Sold by: Tenable, Inc.Â
Deployed on AWS
Free Trial
Managed in the cloud and powered by Nessus technology, Tenable Vulnerability Management (formerly Tenable.io) is the go-to vulnerability management solution for securing AWS environments. It provides the industry's most comprehensive vulnerability coverage with the ability to predict which security issues to remediate first. As part of the free trial, you can also access Tenable Cloud Security and other components of the Tenable portfolio.
Overview
Tenable Vulnerability Management provides the most comprehensive vulnerability coverage in the industry, detection accuracy, and zero-day vulnerability disclosures with the ability to predict which security issues to remediate first. Tenable has built-in compliance profiles, reporting and remediations, and risk-based scoring you can use to prioritize the risk that poses the greatest threat to your business. Quickly detect and respond to security issues as new vulnerabilities are disclosed and as your AWS environment changes.
The Tenable portfolio includes pillars of an exposure management program - vulnerability management, cloud security, and more. To best support your hybrid environment, consider including Tenable Cloud Security, which provides unified vulnerability and cloud security posture management for hybrid environments. In addition, agentless assessment enables you to continuously discover and assess EC2 instances for vulnerabilities in AWS without ever having to configure a scan, manage credentials or install agents.
For Tenable Vulnerability Management orders greater than 250 assets or orders for other products, contact us for an AWS Private Offer at: aws-tackle@tenable.comÂ
Highlights
- See Everything - With coverage for more than 76K vulnerabilities and 186k plugins, Tenable has the industry's most extensive CVE and security configuration support to help you understand all of your vulnerabilities.
- Maximize ROI - Eliminate double or triple counting of assets that have multiple IP addresses with the industry's first asset-based elastic licensing model.
- Gain continuous visibility - Continuously assess the cloud as new assets are discovered or as new vulnerabilities are disclosed. No need to update plugin feeds.
Details
Sold by
Categories
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months | Cost savings % |
|---|---|---|---|
100 Assets | 100 Asset Bundle, 5 bundle maximum purchase | $3,500.00 | 0% |
Onboard Bundle | 100 assets + Quickstart (Use "50 Assets" for add'l seats) | $6,500.00 | 0% |
Deploy Bundle | 100 Assets + Training/Quickstart (Use "50 Assets" for add'l seats) | $8,500.00 | 0% |
SERV-NES-EXP-DOM | Nessus Expert Additional Domains & FQDNs | $760.00 | 0% |
Tenable SaaS Product | Tenable Product(s) as configured on the referenced Tenable Quote | $100,000,000.00 | 86% |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Tenable.io Activation: https://static.tenable.com/documentation/Tenable.io_Activation_Help.pdf Tenable.io Tenable.io Documentation: https://docs.tenable.com/TenableIO.htm Tenable Knowledge base: https://community.tenable.com/s/topiccatalog Tenable offers 24x7x365 support for its customers via chat, email, and phone. Customers can login to community.tenable.com with their Support account to create cases and chat with us, or call 1-855-267-7044 with their customer ID number. Documentation can be found at both our community portal and
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Tenable, Inc.
By BYNET
By Rapid7
Top
10
In Industrial IoT, Application Servers
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Vulnerability Detection Coverage
Comprehensive vulnerability scanning with support for over 76,000 vulnerabilities and 186,000 security plugins
Cloud Asset Assessment
Agentless continuous discovery and assessment of EC2 instances without requiring agent installation or credential management
Security Configuration Analysis
Built-in compliance profiles with risk-based scoring to prioritize security threats and vulnerabilities
Vulnerability Disclosure Tracking
Real-time detection and response capabilities for newly disclosed zero-day vulnerabilities
Hybrid Environment Support
Unified vulnerability management and cloud security posture management for diverse infrastructure environments
Vulnerability Scanning
Advanced scanning technology to identify security weaknesses across enterprise IT infrastructure
Multi-Scanner Integration
Gathers and evaluates vulnerability data from multiple distributed Nessus scanners
Analytics and Reporting
Utilizes advanced analytics with customizable dashboards and workflows for vulnerability assessment
Security Configuration
Implements Security-Enhanced Linux with pre-configured CIS Level 1 security standards
Continuous Monitoring
Provides ongoing system vulnerability detection and tracking of security trends over time
Vulnerability Detection
Comprehensive scanning across physical servers, virtual machines, containers, and remote endpoints with detection of over 150 types of misconfigurations
Cloud Integration
Direct API integrations with AWS, cloud providers, container repositories for real-time asset discovery and risk assessment
Risk Prioritization
Proprietary real-risk scoring mechanism to help teams identify and prioritize the most critical security threats
Automated Remediation
Automatic ticket creation in JIRA and ServiceNow, with custom code snippets for fixing AWS misconfigurations
Compliance Evaluation
Capability to assess compliance with industry frameworks and custom security policies through comprehensive reporting mechanisms
Standard contract
No
No
No
Customer reviews
4.5
2 ratings
2 AWS reviews
|
128 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
reviewer2721399
Vulnerability management streamlines decision-making and enhances security assessment
Reviewed on Jun 17, 2025
Review from a verified AWS customer
">
What is our primary use case?
