Tenable Cloud Security [Private Offer Only]

We had other solutions that we used. One solution was that we did not have something exactly similar to what Element is doing. For example, we were using Bitsight , Evelin, and also Tenable Cloud Security . However, those products are different. Element was exactly the product we needed to cover close to real-time external surface monitoring. We also used Microsoft Defender for Endpoint , but the Defender product requires substantial manual labor. We were interested in having a tool that would not require too much manual labor and would be more proactive.

The Element team is easy to discuss with. They created modules for integrations, such as with DNS. They collect records automatically and add assets to the platform, which is very useful because we do not have to check each day for new records or remove old ones. Their integration with Azure  and AWS  makes it great for us. It streamlines the process and gives us assurance that all new assets will be automatically added to the platform.

I am not entirely sure about monitoring cloud applications as I have not used it extensively for that purpose. That is why we implemented Element and have other tools, as we are not using it exactly for that scope.

Element is precisely what we needed for close to real-time external surface monitoring. The automatic integration capabilities, particularly with DNS, Azure , and AWS , are extremely valuable. The platform automatically collects records and adds assets, eliminating the need for daily manual checking and updating.

The streamlined process ensures that all new assets are automatically added to the platform, reducing manual labor and making the system more proactive. The ease of communication with the Element team and their responsiveness to integration needs has been particularly beneficial.

Making the system smarter would be beneficial. Adding modules for integration with AWS and Azure would be helpful. Adding capabilities for the scanner to automatically pick up changes and add assets automatically would be valuable.

When discussing a big company, it is mandatory to have tools that will assist us rather than waiting for manual input to add hosts. Adding assets manually is prone to mistakes. Humans might forget to add an asset or make errors when adding multiple assets.

Taking the human element out of the context and making it more streamlined is the future for security. The human should be involved where expertise is needed, such as analysis and decision-making. Currently, with resource constraints, we need tools to collect and aggregate data, eliminate false positives as much as possible, and present relevant information to employees for action.

I first tested the product in November last year, and we implemented it starting in February.

I would rate it as 10 for experience. As with any other solution in the market, they may have small bugs or false positives. However, whenever I encountered an issue, I sent an email to them and they managed to fix it. They investigated and provided full details for further investigation. In situations where there was a platform issue, they fixed it immediately and provided a complete explanation for the occurrence.

Working with Element is straightforward and efficient. For comparison, while working with Bitsight  is not difficult, it takes considerably longer. Bitsight is a larger company, and while they will provide the answers needed, the process is more time-consuming. With Bitsight, requesting integrations or new features involves submission and approval processes with uncertain timelines.

With Element, if you need a feature, you can discuss it with them, and if implementation is possible, you will have that feature within a month or two, depending on complexity. Simple integrations, such as DNS integration, can be completed in approximately a week.

Positive

Tenable Cloud Security  is a mature and trustworthy product. I have been using it since it was available on laptops approximately 10 years ago or more. I initially used it for penetration testing, though currently I perform more manual penetration testing and use the scanner primarily to validate subnets or findings.

I started with Nessus installed on my computer, then moved to server deployment, and finally  to Tenable Cloud Security. We still maintain Tenable Cloud Security but have reduced the number of licenses. We now use it occasionally to validate specific items rather than monitoring the entire surface, for which we use Element.

Tenable Cloud Security offers various features including discovery, web scanning, and primarily vulnerability scanning. It increases awareness of system vulnerabilities. In today's environment, information comes from multiple sources including Defender, Nessus, and various other tools within an organization. Using multiple tools is necessary to cover as much of the attack surface as possible, both internal and external.

My review rating for the solution is 10 out of 10.

My main use case for Tenable Cloud Security  is managing our security compliance and security posture.

I use Tenable Cloud Security  for managing compliance and security posture, and we rely on the compliance reports and findings of our cloud configuration.

I don't have anything else to add about my use case or how I use Tenable Cloud Security day-to-day.

The best features Tenable Cloud Security offers in my experience are automatic scanning, frequent scanning, and automatic finding, which I find valuable.

Tenable Cloud Security has positively impacted my organization with risk reduction and compliance.

We weren't previously measuring compliance, so that's completely new to our organization regarding risk reduction and compliance improvements.

I think Tenable Cloud Security could be improved with more clear licensing.

What I would like to see improved with licensing is how they're used in the product.

The calculations of what is considered a license between virtual machines, containers, Kubernetes  clusters, and similar components should be made more clear.

I will add more about the needed improvements.

I have been using Tenable Cloud Security for about a year and a half.

In my experience, Tenable Cloud Security is not very stable. There are no downtime, no outages, and a few support tickets, but nothing out of the ordinary.

Customer support for Tenable Cloud Security is recommended, with no problems and very responsive.

Positive

We haven't had a tool like Tenable Cloud Security in our organization in the past.

We don't have metrics for a return on investment from using Tenable Cloud Security because this was a new product, a new deployment.

I wasn't involved with the pricing, setup cost and licensing for Tenable Cloud Security.

I wasn't involved in evaluating other options before choosing Tenable Cloud Security.

My advice to others looking into using Tenable Cloud Security is to go in with expectations around how to manage findings and criticalities and how to manage exceptions. Have an exception process at the ready.

I don't have any additional thoughts about Tenable Cloud Security before we wrap up.

On a scale of one to ten, I rate Tenable Cloud Security an eight.

They are looking to promote a deeper security strategy with Tenable Cloud Security . Companies are migrating from on-premise to clouds and they must ensure their applications in the cloud will be more safe and secure.

Healthcare is most likely the kind of clients we see migrating to Tenable Cloud Security .

From what I know, though I'm not an expert technically speaking, perhaps the best functionalities are related to promoting a deeper analysis of the environment where applications are running in terms of creating a double armor of security to block threats that may come in the cloud with Tenable Cloud Security.

Companies are looking for cloud security, specifically Tenable Cloud Security, because they know it's a reliable company with long-term presence in the market, and they trust Tenable for their product strategy and support. This is the main reason.

I really don't know to tell the truth because we sell many solutions and don't sell exclusively Tenable, so I'm not in a condition to give a precise definition of what could be improved. My perception is this: when customer A needs Tenable Cloud Security, we introduce and demonstrate it. They POC, they appreciate it. The solution serves in such use cases ABC.

I am very pragmatic and straightforward - as long as they use or want the solution, I am interested. If they don't, my question is what are the main objections? They may discuss pricing, or they may say they thought the solution had certain technical capabilities that they could not find.

It's just recently that these customers asked us to introduce Cloud Security, so I'm still in the process of getting to know this solution in more detail.

Depending on the size of the project, it takes perhaps 15 days or a week or something similar.

We have a technical person that helps with the setup or the implementation, and either the distributor or the vendor always assists us.

We resell Tenable and other cybersecurity companies in Brazil.

Companies are migrating from on-premise to clouds and they must ensure their applications in the cloud will be more safe and secure.

Customers will be more secure in terms of knowing that their applications are running in a safe environment protected by Tenable Cloud Security, so they can promote and extend the migration process to either GCP, AWS , or Azure .

The analytical and reporting capabilities are pretty straightforward and show every transaction and major attempt to attack the application in the cloud. These analytical tools are very complete.

This solution can help organizations adhere to and comply with regulatory requirements such as HIPAA.

On a scale of 1-10, I rate this solution an 8.