Small companies might find it difficult because of the knowledge required to drive vulnerability management successfully. If you lack that knowledge, you should contract the service. I'd rate the solution eight out of ten.
We are resellers. The solution is easy to implement. It has an easy-to-use interface, enabling organizations to go faster to market. Overall, I rate the product a nine out of ten.
Sometimes, we use the tool for tasks like configuration and running scans. However, it's a bit difficult to use compared to Qualys. One issue we've noticed is that it takes up a lot of space, which customers often complain about. They promised more system coverage and updates, but it isn't happening. I rate Tenable Vulnerability Management a seven out of ten. It might be challenging if you're used to working on Windows. However, it's a recommended tool for penetration testers because it's effective for that purpose. We use it for audit and PT.
We use a third-party tool to initiate scans. I don't know whether there is a way to monitor it in real-time. I will recommend the tool to others. Overall, I rate the product an eight out of ten.
I recommend the solution. Although, it varies from person to person experience. Rapid7 users can use free tools. I'm very satisfied with the product. Overall, I rate the solution an eight out of ten.
We have many other products available. Tenable can be compared to SOGo vulnerability management, for example. Tenable is an advanced solution. If you're looking for a high level of threat protection, it provides clear visibility and gives you insights into what needs to be done next. However, general vulnerability management, especially for small and medium-sized businesses (SMBs), SOGo might be a more suitable option. SOGo offers flexible subscription models like monthly or yearly, and it caters to smaller user bases like 50 or 200 users. Tenable, on the other hand, recommends a minimum of 150 licenses, which might be overkill for smaller organizations. Overall, I would rate the solution a seven out of ten.
Learn what your peers think about Tenable Vulnerability Management. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
The tool is easy to use and deploy. It's easy for customers to go through the documentation, see how it works, and scan their assets. Everything is straightforward, including the creation of users and enabling 2FA. Overall, I rate the tool a nine out of ten.
IT Manager at a financial services firm with 1,001-5,000 employees
MSP
Top 20
2023-10-12T17:12:52Z
Oct 12, 2023
Network scans are very resource-intensive and can cause outages in some instances, which is a political and not a technical issue to solve. I rate the overall tool a ten out of ten.
I give Tenable.io Vulnerability Management a five out of ten. The maintenance requires a subject matter expert. I recommend Tenable.io Vulnerability Management.
The solution's user interface was very good. It's one of the best tools available for vulnerability management. I would definitely recommend the solution to those planning to use it. I rate the overall solution a ten out of ten.
CSO at a manufacturing company with 1,001-5,000 employees
Real User
Top 5
2023-05-29T15:09:00Z
May 29, 2023
It is a viable solution, but we then preferred and switched to Rapid7 again since it was cheaper. Also, we like the one thing we like because we had, like, problems getting to all the user machines, and so Rapid7 gave us the agent that they have. So you don't need to get the scan to the machine. You just install these solutions. We install the agent that reports on vulnerabilities instead of getting credentials scanned. And today, it's more problematic because, like, it would take several years ago, like ten years ago, all the systems had the perimeter of the company, and all the users were in some understandable place, and we knew where to look for them. Today, as a company where people around the world are not always using VPNs to connect to the network, and if they connect, they connect for some time, and let's say you are scanning your user computers every night or every day at five o'clock. So when you do the scan, just ten percent of the people, you hit them because only ten percent of the people are connected to your VPN during the five o'clock window. So you don't see the other machines, and you don't get them. Hence, you don't know the vulnerability status because they are less scanned. The solution needs to be perimeter-less, let's say, or the scans we need to get to the machines to all the machines, and if you scan them somehow or even if they are on the open internet, it's hard. So here, the agent solution is very easy because they report to the management on the vulnerability status from the agent over the internet. It was a big plus. In terms of pricing and capabilities and just of the capability, while also considering our use cases where it is most important for us to get to all the machines. I rate the overall product a seven out of ten.
I give the solution an eight out of ten. We have around nine people using the solution. The necessary maintenance pertains to storage. As it will be hosted on a specific cloud instance, we need to periodically manage the storage when the logs become full. This involves manually logging into the deployment platform and clearing the storage every few months. The features of Tenable.io Vulnerability Management are impressive, the management system is well-designed, and the scanning options are thorough. Additionally, there are numerous built-in templates available. However, when utilizing the twelve-day scanner, asset identification can become challenging because of the dynamic IP addresses, which the solution struggles to properly identify the devices. Tenable.io Vulnerability Management is a leading solution for vulnerability management and excels at aggregating information.
