Tenable Vulnerability Management Reviews and Ratings
Rating: 9.3 out of 10
Score
9.3 out of 10
Community insights
TrustRadius Insights for Tenable Vulnerability Management are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
Plugin Accuracy and Coverage: Many users have praised Tenable.io for its exceptional plugin accuracy and coverage. Reviewers have consistently highlighted the effectiveness of the platform in detecting vulnerabilities, ensuring a thorough assessment of their systems.
Comprehensive Set of Features: Tenable.io offers a comprehensive set of features that can be customized to meet specific scanning requirements. Users appreciate the flexibility provided by the platform, allowing them to tailor vulnerability scans according to their unique needs.
Convenient Cloud Portal Integration: The ability to link and control an internal network scanner from the cloud portal has been widely appreciated by users. This feature allows for a consolidated view of scans and results, streamlining the vulnerability management process.
We use it to comply with essential 8 frameworks. We use it for vulnerability management across multiple clients. We also make use of the MSSP portal. Tenable allows us to reduce our attack surface level and helps to prioritize which vulnerabilities need to be actioned first.
Pros
Explain the vulnerability and provide link to how to resolve
Display of information
Filtering
Cons
Better email notification
auto remdiation
templated client facing reports
Likelihood to Recommend
We are very happy with the tool and we would recommend it to others. I have used other tools and they are not as good as tenable
VU
Verified User
Manager in Information Technology (11-50 employees)
My organization uses Tenable.io to regularly scan our network for potential vulnerabilities. This helps identify areas where our network might be vulnerable to attack, such as outdated software or misconfigured devices. Once identified, we can use Tenable.io remediation features to fix the vulnerabilities and reduce the risk of a security breach. We also use Tenable.io continuous network monitoring capabilities to monitor the network in real-time for suspicious activity. This helps identify and respond to potential threats as they emerge, allowing us to take action to prevent a security incident.
Pros
Wide range of capabilities that can be customized to fit each user's environment and needs
Provides high-quality data and insights into detected vulnerabilities
Great customer support
Cons
Can be difficult to maintain in environments with high asset turnover
Likelihood to Recommend
Tenable.io is well suited for a large environment where continuous network monitoring holds a high priority. It is also critical in finding vulnerabilities in the environment and taking corrective actions to fix them quickly. We are able to schedule scans on a rolling basis and fix these issues as they occur. It may be less ideal on a small network without the need for extensive security measures such as these.
We use Tenable to scan our public facing web and VPN infrastructure and e-commerce applications for software and configuration security vulnerabilities. While this is required for PCI compliance, we also have business partners and our Cyber Insurance provider who expect us to maintain a vulnerability management program.
Pros
The configuration options for vulnerability scans are very flexible, there are plenty of settings to get scans configured for just about any need.
There are also good options for reporting, from PCI compliance reports to executive summaries.
An internal network scanner can be linked to and controlled from the cloud portal for a consolidated view of scans and results.
Cons
Over the years, Tenable has changed their product names and features a bit too much and every year when I go to renew my licenses, I need to review the different packages and options to ensure I'm actually getting what I think I'm getting.
Depending on how you configure scans, sometimes there are an overwhelming number of options and some types of scans have too few... it can be confusing!
Likelihood to Recommend
I've been using this product since it began as an open source product, I really like it and for the money, I think it's probably the best choice for most companies who need a product like this. Over the years I've seen the interface change quite a bit and sometimes I think it's a bit unclear how to do certain things and the different packages can be confusing, these are the only reasons I'm giving it a 9 instead of a 10.
VU
Verified User
Director in Information Technology (201-500 employees)
We're using Tenable.io across all IT controlled infrastructure assets to find and patch vulnerabilities. It allows us to find outdated, unsupported and unpatched software no matter the OS or its location(cloud or on-premises.) Once found, it also generally has very easy to follow instructions on remediating the vulnerabilities found.
Pros
Scans using on-site and cloud scanners, giving you visibility from different angles.
The best in the business when it comes to plugin accuracy and coverage.
Cons
Expensive - You do pay a slight premium for the best product in the space.
Asset management is difficult to work with if you have a lot of asset turnover, the license can be ''held'' for 3-6 months after the asset is gone from your environment.
