SUSE Security vs. Tenable Security Center

SUSE NeuVector is exceptional when you want to make your Kubernetes cluster secure. You can limit network connections, scan containers, container registries and Kubernetes nodes for vulnerable software, forbid running specific commands on certain or all containers. You can enable security for individual containers - when SUSE NeuVector has learned container specifics. That's why you can deploy SUSE NeuVector on production Kubernetes clusters where you are already running conteiners - it will not break anything.

[Tenable.sc (formerly SecurityCenter)] does very well for internal scanning for vulnerabilities, however it needs to be combined with Tenable.io in order to do cloud scanning.

Incentivized

• Scans containers software for known vulnerabilities
• Denies command execution in containers
• Prevents unwanted network connections from/to containers

• Vulnerability management from one place
• Maximum endpoint visibility
• Easy to set up and plan the structure
• Support desk quickly responses
• Well-prepared documentation
• Broad scanning type
• Supports various compliance standards
• User groups allows coordination between teams

• I like everything about NeuVector. They are on the right development path.

• Centralized vulnerability management with sensors.
• Network health assessment and Incident response.
• For alerting or notification, it should also support the SMS gateway.

Incentivized

based on product capabilities and usage

On all of the occasions that I have had to reach out to Tenable for assistance, they have been extremely helpful and knowledgeable. Solutions and support are provided quickly, and they work on the issue until it is resolved.

Incentivized

SUSE NeuVector is deployed on your Kubernetes, and data does not leave your data center. Sysdig is a cloud platform - you have no full control over what happens with your data. Also, SUSE NeuVector has a capability to prevent specific command execution ir containers, but Sysdig does not have such ability. Sysdig is not an open-source solution, but SUSE NeuVector is.

We decided to go with Tenable due to its robust reporting capabilities and competitive pricing vs its competitors. While all tools are very similar in regards to scanning capabilities we prefer Tenable SC's user interface. We also like the option to have both on-prem and cloud with theirs. Tenable io product as well.

Incentivized

• We went from being blind to what happens in the Kubernetes network to seeing everything and being able to control Kubernetes network communications.
• Now we are able to detect vulnerable containers faster.

• Create internal/operational efficiencies
• Improve compliance & risk management
• Cost management
• Solid vulnerability scanner
• Ease, of use, and capabilities when it comes to analyzing vulnerabilities is what makes this product stand out

Incentivized