Quarterly automated scans have strengthened our global security posture and guided faster remediation
What is our primary use case?
I think we use Tenable Vulnerability Management primarily for our internal use. We are not a reseller; we are a customer.
We have a set of IPs across the globe, and we conduct this scan once a quarter of all the IPs combined. This scanner has updated information with respect to vulnerabilities that exist in the open. We perform vulnerability scans of all the IPs in order to ensure that no vulnerability exists in our environment, infrastructure, or network. We run vulnerability scans which are automated in nature and scheduled over the weekend to make sure that all the IPs are up to date. Once in a quarter, all IPs are scanned and a vulnerability report is generated. This report tells us whether there are low, medium, or high critical vulnerabilities that exist. We have a remediation plan for the high, medium, and low vulnerabilities in terms of the amount of time that we should be taking in order to patch these vulnerabilities. This tool keeps our information security posture high. We also carry out aging analysis because there are some vulnerabilities that cannot be patched due to dependencies. We actively carry out aging analysis in order to see if there are some vulnerabilities that are still in the system for more than one month or two months, and what the reason is. We actively work with all of the business teams and the IT setup within our system is quite regimented in order to run the scans once in a quarter for all the IPs.
What is most valuable?
I think their automated vulnerability scan and the scanning engine of Tenable Vulnerability Management are valuable. There are agents that you can deploy, and you can run the scans on those IPs on an automated basis. The automated scanning feature is probably the most important. They also have a good remediation workflow which can be integrated with your own internal workflow. You can do automated tracking of closure of the vulnerabilities. The ease of use, the automated scanning facility, and their good support mechanism are all valuable. If you were to get stuck somewhere, they can readily make their customer service or technical teams available to take care of our needs. Automated vulnerability scanning is the feature which makes life a little easier.
What needs improvement?
I don't think that there is any very specific area where enhancements need to happen in Tenable Vulnerability Management's feature sets. The only area which possibly is not a part of the feature, but Tenable can look at, is to make their pricing more competitive.
For how long have I used the solution?
I have been using Tenable Vulnerability Management for more than five years.
What do I think about the stability of the solution?
I would give Tenable Vulnerability Management a nine out of ten for stability because the downtime has been next to minimal. We have not faced any kind of outages in terms of services. Reliability is absolutely high.
How would you rate stability?
What do I think about the scalability of the solution?
I think the scalability level of Tenable Vulnerability Management is fairly good. I don't think we have really found that wanting. I would give that an eight out of ten. We have not faced any problems so far.
With the growing needs of our company, Tenable Vulnerability Management is able to safely adapt.
How would you rate scalability?
How are customer service and support?
We had used Tenable's expert support services in order to make sure that we run Tenable Vulnerability Management on a continuous basis and are able to utilize their services. At the time of the implementation, we had taken the help of Tenable's expert support to be able to help us use this feature at the outset.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We have used QualysGuard before using Tenable Vulnerability Management.
We decided to switch from QualysGuard to something else because these were two different companies. This was the previous company where I had exposure to QualysGuard. We have never made any change from Tenable in the current company.
How was the initial setup?
When I started working at my current company, Tenable Vulnerability Management was already there.
What about the implementation team?
I was involved in the decision, but we have chosen Tenable and we continue using Tenable Vulnerability Management in the current company. I was a part of the purchase process.
What's my experience with pricing, setup cost, and licensing?
I would not say very expensive for Tenable Vulnerability Management; it is not prohibitive, but at the same time, there are some other tools in the marketplace which are offering the same kind of services that Tenable offers, the same kind of features that Tenable has offered at a lesser cost.
What other advice do I have?
I use Tenable Vulnerability Management, and that is the tool that I have primary experience with.
Apart from zero-day vulnerability, which obviously none of the tools would know about, I think the scanning engine of Nessus, part of Tenable Vulnerability Management, is quite up-to-date. It provides details on how the remediation should take place and provides detailed steps on how the remediation can be undertaken, which is quite helpful for the various application teams in order to understand. Their platform is something which is quite up-to-date. It appears that in the back-end they have the right set of threat intelligence feeds that come in from all different sources. I would assume that their AI engine and also their database is quite updated. From the perspective of being up to date, we feel very comfortable because we do rely on and trust their AI engine which their scanning facility is powered with.
The importance of real-time risk prioritization for our organization's security strategy is very high. These are the times where you cannot really go loose at all. Remediation becomes prioritized for all organizations. It is extremely important that at least the highly critical vulnerabilities are patched within 24 to 48 hours because they are high targets and valuable targets for adversaries. Therefore, risk prioritization is probably extremely important for organizations to keep these in the highest priority of any activity.
