Tenable Vulnerability Management Reviews

Tenable.io Vulnerability Management is used as a unified platform for vulnerability management.

Tenable.io Vulnerability Management could be improved with an increased number of dashboards and MSSP integration.

I've been working with Tenable.io Vulnerability Management for five years.

Tenable.io Vulnerability Management is stable.

Tenable.io Vulnerability Management is scalable.

Tenable doesn't provide support beyond documentation.

Neutral

The initial setup is straightforward so long as your infrastructure, components, and networks are in place. There are also a few teaching issues post-migration, like integration with third parties and SEO integrations.

Tenable.io Vulnerability Management gives a good ROI in the long run, though it would be better with a pay-as-you-go model.

Tenable.io Vulnerability Management's pricing solution model isn't great. Providing a pay-as-you-go option would be an improvement.

Tenable is a full-service product, but it still has a lot of improvements to make, so I'd recommend exploring other products before implementing it. I would give Tenable.io Vulnerability Management a rating of nine out of ten.

I work for a company called Maxtec, and we are a distributor. One of the solutions that we used to distribute, not anymore, is Tenable. I've worked as the product manager for Tenable, and it is one of the products on which I've worked quite extensively. We stopped its distribution last year, and I stopped working with it at the beginning of 2022. We were using its latest version.

One of the biggest cutting-edge technologies that they were able to introduce is predictive prioritization. It has helped a lot of IT teams enormously that were heavily under the weight of vulnerabilities that they needed to remediate. Just in 2019, over 19,000 vulnerabilities were discovered, and about 10,000 of those vulnerabilities were rated between high and critical. The way predictive prioritization works is that it adds a lot of context and granularity, and it helps you understand which vulnerabilities actually pose an immediate risk to your environment. It eliminates the pressure that the IT teams were under in terms of remediation because now, they don't have to focus on 10,000 vulnerabilities. They can only focus on 3% of vulnerabilities that pose an immediate risk to their environment. That, for me, has been a cutting-edge technology and a game-changer in helping a lot of IT teams in focusing more on the risk that they need to address, at least within the next 30 days.

Tenable.io, in particular, is quite a powerful product. It looks at your traditional environment, which is pretty much anything that is on-premises, and it also goes a step ahead and covers your modern assets, which is anything that is currently sitting in the cloud. You get complete visibility of your entire environment and tech operation. The ability to give you visibility across the entire tech surface is one of the biggest advantages that Tenable.io has.

The use of agents comes in very handy when a lot of the workforce is working from home, such as during COVID-19. Some of the traditional tools would not be able to monitor any of those devices that people would be working with, such as laptops, because they are remote. You can only audit their machines if they are on the business premises, but with Tenable.io agents, you can maintain that level of continuous monitoring, even if they are not on-premises at the time of the scan. The agents run the scans locally on the machine.

Tenable.io is a cloud-managed solution, but the scanners are sitting on-premises. They've also got some public cloud scanners that are sitting all over the world. They've got something called frictionless assessments, which is quite an interesting approach for vulnerability scanning of anything that is sitting in your AWS. You don't have to deploy the scanners. They've got sensors in there that are able to give you continuous monitoring without deploying scanners, doing any configurations, or inputting any credentials.

They've been able to think about everything in terms of where the world is going and the type of assets that you've got. They've everything sorted out in that aspect, but you have to pay for most of the other components that they've got to give you complete visibility across your tech surface. If it already had those capabilities in-built, without having to add them on to take advantage of them, it would be a very compelling value proposition.

Their support needs to be improved in terms of turnaround time.

It is stable.

It is a cloud solution. Therefore, it is highly scalable. There is no limit to how many assets and devices you can handle.

In terms of verticals, in the public sector, we've seen a huge uptake. That could be because of compliance reasons. We've also seen it being used quite extensively within the banking and financial verticals. Those are the biggest users of the product. There has also been an uptake in other verticals but just not as big or as vast as the public sector and the finance and banking sector.

One area that they could improve is technical support. Oftentimes, it's not as good as it should be. The turnaround time could be improved quite significantly.

It is pretty easy and straightforward. For the cloud, you don't have to do anything on the management console. That is already set up for you. The only thing that you need to configure is your scanners that are sitting on-premise. For that, you just need a linking key that you obtain from Tenable.io so that there is directional communication between the cloud, your cloud instance, and various scanners that are sitting on-premises. It would be the same process if you want to install an agent, for example, on a machine. It would apply the same way. The only difference is that instead of choosing a scanner, you'd choose an agent.

