Looking for a vulnerability scanner for PCI compliance?
Updated December 15, 2021

Looking for a vulnerability scanner for PCI compliance?

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Tenable.io

We use Tenable to scan our public facing web and VPN infrastructure and e-commerce applications for software and configuration security vulnerabilities. While this is required for PCI compliance, we also have business partners and our Cyber Insurance provider who expect us to maintain a vulnerability management program.
  • The configuration options for vulnerability scans are very flexible, there are plenty of settings to get scans configured for just about any need.
  • There are also good options for reporting, from PCI compliance reports to executive summaries.
  • An internal network scanner can be linked to and controlled from the cloud portal for a consolidated view of scans and results.
  • Over the years, Tenable has changed their product names and features a bit too much and every year when I go to renew my licenses, I need to review the different packages and options to ensure I'm actually getting what I think I'm getting.
  • Depending on how you configure scans, sometimes there are an overwhelming number of options and some types of scans have too few... it can be confusing!
  • We need to maintain PCI compliance so we need a vulnerability scanner, from time to time I look at other options but keep coming back to Tenable.
  • Other than PCI compliance or other compliance requirements, any company which has a public facing internet infrastructure should be doing vulnerability scans on a regular basis so you can expose security issues before someone exploits them and you end up with a data breach!
  • Doing regular vulnerability scans gives us the ability to just pull the latest report summary at any given time and provide it to executive leadership or business partners looking for information about our IT security posture.
  • Since this is a requirement for our PCI compliance and the cost is relatively low, the ROI isn't really something we need to think too much about, Tenable's pricing is fair and affordable.
I think Tenable and Qualys have a lot of similarities, I continue to go back to Tenable because of my familiarity and comfort level with it. I've also used a company called SecurityMetrics which has vulnerability scanning included but it is not as comprehensive as Tenable.

Do you think Tenable.io delivers good value for the price?

Yes

Are you happy with Tenable.io's feature set?

Yes

Did Tenable.io live up to sales and marketing promises?

Yes

Did implementation of Tenable.io go as expected?

Yes

Would you buy Tenable.io again?

Yes

I've been using this product since it began as an open source product, I really like it and for the money, I think it's probably the best choice for most companies who need a product like this. Over the years I've seen the interface change quite a bit and sometimes I think it's a bit unclear how to do certain things and the different packages can be confusing, these are the only reasons I'm giving it a 9 instead of a 10.