Tenable.io may seem pricey, but it is definitely worth the money
June 04, 2019
Tenable.io may seem pricey, but it is definitely worth the money
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Tenable.io
Tenable.io is used in our environment to monitor 4 separate domains. We have an in house scanner to perform all internal scans at our datacenter (4 separate DMZs and Internal zones). The internal scanner also scans the infrastructure equipment at our remote sites across a VPN tunnel. Our license also comes with 4 external PCI scans a year, that come with remediation assistance from Tenable.io.
- Setup of the internal scanner was fairly simple and straight forward.
- An update came out for the internal scanner that allows you to add an Internal Certificate Authority for lookup.
- Has automated reporting to keep executives and compliance departments informed.
- Internal scanner can be configured to auto-update itself.
- "Recast Rules" allows your organization to redefine a vulnerabilities' classification, if it is not applicable or your disagree.
- External PCI scans allow you to remediate before submitting to Tenable.io for review.
- Tenable.io staff was very patient and helpful. They provided some limited guidance with remediation.
- Internal and External scans can be automated. schedule for the automated scans is very granular.
- Documentation is unorganized on their site. I couldn't find an Admin Guide.
- Locating any information on advanced configuration requires Google and third-party sites. I could not locate any answers, in any Tenable.io documentation.
- The license is based on assets. If you scan an IP Range in a different subnet than the internal scanner, all IPs will consume a license even though some IPs are unresponsive. IPs need to be manually defined.
- The automated reports could allow you to customize the reports. Some of the reports are bloated with unneeded details
- License renewal process could be a little more streamlined. The renewal price on the website (for your account), is incorrect. You have to use a reseller.
- Our customers are requiring monthly internal scans and yearly external scans. Getting both in one was very convenient.
- The time saved no longer having to manually check servers, switches, and firewall for vulnerabilities. The automated scans have allowed me more time to remediate the issues.
- Having a third party shows the vulnerabilities and severity, has been helpful with persuading management the necessity of updates and upgrades.
Rapid7 is actually very comparable to Tenable.io in terms of automated scans, automated reporting, internal and external scanners, and remediation of external scans. But for less than the cost of a Rapid7 solution that comes with internal scans only, I received more hosts monitored and 4 external scans a year with Tenable.io.