For future users of Tenable.io, I would recommend using a layered approach. Tenable.io has an open API. So, it can be integrated with SIEM solutions. You can look at integrating it with privileged access management or any SIEM solution so that you've got all the data being pumped into a centralized location, and you are able to read the data alongside other security events coming from the SIEM and privileged access management solutions. 

Companies that are currently using Tenable.io can definitely start looking at integrating some of their security solutions for a much more robust security approach.

I would rate it a solid eight out of ten.

We use the solution for our vulnerability management program.

The solution is deployed in the cloud.

When the logging logic is lacking certain columns, Tenable.io Vulnerability Management provides comprehensive coverage, thereby simplifying the reporting process.

One of the most valuable features of Tenable.io Vulnerability Management is its exportability, which allows us to conduct risk assessments efficiently. This feature enables us to prioritize security issues based on their level of importance, without being distracted by other irrelevant details. Additionally, the system is frequently updated to ensure it complies with industry standards.

The asset identification has room for improvement. Since we are using a cloud-based scanner, we must scan devices based on their ID. However, we are encountering many issues with reporting. Assets are often being incorrectly merged or we encounter issues related to assets. If we had an agent with a scanning system, this issue may not have occurred, but it currently exists.

The UI has room for improvement. The previous version of the UI was better.

The technical support has room for improvement.

I have been using the solution for nine months.

The solution is generally stable, although we have experienced two instances in the past where it was down. The first outage was related to the scanner and lasted a few hours, while the second was caused by storage issues that prevented us from clearing the logs.

Scalability depends on our licensing agreement and the number of scanners we use. Currently, the number of scanners and our license allows for scalability up to a certain limit. Beyond that limit, we would need to purchase additional licenses to expand.

The technical support team responds promptly to basic issues. However, when faced with major issues or more complex problems, it can take longer to receive adequate assistance due to a high volume of entries. In such cases, we are required to submit detailed logs, which the support team will analyze before we can proceed to ask further questions.

Negative

Our current license covers 2,500 assets. If we want to add more assets we need to buy another license for another scanner.

I give the solution an eight out of ten.

We have around nine people using the solution.

The necessary maintenance pertains to storage. As it will be hosted on a specific cloud instance, we need to periodically manage the storage when the logs become full. This involves manually logging into the deployment platform and clearing the storage every few months.

The features of Tenable.io Vulnerability Management are impressive, the management system is well-designed, and the scanning options are thorough. Additionally, there are numerous built-in templates available. However, when utilizing the twelve-day scanner, asset identification can become challenging because of the dynamic IP addresses, which the solution struggles to properly identify the devices.

Tenable.io Vulnerability Management is a leading solution for vulnerability management and excels at aggregating information.

Our company has 25 technicians who use the solution to scan firewalls and produce scheduled compliance reports for various environments.

The solution is easy to use and configuration is smooth with no complexities.

The solution is one of the best tools in the market for vulnerability management and remediation. It functions exactly as we desire.

The solution creates vulnerability tickets within the VM profile but should also include them under the Remediation tab so the fixes can be viewed in the ticketing queue. 

Qualys is a competitor product and handles vulnerability tickets in this comprehensive manner. 

I have been using the solution for two years. 

The solution is stable and I have only experienced hangs a few times. 

The solution is accessible from the private cloud so it is scalable to any needs. 

Technical support requires constant follow up and that is an issue. Once they are made aware of an issue, it takes time for them to find a resolution. I currently have three cases and have been waiting so long for updates that I have asked for escalation.

Support provided by Qualys is better because they work with you right away to resolve issues. 

I rate support a two out of ten. 

Negative

The initial setup is straightforward and not hard to understand if you have worked with other solutions. 

We experienced an authentication issue when the NetApp scanner was trying to log in to the system and firewall, but we modified the setting and the issue was resolved. 

We deployed the solution ourselves and the complexity depends on each environment. 

For example, our company has AWS, Azure, and on-premise data center environments. Our infrastructure team builds a list of assets and then our technicians deploy the solution to conduct scans. 

The annual license is a bit costly but the solution is worth it. 

We also use Qualys and like how it handles vulnerability tickets. 

We moved to the solution because Qualys does not support Cisco Secure Firewalls and that is a requirement in our environment. 

While Qualys offers dual locations for vulnerability tickets, it is not difficult to use API calls to integrate the solution with ServiceNow for assigning mitigation. 

