Tenable Vulnerability Management Reviews

We use Rapid7 InsightVM and Tenable.io Vulnerability Management for similar purposes: a vulnerability assessment. At present, Rapid7 InsightVM is running in our IT infrastructure, while Tenable.io is running in our ICS and OT security, which includes our plants, premises, systems, SCADA systems, and PLCs. We usually find more vulnerabilities in these legacy systems, such as Windows XP and Windows 7, than in Rapid7 InsightVM. However, the use cases for vulnerability assessment are the same.

The solution is more user-friendly than Rapid7 InsightVM. A new user can easily understand the workflow, even if they are creating users for other divisions and the user is a beginner. They can easily use the system to get the data they need or fulfill their requirements.

I believe that Tenable.io is currently the best vulnerability management system. Compared to other vulnerability systems such as Rapid7 InsightVM, I find Tenable.io to be one of the best. However, Tenable.io lacks a platform to exploit or test the vulnerabilities it identifies. For example, if I identify a critical vulnerability, I cannot use Tenable.io to determine the risk of exploitation. Unfortunately, Tenable.io does not have a platform to test this.

The initial setup is complex and has room for improvement.

I have been using the solution for five years.

The solution is stable.

The solution is scalable.

After deploying Tenable, I spoke with the technical support a maximum of two or three times. They are very knowledgeable and know their stuff well. We always received immediate support from them.

The initial setup can be difficult. We need to configure the case. If we are starting from the beginning, we need to set up each IP range and make sure our firewall covers it. We also need to whitelist the Tenable.io IPs. This initial setup can be challenging.

Compared to other VM solutions, Tenable.io Vulnerability Management is expensive.

I give the solution a nine out of ten.

If we are using the solution for the first time, we should be sure to understand what aspects of the target we are trying to use Tenable.io for, such as what kind of information assets we have, whether they are general devices or specific devices, or if they are deployed in the DMZs. This way, we can ensure that we get the desired results. Therefore, before logging in or implementing Tenable.io for the first time, new users should be sure to have a good understanding of their requirements.

The solution is mainly for vulnerability scanning management. It's more like an extension of the Nessus.

I like the ten points of scanning. 

The performance is good.

It is quite straightforward to set up.

The solution is stable, and it is quite scalable. 

We'd like to see a bit more user-friendliness. They need to work on that aspect of the solution.

We've recently adopted the solution and have been dealing with it for just over a year or so.

The product offers good performance. There are no bugs or glitches. It doesn't crash or freeze. 

This is a scalable solution. It's easy to expand. 

I'm not sure how many users there are, however, my understanding is there are more than ten people.

We've never had any real difficulties, and therefore we haven't really dealt with support.

The solution is easy to set up. It's straightforward. It's not overly complex. 

It's based on landscape dependencies. However, it's easily deployed. It can take a few weeks to set up. If you are deploying across the globe, it might take longer. 

I don't work in an area that would keep track of ROI. I can't say we have been following that.

We pay for an annual license.

If there are extra fees, it depends on what use cases you want to deploy. If you want to use simple vulnerability management and you want to extend it to application scanning, then pricing modules will be different.

I'd recommend the solution to others. 

I would rate the solution nine out of ten.

In my company, we use Tenable.io Vulnerability Management is a good solution for vulnerability assessment on the infrastructure and not on the applications. The solution is useful for conducting vulnerability assessments on IT infrastructures. We use Tenable to discover assets on the network and the vulnerabilities in the vulnerability management cycle.

Tenable.io Vulnerability Management is an easy-to-use product. It is a good solution, as per Gartner's SIEM Magic Quadrant. The product has a lot of documentation and blogs, so you can get lots of support from its communities while also finding a lot of online materials that can help you improve the solution's uses or implement it according to your use cases.

The shortcoming of the solution that needs improvement is related to its capability to do vulnerability assessments on applications.

I have been using Tenable.io Vulnerability Management for more than ten years.