We have not yet integrated Tenable Vulnerability Management as much. We are using Tenable on a standalone basis. We have not yet done an integration with any GRC tool or any other tool. As of now, we are using Tenable as an independent tool.
Tenable Vulnerability Management is deployed on-cloud in our organization, and we are using Amazon Web Services as our cloud provider.
I would give Tenable Vulnerability Management a nine out of ten rating. This is not a matter of concern because, apart from the costing part, which was pretty much okay when we signed up, over a period of time they have been increasing their license fee. That is the only point which I believe that they could possibly look at working upon. Otherwise, it is a nine out of ten for sure. My overall review rating for Tenable Vulnerability Management is eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Great Scanning Capabilities, But User Account Setup Is Frustrating
What do you like best about the product?
I like the ability to scan internal and external resources as well as web applications. The app has great filtering capabilities as well as tagging, allowing you to compartmentalize sites and services into containers that you can scan and report on separately.
What do you dislike about the product?
It's annoying to create user accounts where they do not share the same domain as you. We take care of a lot of different sites and want to allow users to login to view their vulnerabilities but this limitation makes it difficult. I have to put in a ticket every time I want to add a new user's domain. The cost of web application scanning is much higher than normal licensing.
What problems is the product solving and how is that benefiting you?
Tenable vulnerability management allows us to scan internal and external assets every day/week/month on demand or on schedule. The findings and vulnerabilities are stored for months and allows you to see the history of vulnerability for a particular asset, which is very helpful. It helps prioritize remediation effort by using the AES scoring matrix to determine where to put your time.
Outstanding TVM Features and Support, Needs Better Asset Licensing Controls
What do you like best about the product?
SentinelOne’s Threat and Vulnerability Management (TVM) product is a strong solution with a rich set of features and excellent overall performance. The platform provides deep visibility, clear remediation guidance, and a very user-friendly interface that makes it easy to prioritize and act on vulnerabilities.
Support from SentinelOne has also been outstanding — responsive, knowledgeable, and proactive in addressing questions or issues.
Also, deployment is a snap.
What do you dislike about the product?
The only drawback I've encountered is around asset licensing management. It would be helpful to have more granular controls for excluding non-relevant or "ghost" assets, such as IoT or VOIP devices, from consuming licenses. Enhancing this capability would make an already excellent product even better.
I'd also like to see better reporting around the management of vulnerabilities over 90-plus days old in the environment and agents.
What problems is the product solving and how is that benefiting you?
It addresses my Visibility Gap and threat graph, allowing me to understand better where my risks are and prioritize them in an automated way that is easy for my stakeholders to understand and act on.
Absolutely Love This Software!
What do you like best about the product?
The best feature of Tenable Vulnerability Management is the Vulnerability Priority Rating (VPR). Unlike standard CVSS scores, VPR uses threat intelligence to accurately predict which vulnerabilities are most likely to be exploited in the real world. This powerful risk-based prioritization allows security teams to efficiently focus remediation efforts on the few issues that truly matter
What do you dislike about the product?
The platform can be quite expensive, and the licensing model (often based on the number of assets or resources scanned) can feel prohibitive or complex to manage for organizations with tight budgets or rapidly changing infrastructure.
What problems is the product solving and how is that benefiting you?
PCI DSS compliance and risk based vulnerability prioritization
Tenable the Gold Standard
What do you like best about the product?
Incredible robust, informative and easy to understand reports. Versatile in the best ways.
What do you dislike about the product?
Sometimes it is a bit complex, especially when refining reports.
What problems is the product solving and how is that benefiting you?
Information Security Program
Have maintained accurate vulnerability scans and gained actionable remediation insights across thousands of servers
What is our primary use case?
We usually use
Tenable Vulnerability Management for vulnerability scannings, and we get the reports from Tenable to resolve any vulnerability. We have about 2,000 plus servers where we have installed the agent on those servers to check and scan the vulnerabilities. That is the main key aspect of what we use
Tenable Vulnerability Management for.
Regarding the continuous monitoring feature of Tenable Vulnerability Management, it is not exactly continuous monitoring we get from Tenable. It is used only on the market, where we scan it. We have a scheduled scan for all the servers, so we are not using it for any monitoring at present.
Tenable's advanced analytics and reporting features give very detailed reports where we get most of the information about vulnerabilities. That is one plus point. For example, with 2,000 servers, when we want to calculate the percentage of vulnerabilities that have appeared, it gives us very useful insights. While analyzing, it is one of the greatest tools because the results it produces as outputs scan the networks and each device in an organization.
We have purchased Tenable Vulnerability Management via AWS Marketplace.
