TrustRadius Insights
Tenable.io is a versatile tool that is widely used across various IT infrastructure assets to identify and address vulnerabilities, …
Overview
What is Tenable Vulnerability Management?
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable Web App Scanning (formerly Tenable.io), a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies…
Recent Reviews
Pricing
N/A
Unavailable
What is Tenable Vulnerability Management?
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable Web App Scanning (formerly Tenable.io), a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure…
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
30 people also want pricing
Alternatives Pricing
What is Tenable Nessus?
Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.
What is Kaspersky Endpoint Security Cloud?
Kaspersky Endpoint Security Cloud provides a solution for organizations' IT security needs, blocking ransomware, file-less malware, zero-day attacks and other emerging threats. Kaspersky’s cloud-based approach helps users to work securely on any device, and collaborate safely online, at work or at…
Product Details
- About
- Tech Details
What is Tenable Vulnerability Management?
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable Web App Scanning (formerly Tenable.io), a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicating a vulnerability.
Tenable Vulnerability Management Video
Introducing Tenable.io
Tenable Vulnerability Management Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Comparisons
Compare with
Reviews and Ratings
(59)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
- Recommendations
Tenable.io is a versatile tool that is widely used across various IT infrastructure assets to identify and address vulnerabilities, regardless of the operating system or location. Users have found Tenable.io to be particularly helpful in providing clear instructions for remediating vulnerabilities. It is utilized for vulnerability and web application scanning in both test and production environments, offering end-to-end visibility of vulnerabilities in web servers, application platforms, and e-commerce applications.
One of the key use cases of Tenable.io is its ability to aid organizations in maintaining compliance with PCI requirements. By using this software, businesses can satisfy the expectations of their business partners and cyber insurance providers, ensuring that their technology remains secure and up to date. Moreover, Tenable.io is highly valued for its ability to monitor multiple domains, including internal zones and remote sites. This feature enables companies to proactively identify potential vulnerabilities in their networks, such as outdated software or misconfigured devices, and take necessary remediation actions to reduce the risk of security breaches.
Additionally, Tenable.io's continuous network monitoring capabilities allow for real-time identification and response to potential threats. With this tool, users can take proactive action to prevent security incidents from occurring. Overall, Tenable.io serves as a reliable solution for organizations seeking comprehensive vulnerability management and network monitoring capabilities while offering user-friendly instructions and diverse functionalities to address their specific needs.
Plugin Accuracy and Coverage: Many users have praised Tenable.io for its exceptional plugin accuracy and coverage. Reviewers have consistently highlighted the effectiveness of the platform in detecting vulnerabilities, ensuring a thorough assessment of their systems.
Comprehensive Set of Features: Tenable.io offers a comprehensive set of features that can be customized to meet specific scanning requirements. Users appreciate the flexibility provided by the platform, allowing them to tailor vulnerability scans according to their unique needs.
Convenient Cloud Portal Integration: The ability to link and control an internal network scanner from the cloud portal has been widely appreciated by users. This feature allows for a consolidated view of scans and results, streamlining the vulnerability management process.
Difficult Asset Management: Several users have found asset management challenging, especially when dealing with high asset turnover. They have expressed that the license can be held for an extended period of time after the asset is removed from the environment.
Confusing User Interface: Many reviewers have stated that the mix of classic and beta user interfaces in Tenable.io is confusing, leading them to prefer the classic UI over the newer version.
Unorganized Documentation: Users have reported difficulties in finding specific information on Tenable.io due to unorganized documentation. Some users even mentioned not being able to locate an Admin Guide and having to rely on external sources for advanced configuration information.
Users of Tenable.io have made several recommendations based on their experiences with the product. These recommendations are as follows:
-
Try the trial: Users suggest taking advantage of the trial offered by Tenable.io to assess if it meets your specific needs. This allows you to evaluate the product's capabilities and determine if it aligns with your requirements before making a purchase.
-
Use it for vulnerability scanning and awareness: Tenable.io is highly recommended for its effectiveness in vulnerability scanning and enhancing security awareness. Users believe it is one of the popular tools preferred by large organizations for infrastructure and server security.
-
Consider scalability and deployment planning: Users appreciate the ease of deployment and scalability of Tenable.io, which allows multiple users to access it simultaneously. However, they recommend planning the deployment well in order to maximize its effectiveness. Additionally, users advise considering the maturity of your security team and having the appropriate processes in place for patching and vulnerability remediation before investing in Tenable.io.