My experience is with Tenable Vulnerability Management , specifically regarding vulnerability management.
My particular use case for Tenable Vulnerability Management is vulnerability management, benchmark scanning, and I'm somewhat familiar with their product line, utilizing the CIS benchmarks and DISA STIG benchmarks.
Tenable Vulnerability Management is the backbone of our vulnerability management and has affected my organization positively.
What is most valuable?
The best features of Tenable Vulnerability Management are flexibility, breadth and scope, and the fact that their current vulnerabilities come out, and they have tests for them within a day or two.
Operationally, Tenable Vulnerability Management finds issues that would otherwise be missed, but I don't have an ROI.
The impact of Tenable's analytic capabilities shows that our other programs are working in our prioritization process.
What needs improvement?
I don't think I have any additional features to add for improvement, as Tenable Vulnerability Management does a pretty good job of what it does.
My pain points would have been on the internal side of lining assets up to owners, and that's not something that Tenable Vulnerability Management can help me with.
I have no suggestions for where they could do better.
For how long have I used the solution?
I have one year of experience with Tenable Vulnerability Management.
What do I think about the stability of the solution?
Tenable Vulnerability Management is stable.
What do I think about the scalability of the solution?
Tenable Vulnerability Management's scalability is fantastic.
How are customer service and support?
I would evaluate Tenable Vulnerability Management's customer service and technical support as average.
I would rate them a seven on a scale from 1 to 10, with 10 being the best and 1 the worst.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have not personally used a different vulnerability management solution.
How was the initial setup?
The initial setup was pretty straightforward.
What about the implementation team?
I made it my own, and the initial setup was done by Address Block, which I tied to elements in the CMDBÂ .
What was our ROI?
I wasn't party to the comparison or purchasing, so I'm not completely sure.
What's my experience with pricing, setup cost, and licensing?
I am unaware of the pricing, setup costs, or licensing details for Tenable Vulnerability Management.
Which other solutions did I evaluate?
I don't know why we switched to Tenable Vulnerability Management for vulnerability management, but my assumption is that it is the first solution they tried and we've been happy with it since.
What other advice do I have?
I have used Tenable Vulnerability Management's reporting features to a lesser degree.
The metrics I track for decision-making include what systems need upgrading, what software needs replacing, and whether or not we can hold off on things, accept some risks, and get other risks resolved.
They have cloud scanners that are effectively point and click, and although I'm not sure if it's an extra licensing, we also have an on-prem scanner, which is a virtual appliance that I can download and put in place.
The data that we pull from Tenable Vulnerability Management is the data that we drive and use for decision-making, although we don't use that visibility extensively. I don't utilize the real-time visibility with Tenable Vulnerability Management.
On a scale of 1-10, I rate Tenable Vulnerability Management a 9.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Rishabh-Khanna
Limited coverage prompts search for better options while assessing system survivability
Reviewed on Jan 06, 2025
Review provided by PeerSpot
">
What is our primary use case?
We don't have a specific use case. My primary purpose for using Tenable is to conduct survivability tests, mainly to determine whether the system crashes, particularly when subjected to DOS attacks. I do not use it for more than that because, for other aspects, we have manual VAPT procedures in place.
What is most valuable?
Currently, I have only used Tenable for DOS attack-related purposes and thus, I am not fully acquainted with its other features. However, it provides survivability benefits. It helps me understand if the system is capable of withstanding certain levels of stress. Though it's not core technical security testing, it provides us with survivability insights.
What needs improvement?
I would suggest HP WebInspect as a better option than Tenable.io. My current client doesn't have access to it. However, from my experience, HPE WebInspect provides more extensive reports and detailed information about all findings. The count and type of findings are also more specific with HPE WebInspect. On the other hand, Tenable is not as deep or as comprehensive in covering vulnerability types. They could incorporate software composition analysis (SCA), which would be a beneficial addition. If they venture into the SaaS market, more thoughts can be shared. But currently, they are not.
For how long have I used the solution?
I have used the solution for around one and a half years.
What do I think about the stability of the solution?
The stability is commendable, and I would rate Tenable ten out of ten. I have no concerns.
How are customer service and support?
I do not have any contact with Tenable. I have been using it as a regular user.
How would you rate customer service and support?
Neutral
How was the initial setup?
The setup process is quite simple.
What about the implementation team?
It was set up by someone else, and I am not aware of who did it. I am just utilizing it.
Which other solutions did I evaluate?
I would recommend HP WebInspect, having used it for around two and a half years. It offers both cloud and standalone versions, both of which are fantastic. It is applicable for both legacy applications and the latest applications in the market. HP WebInspect features extensive libraries and recursive methods to traverse everything, which I find really impressive.
What other advice do I have?
