Tenable.io Reviews

12 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.8 out of 100

Do you work for this company? Manage this listing

Overall Rating

Reviewer's Company Size

Last Updated

By Topic

Industry

Department

Experience

Job Type

Role

Reviews (1-4 of 4)

Randy Munroe | TrustRadius Reviewer
January 21, 2020

The Cadillac of Vulnerability Management

Score 10 out of 10
Vetted Review
Verified User
Review Source
We're using Tenable.io across all IT controlled infrastructure assets to find and patch vulnerabilities. It allows us to find outdated, unsupported and unpatched software no matter the OS or its location(cloud or on-premises.) Once found, it also generally has very easy to follow instructions on remediating the vulnerabilities found.
  • Scans using on-site and cloud scanners, giving you visibility from different angles.
  • The best in the business when it comes to plugin accuracy and coverage.
  • Expensive - You do pay a slight premium for the best product in the space.
  • Asset management is difficult to work with if you have a lot of asset turnover, the license can be ''held'' for 3-6 months after the asset is gone from your environment.
Tenable.io works in almost any scenario imaginable. It can scan your cloud environments with pre-configured AWS/Azure scanners. It can give you an external view of your infrastructure, or scan internally. There are also agents you can deploy for assets on a network you don't have access to scan over. I imagine that per asset licensing would be prohibitive for extremely large environments when you could do a Nessus Professional or Security Center deployment instead, but I haven't researched those options much since we're at 800 assets total.
Support is usually really great at walking you through any steps you need to take when you get stuck on something. There are a few false positives and errors that have come up over the years that required their help to get through. Unfortunately, the steps required to diagnose some problems are more tedious than I think should be necessary. (IE: SQL instances can throw errors that clog up your logs because one plugin affects it in a certain way. The process to diagnose this is to watch timestamps of plugins in a log while monitoring the SQL logs at the same time and using your best guess as to what is causing it.)
Read Randy Munroe's full review
Anonymous | TrustRadius Reviewer
February 06, 2020

An easy way to maintain security

Score 8 out of 10
Vetted Review
Verified User
Review Source
Tenable.io is just being used by a small part of the Information Technology department. It addresses the issue of being able to test out servers for vulnerabilities on a regular basis. This helps keep our technology secure and up to date since we utilize the product each week and get results each week.
  • Provides quick reliable vulnerability testing.
  • Publishes the reports in a clean format.
  • It has variety in the types of vulnerability scanning it does.
  • There doesn't seem to be a feature to replicate a previous scan with the same IP addresses as before. You have to manually enter them each time.
  • It would be nice to be able to see the DNS (such as hovering to see it) without having to click on the actual IP address under the specific vulnerability.
  • It would be nice to be able to sort the vulnerabilities found in different ways. There are some options available, but more would be a plus.
The software is well suited for Information Technology departments that need a way to constantly check their servers and equipment for any and all vulnerabilities. This would be of huge importance to larger organizations with large networks and multiple servers. The software might be less suitable for a smaller organization with a more localized network or need, but that isn't necessarily a guarantee. I think it's appropriate for any Information Technology departments.
I give it this rating since I have never had an issue with receiving adequate support for this product. Any and all concerns have been dealt with in a timely manner, and there are ample options for getting help with any issues a user might experience with working with this product.
Read this authenticated review
Matthew White | TrustRadius Reviewer
August 14, 2019

All your scanning needs under one roof at a competitive price

Score 10 out of 10
Vetted Review
Verified User
Review Source
Tenable.io addresses our requirements for vulnerability and web application scanning and is used across our web server and application platforms. We use it in both test and production environments to provide end to end visibility of vulnerabilities through our systems and keep up to date with the latest threats.
  • Tenable.io provides predictable and repeatable scanning
  • Tenable.io allows us to do PCI attestation scanning (Tenable.IO is an Approved Scanning Vendor)
  • Tenable.io provides a comprehensive set of features that can be configured in detail to customize scanning requirements
  • Configuration is not always intuitive, but the comprehensive training and documentation comes to the rescue.
  • The mix of classic and beta UIs currently is confusing and we find the classic UI is actually better.
Excellent for standard vulnerability scanning, especially for AWS and with the web and PCI scanning, it provides a complete package.
Read Matthew White's full review
Anonymous | TrustRadius Reviewer
June 03, 2019

Tenable.io may seem pricey, but it is definitely worth the money

Score 9 out of 10
Vetted Review
Verified User
Review Source
Tenable.io is used in our environment to monitor 4 separate domains. We have an in house scanner to perform all internal scans at our datacenter (4 separate DMZs and Internal zones). The internal scanner also scans the infrastructure equipment at our remote sites across a VPN tunnel. Our license also comes with 4 external PCI scans a year, that come with remediation assistance from Tenable.io.
  • Setup of the internal scanner was fairly simple and straight forward.
  • An update came out for the internal scanner that allows you to add an Internal Certificate Authority for lookup.
  • Has automated reporting to keep executives and compliance departments informed.
  • Internal scanner can be configured to auto-update itself.
  • "Recast Rules" allows your organization to redefine a vulnerabilities' classification, if it is not applicable or your disagree.
  • External PCI scans allow you to remediate before submitting to Tenable.io for review.
  • Tenable.io staff was very patient and helpful. They provided some limited guidance with remediation.
  • Internal and External scans can be automated. schedule for the automated scans is very granular.
  • Documentation is unorganized on their site. I couldn't find an Admin Guide.
  • Locating any information on advanced configuration requires Google and third-party sites. I could not locate any answers, in any Tenable.io documentation.
  • The license is based on assets. If you scan an IP Range in a different subnet than the internal scanner, all IPs will consume a license even though some IPs are unresponsive. IPs need to be manually defined.
  • The automated reports could allow you to customize the reports. Some of the reports are bloated with unneeded details
  • License renewal process could be a little more streamlined. The renewal price on the website (for your account), is incorrect. You have to use a reseller.
Tenable.io is a cost effective Internal and External scanner. The Internal scanner came with a .ova, so it was very simple and quick to deploy it into our ESXi environment. It has a cloud-based dashboard for management and the internal scanner is configured to auto-update from Tenable.io. The license came with 4 External PCI scans (with remediation) a year.
Read this authenticated review

About Tenable.io

Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable.io, a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicating a vulnerability.

Tenable.io Technical Details

Operating Systems: Unspecified
Mobile Application:No