I rate Tenable.io Vulnerability Management nine out of 10. It's an excellent product that's scalable, stable, and intuitive. It helps you to drill down into vulnerabilities.
Security Specialist at a security firm with 51-200 employees
Real User
Top 20
2023-02-13T20:29:00Z
Feb 13, 2023
I work with Tenable.io and implement this solution for many customers. I would rate it eight out of ten. The solution needs either two engineers or one security specialist to maintain it.
Technical Consultant at a tech consulting company with 51-200 employees
Real User
2022-10-24T10:07:26Z
Oct 24, 2022
I rate the solution an eight out of ten. The solution is good, but the price could be lower, and the grouping of platforms on the dashboard can be included in the product's next release. I advise new users to know the infrastructure system and networking. Additionally, there are videos and documentation that will assist them in getting set up to use the product right away.
It's a great product, and it brings more value with every improvement in the quarter. It's a mature product. Of course, the reporting could be better. I'd rate the solution seven out of ten.
While Qualys offers dual locations for vulnerability tickets, it is not difficult to use API calls to integrate the solution with ServiceNow for assigning mitigation. Many companies use third-party tools like Jira to integrate things so it is not unusual. I do believe Tenable is working on an internal solution that will be available in the future. I rate the solution an eight out of ten.
Tenable is a full-service product, but it still has a lot of improvements to make, so I'd recommend exploring other products before implementing it. I would give Tenable.io Vulnerability Management a rating of nine out of ten.
For future users of Tenable.io, I would recommend using a layered approach. Tenable.io has an open API. So, it can be integrated with SIEM solutions. You can look at integrating it with privileged access management or any SIEM solution so that you've got all the data being pumped into a centralized location, and you are able to read the data alongside other security events coming from the SIEM and privileged access management solutions. Companies that are currently using Tenable.io can definitely start looking at integrating some of their security solutions for a much more robust security approach. I would rate it a solid eight out of ten.
Senior Consultant at a tech services company with 11-50 employees
Real User
2021-06-09T13:17:00Z
Jun 9, 2021
I would recommend this solution at this time, but after installing it for more customers, my answer might change in the future. I would rate this solution a seven out of 10.
President and CEO, Founder Executive at SecuSolutions Co., Ltd.
Real User
2021-03-30T07:13:47Z
Mar 30, 2021
We're a partner for Tenable Nessus. The Tenable.io is what we're using currently. It suits our needs best due to the fact that it's in the cloud. The API is okay. It's not wonderful. Seems to serve a purpose. The biggest problem with the solution is that if you're a small company, you're not going to be able to afford it, nor are you going to be able to manage it. I would recommend other organizations use the product. People probably don't consider the amount of, let's say, understanding or comprehension that they need of their own network to truly be able to deploy and manage and get the results they're looking for, however. Many often underestimate all their skillsets. Tenable has a number of features and functionalities and it can be a little confusing for, let's say, a non-security savvy person. It could be a little bit of a challenge, to be honest. I'd suggest any company that considers it also does their homework first. I'd rate the solution at a seven out of ten. It gets the job done. It really is smooth to operate once it's set up. It is for the most part pretty easy to set and forget.
We are a reseller. We work with a lot of different Tenable.io products. My only recommendation to other companies would be to put up a plan and follow the plan, point by point. Keep tracking of the result and make adjustments, if necessary. It's important to go in with a bit of a roadmap to follow. It will help ensure results. In general, I would rate the solution at an eight out of ten. We've been pretty happy with the solution overall.
Security Architect at a computer software company with 51-200 employees
Real User
Top 20
2020-07-05T09:37:54Z
Jul 5, 2020
My advice for anybody who is implementing this product is to have all of the requirements documented and ready in advance. You match the solution to your requirements. Out of the box, we found that Tenable.io matched almost all of our requirements. The only clarification that we needed had to do with the Tenable.io Web App license. We have a good understanding of how Tenable.io works with containers and infrastructure, but when it comes to deep driving into applications, databases, APIs, and toolkits that you have in your environment, you need a separate license for that. This is what the Web Application license is. In order to enjoy the maximum value, you need to have the appropriate licensing. Overall, I am quite happy with Tenable.io. I would rate this solution a nine out of ten.