I would rate it four out of ten. For startups, freelancers, or companies between startup and midsize, Tenable is recommended. However, for midsize or enterprise-level companies, I would not prefer it. We use it because the client suggested it. Otherwise, my preferences might differ. The type of application matters, too. For new applications, such as those based on Node.js, Tenable could be a good option. However, for legacy technologies with complex databases, newer systems like Tenable are not recommended. If the budget allows, HP WebInspect is preferable. Budget considerations are as important as choosing the right technology. If limited by budget, Tenable is a viable option for new, growing companies, but not for enterprises. Overall, I rate the solution four out of ten.
Mani Bommisetty
Streamlines vulnerability management with excellent reporting and potential AI integration
Reviewed on Dec 17, 2024
Review provided by PeerSpot
">
What is our primary use case?
I use Tenable Vulnerability Management to scan the network, including servers and endpoints, to identify risks in our environment and provide mitigation and solutions. I also use it to assess our security posture through asset discovery and risk identification.
What is most valuable?
Tenable is user-friendly and excels in reporting. It allows me to easily fetch and schedule reports. The software's discovery feature aids in strengthening our security posture. The single-sensor installation process on various operating systems is smooth, unlike Rapid7, which requires different versions for separate systems. Furthermore, Tenable enables vulnerability management through potential AI integration that consolidates efforts and resolves multiple vulnerabilities simultaneously.
What needs improvement?
AI integration for reporting in Tenable would be beneficial. The response time of Tenable's customer support needs improvement. They should also accelerate the process of implementing new features upon request.
For how long have I used the solution?
I have used Tenable Vulnerability Management for almost six to eight years.
What do I think about the stability of the solution?
I have faced no stability issues with Tenable. In comparison, Rapid7 encountered challenges with data transfer to the cloud, requiring us to compress packets to manage network hiccups.
What do I think about the scalability of the solution?
Both Tenable and Rapid7 are cloud-based solutions, which ensures excellent scalability. They can seamlessly scale the number of endpoints from 100 to 1,000,000 in a day.
How are customer service and support?
Technical support from Tenable is rated six out of ten. It needs improvement in response time and addressing feature requests promptly. Other services like Rapid7 are more responsive.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I used Rapid7, which is less expensive than Tenable. My preference now aligns with Tenable due to its superior user-friendliness and reporting capabilities, although some issues persist with installation complexity in various environments.
How was the initial setup?
The setup experience for Tenable Vulnerability Management is rated nine out of ten, indicating that it is relatively easy.
What about the implementation team?
Implementation involves coordination with internal network teams due to environmental complexities.
What's my experience with pricing, setup cost, and licensing?
Tenable is costly, priced significantly higher than Rapid7. For instance, Tenable charges around $40 per device, while Rapid7 costs $10 to $15 per device.
Which other solutions did I evaluate?
I evaluated Rapid7 alongside Tenable. Although Tenable has a higher cost, its user-friendly interface and robust reporting made it a preferred choice.
What other advice do I have?
I recommend Tenable Vulnerability Management for its comprehensive security capabilities and effective risk identification. However, potential users should be prepared for the higher expense compared to alternatives like Rapid7.Â
My rating is eight out of ten, mainly due to the support aspect needing improvement.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Filipe O.
Incomparable with any other vulnerability management tool
Reviewed on Dec 16, 2024
Review provided by G2
What do you like best about the product?
Tenable Vulnerability Management not only identifies issues, but also helps teams prioritize the most critical vulnerabilities, optimizing time and resources while strengthening the organization's security posture.
What do you dislike about the product?
Tenable Vulnerability Management is a robust solution, but the cost, dependency on connectivity, and challenges in larger networks can be points to consider before adoption, especially for smaller organizations or those with limited resources.
What problems is the product solving and how is that benefiting you?
Tenable Vulnerability Management offers me a proactive approach to identify, prioritize, and manage vulnerabilities, optimizing security and ensuring that threats are addressed before causing problems.
Financial Services
Good vulnerability management
Reviewed on Oct 31, 2024
Review provided by G2
What do you like best about the product?
Fast plugin updates for detecting new vulnerabilities in the environment. You can scan devices through an agent, with credentials or without. Useful for printers, and network equipment to see your full exposure.
What do you dislike about the product?
At times agents fail their agent update, lose their connection, then dropped from the system. Some times the remediation information is lacking leaving you unsure how to correct non-standard vulnerabilities.
Support has not been good from our account manager to those higher up. I had issues with our VAR not receiving the renewal notification and services were shut off. It took them nearly 3 weeks to figure out their backend to restore services.
Support has not been good from our account manager to those higher up. I had issues with our VAR not receiving the renewal notification and services were shut off. It took them nearly 3 weeks to figure out their backend to restore services.
What problems is the product solving and how is that benefiting you?
Tenable Vulnerability Management provides a complete platform to identify vulnerabilities with guidance on remediation. Reporting is highly customizable to receive the data you are looking for at a scheduled frequency.