Many companies use third-party tools like Jira to integrate things so it is not unusual. I do believe Tenable is working on an internal solution that will be available in the future.  

I rate the solution an eight out of ten. 

The solution is used for the vulnerability assessment of the network infrastructure.

The solution finds vulnerabilities, anomalies, and threats. Tenable has basic and ad hoc scanning features. The tool schedules scans for continuous monitoring. The main advantage of the solution is that it assesses the vulnerabilities and provides a CVE score. Reporting is very easy. The management dashboard is very easy. The tool has an easy-to-use interface. It is easy to implement the product.

The product is a bit expensive.

I have been using the solution for 7 years.

The solution is stable.

The solution is scalable up to a certain point. I rate the scalability a seven to eight out of ten. Our customers are medium to large businesses.

The support is very good.

Positive

The configuration is easy. My engineers can work on it seamlessly. The deployment of the basic solution does not take more than four to eight hours. We need one or two persons to deploy and maintain the product. There are no other challenges if we have the network and can access the IPs.

The product impacts our client's operational cost related to vulnerability management in a good way. It automates a few things and saves the engineers' costs.

I rate the pricing a seven out of ten.

We are resellers. The solution is easy to implement. It has an easy-to-use interface, enabling organizations to go faster to market. Overall, I rate the product a nine out of ten.

The tool's reports are bad. They're not very customizable or flexible. During audits, we often have to exclude things that aren't relevant to our organization, but we can't do that easily with the reports. They come in HTML or PDF format, and we can't compare current results with previous ones in Excel because we never receive reports in Excel.

I have been using the product for a year, and my organization has been using it for six to seven years. 

Tenable Vulnerability Management is stable. 

I rate the tool's scalability a seven out of ten. 

The solution's support is okay, but it could be more customer-friendly. The people providing support have knowledge, but they could improve customer interaction.

The tool's deployment can be challenging, especially for those unfamiliar with Kali Linux, as it operates on this platform. This might make the setup process difficult for users accustomed to other operating systems like Windows. It may take a couple of tries to get comfortable with the process. However, once you have set it up a few times, it becomes easier.

Sometimes, we use the tool for tasks like configuration and running scans. However, it's a bit difficult to use compared to Qualys. One issue we've noticed is that it takes up a lot of space, which customers often complain about. They promised more system coverage and updates, but it isn't happening.

I rate Tenable Vulnerability Management a seven out of ten. It might be challenging if you're used to working on Windows. However, it's a recommended tool for penetration testers because it's effective for that purpose.

We use it for audit and PT. 

The product operates on a license-based model, where you purchase a license based on the number of IP addresses you intend to scan. For example, if you purchase a license for 50 IP addresses and your network has 200 users, it will only scan for those 50 IPs. You can gain visibility into all IPs within your environment, including subnets with a full license. Also, you can geographically segment your scanning targets based on the number of IPs allocated for each location.

The product is very friendly. It is easy to manage. Most of the information the tool provided was correct and helped to further investigate the vulnerability and its impact.

The most important feature is network scanning.

The solution’s pricing could be improved.

I have been using Tenable Vulnerability Management for one year.

I rate the solution’s stability an eight out of ten.

The solution is very scalable. It allows you to adjust according to your needs. You can add more features if you wish to purchase additional tools.

The initial setup is very easy. To deploy, run the setup command, and then it can deploy on your Linux and Windows platforms. I did it by myself.

The product is expensive but manageable.

I recommend the solution. Although, it varies from person to person experience. Rapid7 users can use free tools. I'm very satisfied with the product.

Overall, I rate the solution an eight out of ten.

The solution scans vulnerabilities in assets like workstations, network devices, desktops, or laptops. The product indicates vulnerabilities based on severity levels. There are high, critical, medium, low, and informational levels of severity.

The product can scan assets and web applications. It provides remediation for each vulnerability it scans. We get to know the actions we have to take to remediate the vulnerabilities. The solution is very simple to use. It also has cloud scanners. We can integrate Tenable and Nessus Scanner. It is easier to use.

The solution must provide penetration testing.

I have been using the solution since 2022.

The tool is very stable.

The tool is scalable.

We don't have many issues.

Positive

The initial setup is very easy.

The tool is easy to use and deploy. It's easy for customers to go through the documentation, see how it works, and scan their assets. Everything is straightforward, including the creation of users and enabling 2FA. Overall, I rate the tool a nine out of ten.