Managed in the cloud and powered by Tenable Nessus, Tenable Vulnerability Management (formerly Tenable.io) provides the industry's most comprehensive vulnerability coverage with real-time continuous assessment of your organization. Built-in prioritization, threat intelligence and real-time insight help you understand your exposures and proactively prioritize remediations.
Small companies might find it difficult because of the knowledge required to drive vulnerability management successfully. If you lack that knowledge, you should contract the service. I'd rate the solution eight out of ten.
We are resellers. The solution is easy to implement. It has an easy-to-use interface, enabling organizations to go faster to market. Overall, I rate the product a nine out of ten.
Sometimes, we use the tool for tasks like configuration and running scans. However, it's a bit difficult to use compared to Qualys. One issue we've noticed is that it takes up a lot of space, which customers often complain about. They promised more system coverage and updates, but it isn't happening. I rate Tenable Vulnerability Management a seven out of ten. It might be challenging if you're used to working on Windows. However, it's a recommended tool for penetration testers because it's effective for that purpose. We use it for audit and PT.
We use a third-party tool to initiate scans. I don't know whether there is a way to monitor it in real-time. I will recommend the tool to others. Overall, I rate the product an eight out of ten.
I recommend the solution. Although, it varies from person to person experience. Rapid7 users can use free tools. I'm very satisfied with the product. Overall, I rate the solution an eight out of ten.
We have many other products available. Tenable can be compared to SOGo vulnerability management, for example. Tenable is an advanced solution. If you're looking for a high level of threat protection, it provides clear visibility and gives you insights into what needs to be done next. However, general vulnerability management, especially for small and medium-sized businesses (SMBs), SOGo might be a more suitable option. SOGo offers flexible subscription models like monthly or yearly, and it caters to smaller user bases like 50 or 200 users. Tenable, on the other hand, recommends a minimum of 150 licenses, which might be overkill for smaller organizations. Overall, I would rate the solution a seven out of ten.
The tool is easy to use and deploy. It's easy for customers to go through the documentation, see how it works, and scan their assets. Everything is straightforward, including the creation of users and enabling 2FA. Overall, I rate the tool a nine out of ten.
Network scans are very resource-intensive and can cause outages in some instances, which is a political and not a technical issue to solve. I rate the overall tool a ten out of ten.
I would rate the product a ten out of ten. You need to be specific with each step while using Tenable.io Vulnerability Management.
If technical support for the solution is not considered, I recommend it to those planning to use it. Overall, I rate the solution a six out of ten.
I give Tenable.io Vulnerability Management a five out of ten. The maintenance requires a subject matter expert. I recommend Tenable.io Vulnerability Management.
The solution's user interface was very good. It's one of the best tools available for vulnerability management. I would definitely recommend the solution to those planning to use it. I rate the overall solution a ten out of ten.
It is a viable solution, but we then preferred and switched to Rapid7 again since it was cheaper. Also, we like the one thing we like because we had, like, problems getting to all the user machines, and so Rapid7 gave us the agent that they have. So you don't need to get the scan to the machine. You just install these solutions. We install the agent that reports on vulnerabilities instead of getting credentials scanned. And today, it's more problematic because, like, it would take several years ago, like ten years ago, all the systems had the perimeter of the company, and all the users were in some understandable place, and we knew where to look for them. Today, as a company where people around the world are not always using VPNs to connect to the network, and if they connect, they connect for some time, and let's say you are scanning your user computers every night or every day at five o'clock. So when you do the scan, just ten percent of the people, you hit them because only ten percent of the people are connected to your VPN during the five o'clock window. So you don't see the other machines, and you don't get them. Hence, you don't know the vulnerability status because they are less scanned. The solution needs to be perimeter-less, let's say, or the scans we need to get to the machines to all the machines, and if you scan them somehow or even if they are on the open internet, it's hard. So here, the agent solution is very easy because they report to the management on the vulnerability status from the agent over the internet. It was a big plus. In terms of pricing and capabilities and just of the capability, while also considering our use cases where it is most important for us to get to all the machines. I rate the overall product a seven out of ten.