What is most valuable?
Tenable Vulnerability Management agents are very lightweight, and the results we get are very accurate. The solutions they provide to us, assuming if one vulnerability exists, there will be a solution. The resolution they give us in wording will be the best solution. The exploit rates and the reports we get provide a lot of information, making it very easy for us to verify.
The main benefit of integration with Tenable Vulnerability Management is that there will be no lack of missing vulnerabilities when it comes to the patching environment. That is one of the key aspects of why we have integrated Tenable to our patching tools. It has a vast capacity of pushing the data to our tools due to its capability and compatibility. That is also one of the reasons why we are using Tenable Vulnerability Management.
What needs improvement?
Tenable Vulnerability Management is not very effective for real-time risk prioritization for our organization's security strategy. It is only used for scheduled tasks, not for real-time execution.
While the agents are very lightweight, when it comes to real-time analysis, there will be significant lagging on the servers and too much traffic on the network. When any server detects vulnerability while scanning, the reports take time to analyze by itself. That is one of the drawbacks of Tenable Vulnerability Management.
For how long have I used the solution?
We have been using Tenable Vulnerability Management for the past eight years.
What do I think about the stability of the solution?
The stability of Tenable Vulnerability Management is highly reliable. Having used Tenable for the past seven to eight years, I have never experienced any glitches or bugs affecting our environment. I can guarantee it is highly stable.
What do I think about the scalability of the solution?
Tenable Vulnerability Management is highly scalable. Mid and larger enterprises can definitely move on to Tenable Vulnerability Management.
Scalability is very important for us because of the lightweight agents. That is the main key feature where for installing, they have many options for scaling to multiple servers. If we need to install it on 500 machines tomorrow, we can push it in different ways. It is highly scalable and very user-friendly when it comes to scalability.
How are customer service and support?
Communication with Tenable Vulnerability Management support occurs on average two to three times monthly because our environment is very small.
The technical support of Tenable Vulnerability Management is available 24/7, and whenever we require support, we can get it within five minutes. Regarding technicality, they deserve a nine out of ten. They are highly technical people. I have communicated with more than 20 to 25 technical engineers. They take every question seriously and help us resolve issues. They have a very strong technical team to support customers.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Before Tenable Vulnerability Management, we used Qualys initially. We moved to Tenable due to pricing considerations. The customer requirement was to reduce the cost. When compared to Qualys, it was much more cost-effective.
How was the initial setup?
I did not participate in the initial setup of Tenable Vulnerability Management as it was already set up and ready to work on.
What about the implementation team?
We have SCCM integrated with Tenable Vulnerability Management to patch the servers, and it has also been integrated with
BigFix where we scan the results from Tenable and push the data to these tools. For endpoints, we use SCCM, and for servers, we use
BigFix. It has been integrated into these two particular patching tools where it analyzes and pushes the patches.
What was our ROI?
For evaluating the effectiveness of Tenable Vulnerability Management in our IT environment, we have our own ratings with integrated multiple metrics that automatically calculate. It has been integrated into our
ServiceNow. Based on that, all the overall metrics are automatically calculated based on AI and ML technology, where we get complete reports.
Which other solutions did I evaluate?
We have not validated other options before choosing Tenable Vulnerability Management. We have already worked with multiple tools, and the customer was very interested in Tenable Vulnerability Management specifically.
What other advice do I have?
We use Tenable Vulnerability Management and are currently using its latest version.
I rate Tenable Vulnerability Management nine out of ten based on my experience. This rating is due to its stability and high scalability. The best part is the solutions they provide for any vulnerability.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Great interface and plugins w/ only minor issues
What do you like best about the product?
The easy to use interface makes exploring known and discovered vulnerabilities fairly painless. The fact that the solution to exploits is listed right next to the vulnerability overview, it makes remediation a lot easier.
The number of plugins covers a wide variety of systems and possible exploits.
SAML / SCIM integration is another plus and was fairly easy to setup.
Implementation of scanning via its Nessus agents was a breeze.
What do you dislike about the product?
The plugin manager could use some work. There are often several plugins that do the same thing or just plugins that do not provide the functionality that they claim.
Additionally, some of the exploits that are not exploitable and can cause false positives. For example if I have a HTTPS exploit on a version of a router / switches firmware, but HTTPS management is turned off and only SSH management is used, then that exploit does not need to be listed as high.
What problems is the product solving and how is that benefiting you?
Provides vulnerability insights for servers and user endpoints with a fairly lightweight agent.
The ability to do very targeted scans of specific vulnerabilities throughout an organizaiton or on just one specific machine is very helpful.
