Looking for a vulnerability scanner for PCI compliance?
Updated December 15, 2021
Looking for a vulnerability scanner for PCI compliance?
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Tenable.io
We use Tenable to scan our public facing web and VPN infrastructure and e-commerce applications for software and configuration security vulnerabilities. While this is required for PCI compliance, we also have business partners and our Cyber Insurance provider who expect us to maintain a vulnerability management program.
- The configuration options for vulnerability scans are very flexible, there are plenty of settings to get scans configured for just about any need.
- There are also good options for reporting, from PCI compliance reports to executive summaries.
- An internal network scanner can be linked to and controlled from the cloud portal for a consolidated view of scans and results.
- Over the years, Tenable has changed their product names and features a bit too much and every year when I go to renew my licenses, I need to review the different packages and options to ensure I'm actually getting what I think I'm getting.
- Depending on how you configure scans, sometimes there are an overwhelming number of options and some types of scans have too few... it can be confusing!
- We need to maintain PCI compliance so we need a vulnerability scanner, from time to time I look at other options but keep coming back to Tenable.
- Other than PCI compliance or other compliance requirements, any company which has a public facing internet infrastructure should be doing vulnerability scans on a regular basis so you can expose security issues before someone exploits them and you end up with a data breach!
- Doing regular vulnerability scans gives us the ability to just pull the latest report summary at any given time and provide it to executive leadership or business partners looking for information about our IT security posture.
- Since this is a requirement for our PCI compliance and the cost is relatively low, the ROI isn't really something we need to think too much about, Tenable's pricing is fair and affordable.
- Qualys Cloud Platform (formerly Qualysguard)
I think Tenable and Qualys have a lot of similarities, I continue to go back to Tenable because of my familiarity and comfort level with it. I've also used a company called SecurityMetrics which has vulnerability scanning included but it is not as comprehensive as Tenable.
Do you think Tenable Vulnerability Management delivers good value for the price?
Yes
Are you happy with Tenable Vulnerability Management's feature set?
Yes
Did Tenable Vulnerability Management live up to sales and marketing promises?
Yes
Did implementation of Tenable Vulnerability Management go as expected?
Yes
Would you buy Tenable Vulnerability Management again?
Yes