I give the solution an eight out of ten. We have around nine people using the solution. The necessary maintenance pertains to storage. As it will be hosted on a specific cloud instance, we need to periodically manage the storage when the logs become full. This involves manually logging into the deployment platform and clearing the storage every few months. The features of Tenable.io Vulnerability Management are impressive, the management system is well-designed, and the scanning options are thorough. Additionally, there are numerous built-in templates available. However, when utilizing the twelve-day scanner, asset identification can become challenging because of the dynamic IP addresses, which the solution struggles to properly identify the devices. Tenable.io Vulnerability Management is a leading solution for vulnerability management and excels at aggregating information.
I rate Tenable.io Vulnerability Management nine out of 10. It's an excellent product that's scalable, stable, and intuitive. It helps you to drill down into vulnerabilities.
I work with Tenable.io and implement this solution for many customers. I would rate it eight out of ten. The solution needs either two engineers or one security specialist to maintain it.
I rate the solution an eight out of ten. The solution is good, but pricing, support and flexibility can be improved.
I rate the solution an eight out of ten. The solution is good, but the price could be lower, and the grouping of platforms on the dashboard can be included in the product's next release. I advise new users to know the infrastructure system and networking. Additionally, there are videos and documentation that will assist them in getting set up to use the product right away.
It's a great product, and it brings more value with every improvement in the quarter. It's a mature product. Of course, the reporting could be better. I'd rate the solution seven out of ten.
While Qualys offers dual locations for vulnerability tickets, it is not difficult to use API calls to integrate the solution with ServiceNow for assigning mitigation. Many companies use third-party tools like Jira to integrate things so it is not unusual. I do believe Tenable is working on an internal solution that will be available in the future. I rate the solution an eight out of ten.
Tenable is a full-service product, but it still has a lot of improvements to make, so I'd recommend exploring other products before implementing it. I would give Tenable.io Vulnerability Management a rating of nine out of ten.
For future users of Tenable.io, I would recommend using a layered approach. Tenable.io has an open API. So, it can be integrated with SIEM solutions. You can look at integrating it with privileged access management or any SIEM solution so that you've got all the data being pumped into a centralized location, and you are able to read the data alongside other security events coming from the SIEM and privileged access management solutions. Companies that are currently using Tenable.io can definitely start looking at integrating some of their security solutions for a much more robust security approach. I would rate it a solid eight out of ten.
I would recommend this solution at this time, but after installing it for more customers, my answer might change in the future. I would rate this solution a seven out of 10.
We're a partner for Tenable Nessus. The Tenable.io is what we're using currently. It suits our needs best due to the fact that it's in the cloud. The API is okay. It's not wonderful. Seems to serve a purpose. The biggest problem with the solution is that if you're a small company, you're not going to be able to afford it, nor are you going to be able to manage it. I would recommend other organizations use the product. People probably don't consider the amount of, let's say, understanding or comprehension that they need of their own network to truly be able to deploy and manage and get the results they're looking for, however. Many often underestimate all their skillsets. Tenable has a number of features and functionalities and it can be a little confusing for, let's say, a non-security savvy person. It could be a little bit of a challenge, to be honest. I'd suggest any company that considers it also does their homework first. I'd rate the solution at a seven out of ten. It gets the job done. It really is smooth to operate once it's set up. It is for the most part pretty easy to set and forget.
We are a reseller. We work with a lot of different Tenable.io products. My only recommendation to other companies would be to put up a plan and follow the plan, point by point. Keep tracking of the result and make adjustments, if necessary. It's important to go in with a bit of a roadmap to follow. It will help ensure results. In general, I would rate the solution at an eight out of ten. We've been pretty happy with the solution overall.
My advice for anybody who is implementing this product is to have all of the requirements documented and ready in advance. You match the solution to your requirements. Out of the box, we found that Tenable.io matched almost all of our requirements. The only clarification that we needed had to do with the Tenable.io Web App license. We have a good understanding of how Tenable.io works with containers and infrastructure, but when it comes to deep driving into applications, databases, APIs, and toolkits that you have in your environment, you need a separate license for that. This is what the Web Application license is. In order to enjoy the maximum value, you need to have the appropriate licensing. Overall, I am quite happy with Tenable.io. I would rate this solution a nine out of ten.
We use the cloud deployment model. I'd recommend the solution. I'd rate it eight out of ten.