Likelihood to Recommend
Tenable.io works in almost any scenario imaginable. It can scan your cloud environments with pre-configured AWS/Azure scanners. It can give you an external view of your infrastructure, or scan internally. There are also agents you can deploy for assets on a network you don't have access to scan over. I imagine that per asset licensing would be prohibitive for extremely large environments when you could do a Nessus Professional or Security Center deployment instead, but I haven't researched those options much since we're at 800 assets total.
Tenable.io is just being used by a small part of the Information Technology department. It addresses the issue of being able to test out servers for vulnerabilities on a regular basis. This helps keep our technology secure and up to date since we utilize the product each week and get results each week.
Pros
Provides quick reliable vulnerability testing.
Publishes the reports in a clean format.
It has variety in the types of vulnerability scanning it does.
Cons
There doesn't seem to be a feature to replicate a previous scan with the same IP addresses as before. You have to manually enter them each time.
It would be nice to be able to see the DNS (such as hovering to see it) without having to click on the actual IP address under the specific vulnerability.
It would be nice to be able to sort the vulnerabilities found in different ways. There are some options available, but more would be a plus.
Likelihood to Recommend
The software is well suited for Information Technology departments that need a way to constantly check their servers and equipment for any and all vulnerabilities. This would be of huge importance to larger organizations with large networks and multiple servers. The software might be less suitable for a smaller organization with a more localized network or need, but that isn't necessarily a guarantee. I think it's appropriate for any Information Technology departments.
VU
Verified User
Administrator in Information Technology (1001-5000 employees)
Tenable.io addresses our requirements for vulnerability and web application scanning and is used across our web server and application platforms. We use it in both test and production environments to provide end to end visibility of vulnerabilities through our systems and keep up to date with the latest threats.
Pros
Tenable.io provides predictable and repeatable scanning
Tenable.io allows us to do PCI attestation scanning (Tenable.IO is an Approved Scanning Vendor)
Tenable.io provides a comprehensive set of features that can be configured in detail to customize scanning requirements
Cons
Configuration is not always intuitive, but the comprehensive training and documentation comes to the rescue.
The mix of classic and beta UIs currently is confusing and we find the classic UI is actually better.
Likelihood to Recommend
Excellent for standard vulnerability scanning, especially for AWS and with the web and PCI scanning, it provides a complete package.
Tenable.io is used in our environment to monitor 4 separate domains. We have an in house scanner to perform all internal scans at our datacenter (4 separate DMZs and Internal zones). The internal scanner also scans the infrastructure equipment at our remote sites across a VPN tunnel. Our license also comes with 4 external PCI scans a year, that come with remediation assistance from Tenable.io.
Pros
Setup of the internal scanner was fairly simple and straight forward.
An update came out for the internal scanner that allows you to add an Internal Certificate Authority for lookup.
Has automated reporting to keep executives and compliance departments informed.
Internal scanner can be configured to auto-update itself.
"Recast Rules" allows your organization to redefine a vulnerabilities' classification, if it is not applicable or your disagree.
External PCI scans allow you to remediate before submitting to Tenable.io for review.
Tenable.io staff was very patient and helpful. They provided some limited guidance with remediation.
Internal and External scans can be automated. schedule for the automated scans is very granular.
Cons
Documentation is unorganized on their site. I couldn't find an Admin Guide.
Locating any information on advanced configuration requires Google and third-party sites. I could not locate any answers, in any Tenable.io documentation.
The license is based on assets. If you scan an IP Range in a different subnet than the internal scanner, all IPs will consume a license even though some IPs are unresponsive. IPs need to be manually defined.
The automated reports could allow you to customize the reports. Some of the reports are bloated with unneeded details
License renewal process could be a little more streamlined. The renewal price on the website (for your account), is incorrect. You have to use a reseller.
Likelihood to Recommend
Tenable.io is a cost effective Internal and External scanner. The Internal scanner came with a .ova, so it was very simple and quick to deploy it into our ESXi environment. It has a cloud-based dashboard for management and the internal scanner is configured to auto-update from Tenable.io. The license came with 4 External PCI scans (with remediation) a year.
VU
Verified User
Administrator in Information Technology (201-500 employees)