It is a very stable and mature solution in the market since it has been around for over 15 years.

The product has no scalability solution since it can manage hundreds to thousands of networks.

The solution's technical support is good and quick to respond. If you have a problem, you can be sure that someone from the support team has a solution to your problem.

Our company doesn't use any other products from Tenable apart from Tenable Nessus for vulnerability assessment. We also use NetSuite to manage the vulnerabilities' life cycle.

The initial setup of Tenable.io Vulnerability Management was straightforward since it allows one to use a device, like a virtual machine, or one can use it on a public IP address if it is already deployed, making the process very quick and easy.

The solution is deployed on-premises.

The deployment process was very quick since it could be done using a virtual machine or the customer's network. You can do the deployment with the virtual machine by connecting to the management suite before launching the solution.

To do an assessment for all our customers, my company has over 200 users for the deployment and maintenance of the solution. There is a dedicated team in the company I currently work for to manage the solution. One technician is needed to do a vulnerability assessment.

Yearly payments are to be made toward the licensing cost of the product. It is neither a cheap nor an expensive product.

I recommended the solution to those planning to use it since it is a very good product. Though there are other good solutions like Qualys, Tenable is the best.

I rate the overall tool a nine out of ten.

We use this solution to scan our network to try to identify all our assets. It is very good at finding all assets depending on how you program it.

The vulnerability management itself is the most valuable feature as well as references to mitigation techniques.

The user interface could be improved by being able to change the user interface to fit your position or your job. The graphs are set in stone and you can only print reports. 

I have been using this solution for seven months. 

The stability of this solution is good. The application is always available and you can also set the scans to not take up too much bandwidth.

The scalability all depends on how much you want to spend. If you have 10,000 assets you want to scan, you'd have to pay for that. It is very easy to scale up or scale down, but it's going to cost you.

I would rate their support ten out of ten. 

Positive

It has a steep learning curve but Tenable does offer free courses for beginners and paid courses to become a specialist. This assists with the ease of setting it up. 

The total cost we pay for this solution is over 45K. This is for a large education organization. 

I would advise others to take the courses provided and then to play around with the solution. This will speed up learning as this solution has a steep learning curve and can be intimidating at first.

I would rate this solution an eight out of ten due to not being able to change certain parts of the user interface. 

I would rate this solution an eight out of ten. 

I was the manager of the vulnerability patching team in my company, and we would use it to go through everything, discover our network, find what vulnerabilities existed, and then use that for a work plan and assignments to decide who would fix what vulnerabilities.

In my company, with the help of Tenable Vulnerability Management, we could find all the things that we didn't know existed. It would be too resource-intensive to manually go into every device and figure out in which version of a solution the vulnerability exists, which is something that Tenable Vulnerability Management does for you.

The solution's most valuable feature is the product's vulnerability database, as it knows what to scan.

There is no good work assignment system in the product. Specifically, if an SQL patch needs to be applied, then that needs to go to the SQL team, but Tenable wants to assign the ticket to an individual and not a team.

The reporting was never great in Tenable Vulnerability Management, so, in my company, we imported all the data into Ivanti RiskSense to start using it for reporting.

I have been using Tenable Vulnerability Management for three to four years. I don't remember the version of the solution.

It is a stable solution. Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a ten out of ten.

I rate the technical support a seven out of ten.

Neutral

I have experience with another solution in the past, but I don't remember its name.

The product's initial setup was very straightforward.

The solution is deployed on an on-premises model and the cloud. With the endpoint in the product, everything was reported back to the cloud offered by Tenable.

I saw a return on investment from using the solution since I feel that finding the vulnerabilities is always much cheaper than dealing with a situation after your system gets hacked. In short, I would put it as insurance is cheaper than the fire.

In our company, we went through every other tool in the market and came down to Rapid7 and Tenable since they were the only two good options.

Network scans are very resource-intensive and can cause outages in some instances, which is a political and not a technical issue to solve.

I rate the overall tool a ten out of ten.

