from its communities while also finding a lot of online materials that can help you improve the solution's uses or implement it according to your use cases.

The shortcoming of the solution that needs improvement is related to its capability to do vulnerability assessments on applications.

I have been using Tenable.io Vulnerability Management for more than ten years.

It is a very stable and mature solution in the market since it has been around for over 15 years.

The product has no scalability solution since it can manage hundreds to thousands of networks.

The solution's technical support is good and quick to respond. If you have a problem, you can be sure that someone from the support team has a solution to your problem.

Our company doesn't use any other products from Tenable apart from Tenable Nessus for vulnerability assessment. We also use NetSuite to manage the vulnerabilities' life cycle.

The initial setup of Tenable.io Vulnerability Management was straightforward since it allows one to use a device, like a virtual machine, or one can use it on a public IP address if it is already deployed, making the process very quick and easy.

The solution is deployed on-premises.

The deployment process was very quick since it could be done using a virtual machine or the customer's network. You can do the deployment with the virtual machine by connecting to the management suite before launching the solution.

To do an assessment for all our customers, my company has over 200 users for the deployment and maintenance of the solution. There is a dedicated team in the company I currently work for to manage the solution. One technician is needed to do a vulnerability assessment.

Yearly payments are to be made toward the licensing cost of the product. It is neither a cheap nor an expensive product.

I recommended the solution to those planning to use it since it is a very good product. Though there are other good solutions like Qualys, Tenable is the best.

I rate the overall tool a nine out of ten.

We use this solution to scan our network to try to identify all our assets. It is very good at finding all assets depending on how you program it.

The vulnerability management itself is the most valuable feature as well as references to mitigation techniques.

The user interface could be improved by being able to change the user interface to fit your position or your job. The graphs are set in stone and you can only print reports. 

I have been using this solution for seven months. 

The stability of this solution is good. The application is always available and you can also set the scans to not take up too much bandwidth.

The scalability all depends on how much you want to spend. If you have 10,000 assets you want to scan, you'd have to pay for that. It is very easy to scale up or scale down, but it's going to cost you.

I would rate their support ten out of ten. 

Positive

It has a steep learning curve but Tenable does offer free courses for beginners and paid courses to become a specialist. This assists with the ease of setting it up. 

The total cost we pay for this solution is over 45K. This is for a large education organization. 

I would advise others to take the courses provided and then to play around with the solution. This will speed up learning as this solution has a steep learning curve and can be intimidating at first.

I would rate this solution an eight out of ten due to not being able to change certain parts of the user interface. 

I would rate this solution an eight out of ten. 

I was the manager of the vulnerability patching team in my company, and we would use it to go through everything, discover our network, find what vulnerabilities existed, and then use that for a work plan and assignments to decide who would fix what vulnerabilities.

In my company, with the help of Tenable Vulnerability Management, we could find all the things that we didn't know existed. It would be too resource-intensive to manually go into every device and figure out in which version of a solution the vulnerability exists, which is something that Tenable Vulnerability Management does for you.

The solution's most valuable feature is the product's vulnerability database, as it knows what to scan.

There is no good work assignment system in the product. Specifically, if an SQL patch needs to be applied, then that needs to go to the SQL team, but Tenable wants to assign the ticket to an individual and not a team.

The reporting was never great in Tenable Vulnerability Management, so, in my company, we imported all the data into Ivanti RiskSense to start using it for reporting.

I have been using Tenable Vulnerability Management for three to four years. I don't remember the version of the solution.

It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a ten out of ten.

I rate the technical support a seven out of ten.

Neutral

I have experience with another solution in the past, but I don't remember its name.

The product's initial setup was very straightforward.

The solution is deployed on an on-premises model and the cloud. With the endpoint in the product, everything was reported back to the cloud offered by Tenable.

I saw a return on investment from using the solution since I feel that finding the vulnerabilities is always much cheaper than dealing with a situation after your system gets hacked. In short, I would put it as insurance is cheaper than the fire.

In our company, we went through every other tool in the market and came down to Rapid7 and Tenable since they were the only two good options.

Network scans are very resource-intensive and can cause outages in some instances, which is a political and not a technical issue to solve.

I rate the overall tool a ten out of ten.

We use the solution for our vulnerability management program.

The solution is deployed in the cloud.

When the logging logic is lacking certain columns, Tenable.io Vulnerability Management provides comprehensive coverage, thereby simplifying the reporting process.

One of the most valuable features of Tenable.io Vulnerability Management is its exportability, which allows us to conduct risk assessments efficiently. This feature enables us to prioritize security issues based on their level of importance, without being distracted by other irrelevant details. Additionally, the system is frequently updated to ensure it complies with industry standards.

The asset identification has room for improvement. Since we are using a cloud-based scanner, we must scan devices based on their ID. However, we are encountering many issues with reporting. Assets are often being incorrectly merged or we encounter issues related to assets. If we had an agent with a scanning system, this issue may not have occurred, but it currently exists.

