Looking for a vulnerability scanner for PCI compliance?
We use Tenable to scan our public facing web and VPN infrastructure and e-commerce applications for software and configuration security …
Tenable.io
Tenable.io
Overview
Recent Reviews
Reviewer Pros & Cons
View all pros & consVideo Reviews
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Tenable.io, and make your voice heard!
Pricing
View all pricingN/A
Unavailable
What is Tenable.io?
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable.io, a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies…
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
9 people want pricing too
Alternatives Pricing
What is Nessus?
Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.
What is Rapid7 InsightVM (Nexpose)?
InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also offers…
Features Scorecard
No scorecards have been submitted for this product yet.Start a Scorecard.
Product Details
What is Tenable.io?
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable.io, a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicating a vulnerability.
Tenable.io Video
Introducing Tenable.io
Tenable.io Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Comparisons
View all alternatives
Frequently Asked Questions
What is Tenable.io?
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable.io, a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicating a vulnerability.
What is Tenable.io's best feature?
Reviewers rate Support Rating highest, with a score of 8.8.
Who uses Tenable.io?
The most common users of Tenable.io are from Mid-sized Companies (51-1,000 employees) and the Information Technology & Services industry.
Reviews and Ratings
 (45)
Reviews
(1-6 of 6)- Popular Filters
Companies can't remove reviews or game the system. Here's why
December 15, 2021
Looking for a vulnerability scanner for PCI compliance?
We use Tenable to scan our public facing web and VPN infrastructure and e-commerce applications for software and configuration security vulnerabilities. While this is required for PCI compliance, we also have business partners and our Cyber Insurance provider who expect us to maintain a vulnerability management program.
- The configuration options for vulnerability scans are very flexible, there are plenty of settings to get scans configured for just about any need.
- There are also good options for reporting, from PCI compliance reports to executive summaries.
- An internal network scanner can be linked to and controlled from the cloud portal for a consolidated view of scans and results.
- Over the years, Tenable has changed their product names and features a bit too much and every year when I go to renew my licenses, I need to review the different packages and options to ensure I'm actually getting what I think I'm getting.
- Depending on how you configure scans, sometimes there are an overwhelming number of options and some types of scans have too few... it can be confusing!
September 29, 2021
Useful Service To Identify Vulnerabilities From Various Sources
Currently in use by the security team as a means of getting vulnerability information from various types of assets in the organization. We have deployed this service to various endpoints (macOS, Linux, and Windows) as well as to use with cloud services including AWS and Azure. Whenever used, it has always given good visibility and insights.
- Ability to benchmark against recognized good practice
- Ease of deployment/setup with assets
- Explanations of vulnerabilities and how things are detected
- Have to switch between interfaces to access certain functionality
- Scan speeds/resource utilization at times
- Executive level reporting could do with some improvements
February 06, 2020
An easy way to maintain security
Tenable.io is just being used by a small part of the Information Technology department. It addresses the issue of being able to test out servers for vulnerabilities on a regular basis. This helps keep our technology secure and up to date since we utilize the product each week and get results each week.
- Provides quick reliable vulnerability testing.
- Publishes the reports in a clean format.
- It has variety in the types of vulnerability scanning it does.
- There doesn't seem to be a feature to replicate a previous scan with the same IP addresses as before. You have to manually enter them each time.
- It would be nice to be able to see the DNS (such as hovering to see it) without having to click on the actual IP address under the specific vulnerability.
- It would be nice to be able to sort the vulnerabilities found in different ways. There are some options available, but more would be a plus.
January 21, 2020
The Cadillac of Vulnerability Management
We're using Tenable.io across all IT controlled infrastructure assets to find and patch vulnerabilities. It allows us to find outdated, unsupported and unpatched software no matter the OS or its location(cloud or on-premises.) Once found, it also generally has very easy to follow instructions on remediating the vulnerabilities found.
- Scans using on-site and cloud scanners, giving you visibility from different angles.
- The best in the business when it comes to plugin accuracy and coverage.
- Expensive - You do pay a slight premium for the best product in the space.
- Asset management is difficult to work with if you have a lot of asset turnover, the license can be ''held'' for 3-6 months after the asset is gone from your environment.
Tenable.io addresses our requirements for vulnerability and web application scanning and is used across our web server and application platforms. We use it in both test and production environments to provide end to end visibility of vulnerabilities through our systems and keep up to date with the latest threats.
- Tenable.io provides predictable and repeatable scanning
- Tenable.io allows us to do PCI attestation scanning (Tenable.IO is an Approved Scanning Vendor)
- Tenable.io provides a comprehensive set of features that can be configured in detail to customize scanning requirements
- Configuration is not always intuitive, but the comprehensive training and documentation comes to the rescue.
- The mix of classic and beta UIs currently is confusing and we find the classic UI is actually better.
Tenable.io is used in our environment to monitor 4 separate domains. We have an in house scanner to perform all internal scans at our datacenter (4 separate DMZs and Internal zones). The internal scanner also scans the infrastructure equipment at our remote sites across a VPN tunnel. Our license also comes with 4 external PCI scans a year, that come with remediation assistance from Tenable.io.
- Setup of the internal scanner was fairly simple and straight forward.
- An update came out for the internal scanner that allows you to add an Internal Certificate Authority for lookup.
- Has automated reporting to keep executives and compliance departments informed.
- Internal scanner can be configured to auto-update itself.
- "Recast Rules" allows your organization to redefine a vulnerabilities' classification, if it is not applicable or your disagree.
- External PCI scans allow you to remediate before submitting to Tenable.io for review.
- Tenable.io staff was very patient and helpful. They provided some limited guidance with remediation.
- Internal and External scans can be automated. schedule for the automated scans is very granular.
- Documentation is unorganized on their site. I couldn't find an Admin Guide.
- Locating any information on advanced configuration requires Google and third-party sites. I could not locate any answers, in any Tenable.io documentation.
- The license is based on assets. If you scan an IP Range in a different subnet than the internal scanner, all IPs will consume a license even though some IPs are unresponsive. IPs need to be manually defined.
- The automated reports could allow you to customize the reports. Some of the reports are bloated with unneeded details
- License renewal process could be a little more streamlined. The renewal price on the website (for your account), is incorrect. You have to use a reseller.