These user recommendations highlight some key areas where Tenable.io excels, such as vulnerability management, scalability, and its value for infrastructure security. It is important to consider these suggestions when evaluating whether Tenable.io is the right fit for your organization's cybersecurity needs.
Attribute Ratings
Reviews
(1-5 of 5)Companies can't remove reviews or game the system. Here's why
December 15, 2021
Looking for a vulnerability scanner for PCI compliance?
We use Tenable to scan our public facing web and VPN infrastructure and e-commerce applications for software and configuration security vulnerabilities. While this is required for PCI compliance, we also have business partners and our Cyber Insurance provider who expect us to maintain a vulnerability management program.
- The configuration options for vulnerability scans are very flexible, there are plenty of settings to get scans configured for just about any need.
- There are also good options for reporting, from PCI compliance reports to executive summaries.
- An internal network scanner can be linked to and controlled from the cloud portal for a consolidated view of scans and results.
- Over the years, Tenable has changed their product names and features a bit too much and every year when I go to renew my licenses, I need to review the different packages and options to ensure I'm actually getting what I think I'm getting.
- Depending on how you configure scans, sometimes there are an overwhelming number of options and some types of scans have too few... it can be confusing!
- We need to maintain PCI compliance so we need a vulnerability scanner, from time to time I look at other options but keep coming back to Tenable.
- Other than PCI compliance or other compliance requirements, any company which has a public facing internet infrastructure should be doing vulnerability scans on a regular basis so you can expose security issues before someone exploits them and you end up with a data breach!
- Doing regular vulnerability scans gives us the ability to just pull the latest report summary at any given time and provide it to executive leadership or business partners looking for information about our IT security posture.
- Since this is a requirement for our PCI compliance and the cost is relatively low, the ROI isn't really something we need to think too much about, Tenable's pricing is fair and affordable.
- Qualys Cloud Platform (formerly Qualysguard)
I think Tenable and Qualys have a lot of similarities, I continue to go back to Tenable because of my familiarity and comfort level with it. I've also used a company called SecurityMetrics which has vulnerability scanning included but it is not as comprehensive as Tenable.
February 06, 2020
An easy way to maintain security
Tenable.io is just being used by a small part of the Information Technology department. It addresses the issue of being able to test out servers for vulnerabilities on a regular basis. This helps keep our technology secure and up to date since we utilize the product each week and get results each week.
- Provides quick reliable vulnerability testing.
- Publishes the reports in a clean format.
- It has variety in the types of vulnerability scanning it does.
- There doesn't seem to be a feature to replicate a previous scan with the same IP addresses as before. You have to manually enter them each time.
- It would be nice to be able to see the DNS (such as hovering to see it) without having to click on the actual IP address under the specific vulnerability.
- It would be nice to be able to sort the vulnerabilities found in different ways. There are some options available, but more would be a plus.
- Allows weekly publishing of reports to update staff
- Easy to use and helps constantly improve security of technology
- Helped identify issues before they become a bigger problem
Skipping since I don't have too much familiarity with similar products.
5
Tenable is mostly used by our network security and network engineers. They represent the individuals who keep our network strong and secure in a business setting. Tenable is helpful to test our network and servers for vulnerabilities and anything else that we might not notice on a weekly basis if it were not for Tenable.
2
A good network engineer should be able to support Tenable on a daily basis.
- Server scanning
- Vulnerability Scanning
- Weekly Updates
- Scanning
No
We do not pay for premium support yet since we have not have enough issues or needs to require a premium support feature. Usually our issues are solved by our account manager or the normal support team in a prompt matter, so haven't felt the need to opt into the premium support yet.
Yes
It wasn't a bug on their end so much as something on our end, but our scanners were failing to connect one day and Tenable worked diligently to try and determine the reasoning. They were in communication the whole way to try and determine why our scanners weren't connecting, and they stayed in touch until we solved the issue.
We had an issue with our scanner not connecting as they usually were. Tenable promptly responded to us and tried to brainstorm ideas about why this issue was occurring. They were attentive and asked questions in order to understand the possible issue. We ended up solving it mostly on our end, but they were responsive through the whole process.