The UI has room for improvement. The previous version of the UI was better.

The technical support has room for improvement.

I have been using the solution for nine months.

The solution is generally stable, although we have experienced two instances in the past where it was down. The first outage was related to the scanner and lasted a few hours, while the second was caused by storage issues that prevented us from clearing the logs.

Scalability depends on our licensing agreement and the number of scanners we use. Currently, the number of scanners and our license allows for scalability up to a certain limit. Beyond that limit, we would need to purchase additional licenses to expand.

The technical support team responds promptly to basic issues. However, when faced with major issues or more complex problems, it can take longer to receive adequate assistance due to a high volume of entries. In such cases, we are required to submit detailed logs, which the support team will analyze before we can proceed to ask further questions.

Negative

Our current license covers 2,500 assets. If we want to add more assets we need to buy another license for another scanner.

I give the solution an eight out of ten.

We have around nine people using the solution.

The necessary maintenance pertains to storage. As it will be hosted on a specific cloud instance, we need to periodically manage the storage when the logs become full. This involves manually logging into the deployment platform and clearing the storage every few months.

The features of Tenable.io Vulnerability Management are impressive, the management system is well-designed, and the scanning options are thorough. Additionally, there are numerous built-in templates available. However, when utilizing the twelve-day scanner, asset identification can become challenging because of the dynamic IP addresses, which the solution struggles to properly identify the devices.

Tenable.io Vulnerability Management is a leading solution for vulnerability management and excels at aggregating information.

Vulnerability Management is used to discover assets and identify vulnerabilities across our IT landscape. 

The dashboard is pretty intuitive, and it lets you do a drill-down analysis of each vulnerability. That is something that brings a lot of value to the organization.

Tenable could improve visibility into assets, including automated asset tagging. You should be able to automatically tag assets based on location, function, ownership, etc. That would help us because we spend a lot of time identifying and tagging assets by hand. 

I have used Vulnerability Management since February 2021.

There are factors within the organization that affect stability. Ultimately, your Tenable.io performance depends on your on-prem network infrastructure. 

I haven't used Tenable.io support, but my team has, and I haven't heard any complaints thus far. 

I used Qualys at my previous job for vulnerability validation, but I have used Tenable.io VM for quite a while now.  

Deploying Tenable.io VM is neither straightforward nor particularly complex. We run gateways in North America and India, respectively that talk to the Tenable.io console. It's not too complex. It was in place when I joined, but I believe it took no more than two weeks to deploy.

You need to create a tenant in the Tenable Cloud SaaS and configure user access.  We have five analysts using the solution and one or two admins. 

We see a return by identifying vulnerabilities and converting them into actionable items. The solution provides a lot of visibility into your environment. 

We pay an annual subscription, and I feel the cost is reasonable. The license covers everything, including support. 

I rate Tenable.io Vulnerability Management nine out of 10. It's an excellent product that's scalable, stable, and intuitive. It helps you to drill down into vulnerabilities.

I am a consultant and I advise my clients from a security standpoint. My goal is to get them to maximize value from Tenable.io. I am also a user of it. 

The most valuable feature for me is container scanning because I am interested in CICD security. The standard infrastructure scanning is pretty robust, which is why I was focusing on containers.

We had some challenges with the implementation because of Docker Version 2, although with help from the support team, we were able to proceed.

It would be helpful if Tenable could be more clear with regard to everything the solution can and cannot do with the particular license that you have. The information is not available on the web site and they should be more upfront about it.

I have been using Tenable.io for between six and eight months. My company had acquired it before I joined, although it was not being utilized properly.

I have never encountered any issues relating to stability. I have never seen a scan crash, and we've been able to configure multiple scans to run concurrently. Everything appears to run smoothly.

Other than running multiple scans concurrently, we have not looked at scalability. However, I have no doubt that we will be able to get support in order to meet our expectations.

The support team is very good and we are quite happy with them. When we had the trouble with Docker Version 2, they responded and were able to help us troubleshoot, and then guide us to the resolution. It now works the way we wanted it to.

I have worked with the open-source solution OpenVAS, as well as with Rapid7 and Qualys. I can see that Tenable.io is going to be one of the big players because they are doing very well in this space.

I think that the price is reasonable for now, although given that everybody is looking to cut costs, I think that they should take measures to lower it. There are additional features that can be licensed for an additional cost.

My advice for anybody who is implementing this product is to have all of the requirements documented and ready in advance. You match the solution to your requirements. Out of the box, we found that Tenable.io matched almost all of our requirements. The only clarification that we needed had to do with the Tenable.io Web App license. 

We have a good understanding of how Tenable.io works with containers and infrastructure, but when it comes to deep driving into applications, databases, APIs, and toolkits that you have in your environment, you need a separate license for that. This is what the Web Application license is.

In order to enjoy the maximum value, you need to have the appropriate licensing.

Overall, I am quite happy with Tenable.io.

I would rate this solution a nine out of ten.