Onapsis vs. Tenable Security Center

Onapsis is divided into 4 major components,

1. Assess
2. Comply
3. Defend
4. Control

In assess, it does a whitebox and blackbox testing of the ERP systems that have been added to the Onapsis console. It highlights relevant application issues and automates the process, also provides the solutions to implement the fix. In comply, it provides a governance on the various regulatory compliances which the firm has to follow, as well as provides a firm grip to the audit and ERP admin team. In control, it enables a workflow of 15 pre-defined parameter values within the SAP system and helps monitor, and track the changes made to those parameters. The capabilities are to either block, or request for an approval for changes made to those parameters in addition to just monitoring them. In defend, it goes through the SAP logs; and compares it with a pre-defined ruleset to alert the end-users via email or SIEM tool or both.

Incentivized

[Tenable.sc (formerly SecurityCenter)] does very well for internal scanning for vulnerabilities, however it needs to be combined with Tenable.io in order to do cloud scanning.

Incentivized

• Eliminating the manual process improves the overall accuracy of results and also frees up valuable resources to focus on other different projects.
• Onapsis provides great leverage to our technical teams in order to review in a standardized way of the landscape.
• Onapsis always matches vulnerabilities with useful context and finds possible solutions.
• Onapsis is usually implemented to continuously monitor, and alert us on any issues on the SAP systems. Not only this but implementing Onapsis also eliminates the network on the year-end and month-end audits and helps in making the overall process faster, smooth, efficient as well as accurate.

Incentivized

• Vulnerability management from one place
• Maximum endpoint visibility
• Easy to set up and plan the structure
• Support desk quickly responses
• Well-prepared documentation
• Broad scanning type
• Supports various compliance standards
• User groups allows coordination between teams

• Multiple UIs
• No proper customization of UI log-off
• Tedious setup of Control component
• No proper error messages received

Incentivized

• Centralized vulnerability management with sensors.
• Network health assessment and Incident response.
• For alerting or notification, it should also support the SMS gateway.

Incentivized

based on product capabilities and usage

On all of the occasions that I have had to reach out to Tenable for assistance, they have been extremely helpful and knowledgeable. Solutions and support are provided quickly, and they work on the issue until it is resolved.

Incentivized

Honestly, I havent use something like Onapsis before and currently I am not aware if there is something similiar out there. They are one of a kind and is a complete suit, so is unlikelly that someone from outside will appear with a better solution.

Incentivized

We decided to go with Tenable due to its robust reporting capabilities and competitive pricing vs its competitors. While all tools are very similar in regards to scanning capabilities we prefer Tenable SC's user interface. We also like the option to have both on-prem and cloud with theirs. Tenable io product as well.

Incentivized

• It offers very reasonable packages.
• The customer support of Onapsis is reliable and efficient.
• It is a great platform as it shows a unified and easy-to-read different and complex topics in a simpler way.

Incentivized

• Create internal/operational efficiencies
• Improve compliance & risk management
• Cost management
• Solid vulnerability scanner
• Ease, of use, and capabilities when it comes to analyzing vulnerabilities is what makes this product stand out

Incentivized