Vulnerability Management is used to discover assets and identify vulnerabilities across our IT landscape. 

The dashboard is pretty intuitive, and it lets you do a drill-down analysis of each vulnerability. That is something that brings a lot of value to the organization.

Tenable could improve visibility into assets, including automated asset tagging. You should be able to automatically tag assets based on location, function, ownership, etc. That would help us because we spend a lot of time identifying and tagging assets by hand. 

I have used Vulnerability Management since February 2021.

There are factors within the organization that affect stability. Ultimately, your Tenable.io performance depends on your on-prem network infrastructure. 

I haven't used Tenable.io support, but my team has, and I haven't heard any complaints thus far. 

I used Qualys at my previous job for vulnerability validation, but I have used Tenable.io VM for quite a while now.  

Deploying Tenable.io VM is neither straightforward nor particularly complex. We run gateways in North America and India, respectively that talk to the Tenable.io console. It's not too complex. It was in place when I joined, but I believe it took no more than two weeks to deploy.

You need to create a tenant in the Tenable Cloud SaaS and configure user access.  We have five analysts using the solution and one or two admins. 

We see a return by identifying vulnerabilities and converting them into actionable items. The solution provides a lot of visibility into your environment. 

We pay an annual subscription, and I feel the cost is reasonable. The license covers everything, including support. 

I rate Tenable.io Vulnerability Management nine out of 10. It's an excellent product that's scalable, stable, and intuitive. It helps you to drill down into vulnerabilities.

I primarily use the solution in order to scan assets for our clients. 

It's very reliable and is a dependable solution. 

The product offers multiple customizable templates. They've released new templates for template scanning. It makes everything a lot easier.

The dashboards are very helpful. They are also quite customizable. 

It's stable.

The solution can scale.

The initial setup is pretty straightforward. 

They need to have more dependable and faster support.

We'd like them to add more features surrounding the filtering of vulnerabilities. My understanding is that they are working on this already.

I've been using the solution for almost two years. 

The solution is stable. I'd rate it eight out nine out of ten. It is reliable. The solution doesn't crash or freeze. There are no bugs or glitches. 

The solution can scale well. I'd rate it eight out of ten. 

We have about 13,000 to 15,000 assets. 

Support is okay. However, we've had issues with them. I've had difficulties raising cases.  They need to be more responsive and need to get back to us faster. 

Neutral

The initial setup is easy. I've had no issues with the setup process. 

I'm not sure what the pricing is. I don't handle licensing.

Last year we evaluated it with other solutions. We were looking for a new or additional product to extend our expertise beyond Tenable. We did look into Qualys, among others. 

I'd rate the solution nine out of ten. I'm happy with its capabilities. 

Before, they did not have an agent-based solution. Last year, they developed one. For example, before, when users were roaming or working from home, we wouldn't be able to scan previously. Now, we can cover anyone, even off-site. 

The most valuable feature is the configuration audit. 

The interface is fine. 

We haven't had issues with support.

The solution is easy to deploy and maintain. 

The solution can scale well.

The entire product is very easy to use. 

The solution is a bit slow. It should be faster. They could improve the performance. 

We primarily use the solution for vulnerability management and confidential information detection, for example, credit card information. We also use it for configuration management. 

The scalability is great. I'd rate it nine out of ten. A company can expand it if they would like to. 

Technical support is okay. The issue is they don't have a team based in India. Sometimes, it's hard to get support on time. However, they are pretty helpful. 

Positive

We are also using Tenable.sc, version 6.0.

The initial setup is pretty straightforward. I'd rate the process eight out of ten overall. It is not overly complex. 

We can implement the solution in one week in one region. 

In terms of maintenance, we only really need one person. That's enough.

I do not manage the licensing or pricing. My team handles this aspect.

We did test multiple other solutions.

I'm an end-user.

This is an agent-based solution. There isn't a specific version we use.

The solution is very user-friendly if you compare it to other tools. I'd rate it eight out of ten.