January 21, 2020
The Cadillac of Vulnerability Management
We're using Tenable.io across all IT controlled infrastructure assets to find and patch vulnerabilities. It allows us to find outdated, unsupported and unpatched software no matter the OS or its location(cloud or on-premises.) Once found, it also generally has very easy to follow instructions on remediating the vulnerabilities found.
- Scans using on-site and cloud scanners, giving you visibility from different angles.
- The best in the business when it comes to plugin accuracy and coverage.
- Expensive - You do pay a slight premium for the best product in the space.
- Asset management is difficult to work with if you have a lot of asset turnover, the license can be ''held'' for 3-6 months after the asset is gone from your environment.
- We're able to mitigate over 90% of our vulnerability risk without too much effort. It helps find where automated patching fails and we can plan a fix from the findings.
- A side effect of our scanning reveals new devices on our network that aren't cleared to be.
Tenable.io was a clear winner in regards to features and capability when compared to OpenVAS, Qualys, and Nexpose. OpenVAS is a fork of an older version of Nessus Scanner(from Tenable) and has been updated over the years to a great free alternative. It takes a lot more manual work than most people are probably ready to commit to, and it doesn't have linked cloud scanners for AWS/Azure/GCP. Qualys and Nexpose I've only used intermittently in testing and seemed capable, but Tenable.io was the only solution I actually trusted with my organization's reputation.
Tenable.io addresses our requirements for vulnerability and web application scanning and is used across our web server and application platforms. We use it in both test and production environments to provide end to end visibility of vulnerabilities through our systems and keep up to date with the latest threats.
- Tenable.io provides predictable and repeatable scanning
- Tenable.io allows us to do PCI attestation scanning (Tenable.IO is an Approved Scanning Vendor)
- Tenable.io provides a comprehensive set of features that can be configured in detail to customize scanning requirements
- Configuration is not always intuitive, but the comprehensive training and documentation comes to the rescue.
- The mix of classic and beta UIs currently is confusing and we find the classic UI is actually better.
- Negated the need for regular manual scanning
- Covers reporting requirements to send to managers and for monthly reporting
- Qualys Web Application Scanning (WAS) and Acunetix
Tenable.io has a comparable set of features, with excellent support and a competitive price. After less than desirable experiences with another company, we moved to Tenable and haven't looked back since.
Tenable.io is used in our environment to monitor 4 separate domains. We have an in house scanner to perform all internal scans at our datacenter (4 separate DMZs and Internal zones). The internal scanner also scans the infrastructure equipment at our remote sites across a VPN tunnel. Our license also comes with 4 external PCI scans a year, that come with remediation assistance from Tenable.io.
- Setup of the internal scanner was fairly simple and straight forward.
- An update came out for the internal scanner that allows you to add an Internal Certificate Authority for lookup.
- Has automated reporting to keep executives and compliance departments informed.
- Internal scanner can be configured to auto-update itself.
- "Recast Rules" allows your organization to redefine a vulnerabilities' classification, if it is not applicable or your disagree.
- External PCI scans allow you to remediate before submitting to Tenable.io for review.
- Tenable.io staff was very patient and helpful. They provided some limited guidance with remediation.
- Internal and External scans can be automated. schedule for the automated scans is very granular.
- Documentation is unorganized on their site. I couldn't find an Admin Guide.
- Locating any information on advanced configuration requires Google and third-party sites. I could not locate any answers, in any Tenable.io documentation.
- The license is based on assets. If you scan an IP Range in a different subnet than the internal scanner, all IPs will consume a license even though some IPs are unresponsive. IPs need to be manually defined.
- The automated reports could allow you to customize the reports. Some of the reports are bloated with unneeded details
- License renewal process could be a little more streamlined. The renewal price on the website (for your account), is incorrect. You have to use a reseller.
- Our customers are requiring monthly internal scans and yearly external scans. Getting both in one was very convenient.
- The time saved no longer having to manually check servers, switches, and firewall for vulnerabilities. The automated scans have allowed me more time to remediate the issues.
- Having a third party shows the vulnerabilities and severity, has been helpful with persuading management the necessity of updates and upgrades.
Rapid7 is actually very comparable to Tenable.io in terms of automated scans, automated reporting, internal and external scanners, and remediation of external scans. But for less than the cost of a Rapid7 solution that comes with internal scans only, I received more hosts monitored and 4 external scans a year with Tenable.io.