Right now, I use Tenable as CNAPP, and it is good for the product as it offers enhanced security to users. We did use the tool on the cloud. I am not sure if some models, like CIEM, are available as a feature for users. When it comes to a module in CNAPP, I think it is fairly good for using and monitoring on the cloud while also being easy to deploy.

I am not sure how the tool is used in my company because I got transferred to another team that is involved only in monitoring. I use the reporting part on CNAPP. I only use the tool for customized reports. The tool had a fairly easy way to get customized reports.

Another team uses the tool. Tenable acquired Ermetic. I think Tenable has features, stays up to date, and upgrades every few months. I am not sure of the tool's use case, as another team uses it. I think another team in my company wants to use the tool for use cases associated with patching and testing. For use cases, Tenable needs to offer a patch-based solution since it is an area where the tool lacks a bit.

I have experience with Tenable Cloud Security.

There are no stability or bug-related issues in the tool.

The product's deployment phase is easy.

The tool is cost-effective.

The tool's price is good compared to other brands. The tool's subscription is for a year.

The tool can be used in the area of vulnerability management to improve our company's security.

I saw some impacts on our finances, especially on the banking side. In our company, we forecast the point for maturity and performance through assessments and security vulnerabilities in the cloud. Before I bought Tenable, I compared it with another band. The tool has been a really good point for the price.

One of the teams in my company would like to use the tool and integrate it with other products used for patching and vulnerability assessment tools.

The tool is a good product that is flexible and on the cloud.

I rate the tool an eight out of ten.

The most popular use cases include vulnerability detection, cloud security posture management, software composition analysis (comparing code), and supporting cloud-native application protection in runtime environments.

Tenable Cloud Security excels in vulnerability detection, one of its strongest features. Another valuable feature is software composition analysis, which highlights and automates the detection of security flaws. Additionally, their knowledge base is excellent; if anything goes wrong, they provide clear guidance on what needs to be done to address specific vulnerabilities.

The asset management is also really good, with effective discovery and categorization of assets. The DevOps integration is also strong, supporting Shift-Left Security practices with integration into pipeline tools.

Due to its robust nature, the platform's adoption can be overwhelming initially. However, once organizations start using it, they tend to get used to it. I haven't had much direct interaction with the support team, but some partners have reported a desire for better support for the product.

Another area needing improvement is the implementation complexity, especially in multi-cloud environments. Tenable Cloud Security's features mean there's a steep learning curve, which can consume significant time and resources to utilize the platform's potential and fully see immediate benefits. It's similar to AI in that you must spend time fine-tuning and training before it truly helps.

I have been working with the product for three years. 

The solution is stable. 

I rate the solution's scalability a ten out of ten. Managing many assets (e.g., 500 or 5,000+) can become overwhelming in a multi-cloud environment. However, for smaller environments with fewer than 5,000 assets, it should be pretty straightforward and manageable.

My partners complain that support is not consistent and replies come late. It is small company and to offer worldwide support will be a challenge. 

The solution's integration and configuration can be overwhelming. If you have a simple environment, I'd rate Tenable Cloud Security's deployment ease very close to ten out of ten. It's easy to deploy, run the first discovery, and manage the assets. Its strength lies in covering the environment thoroughly, discovering assets, and categorizing them.

I rate the overall solution a ten out of ten. I think it's the best on the market right now. Other solutions, like Trend Micro, provide incident response across multiple security layers. However, Tenable Cloud Security is not primarily a threat protection tool. Even though it deploys malware detection and removal in the code, it is not like real-time incident response such as Trend Micro.

Tenable Cloud Security is used for scanning purposes, including vulnerabilities and remediation. The graphs provided by the solution are unsatisfactory and frequent updates are needed.

For instance, suppose you have a specific kernel version of 4.5, and you updated it to version 5.0; the solution still suggests that the older version needs to be fetched and even, in some instances, suggests upgrading to version 5.1.

Once the solution implements scans, the records are saved, and a bit of fine-tuning is required for remediation, I have to check manually in a few cases to decrease the number for a few metrics. Sometimes I need to contact the support team to fix bugs. 

Scanning and reporting are the most valuable features of Tenable Cloud Security. 

I have faced several bug incidents with the solution. Tenable Cloud Security's operational speed also needs to be improved. For instance, I have ten servers that got patched, and only this set of servers is required due to an incident. If I need to run a script on only those aforementioned ten servers and generate a report, it will be highly time-consuming with Tenable Cloud Security.

Even if I need a single ad hoc command, the solutions process a whole script for all Linux servers, which takes massive time. Often, our company's management team inquires about a two-day ticket as a live update report couldn't be obtained from Tenable Cloud Security.

The product should include ad hoc command implementation and live update-providing features rather than waiting for the scheduled script to run at a specific time each week. The solution's admins don't receive updates within a day; they're obtained when the script runs, and a huge number of servers cannot be run daily. Every server has an off-peak time, and the dependable needs to work out and retrieve the performance graphs.  

I have been using Tenable Cloud Security for a year. 

I would rate the stability a seven out of ten. 

I would rate the scalability a six out of ten. In our company, there are multiple nodes being used with the solution. Tenable Cloud Security should be able to pick up the correct node irrespective of the server's location.

For instance, if I pick the wrong node in the server, the script hangs, and this can happen often as in our company, we can't remember where the CMDB and data entries are present. The solution lacks an automated node selection feature. If a wrong node is picked with the tool to send in the box, the scanning procedure will run for 45 minutes and then it will fail. 

The solution is most suitable for medium-sized businesses. Our company uses the solution in a mid-sized environment comprising 1500 Windows and Linux servers. 

I would rate the tech support a five out of ten. Our company has raised multiple tickets with issues in graphs, but the support team was unable to help. The dashboard of Tenable Cloud Security provides the total number of vulnerabilities instead of segregating them for each day and mentioning how many have been resolved, but there are no useful graphs provided. 

Neutral

The initial setup process is extremely complex; in our company, it has been over a year, and the solution is still being set up. During the setup process in our organization, the tool acquired several vulnerabilities, and I am personally exhausted from managing them.

I am personally learning about the competitor solution, HashiCorp Vault, through webinars and trying to compare it with Tenable Cloud Security. A few of my friends are using HashiCorp Vault, and they are comparatively satisfied with the product. 

The solution functions in a multi-cloud environment. In our company, Tenable Cloud Security is implemented in a cloud, but it's connected to the bare-metal data centers. 20% of the solution has been shifted to the cloud environment in our organization, but the tool can still pick data from cloud environments, including OCI and Azure.  

The product efficiently detects vulnerabilities across the entire environment, provides insights, and seeks remediation. Overall, I would rate Tenable Cloud Security a seven out of ten. The solution's vulnerability display interface needs to improve. I recommend others try other competitor solutions and implement a POC before onboarding Tenable Cloud Security. 

The solution is good. We integrated our AWS account with Tenable Cloud Security for security and compliance. The IAM features are valuable. We can analyze the permissions of the users in all the aspects of AWS. The solution’s vulnerability management feature has helped us identify and mitigate risks well. I can do the scans from the on-premise and cloud solutions. The tool integrates well with our existing products. We have integrated it with ServiceNow. It works well.

The product must provide more features. It must integrate with AI. The reporting features are bad. The reports do not have detailed information. We cannot do CI/CD with the tool.

I have been using the solution for one and a half years.

I rate the product’s stability seven and a half out of ten. It must be improved.

I rate the product’s scalability seven and a half out of ten. It must be improved.

The setup has a few steps. I rate the ease of setup a nine out of ten.

We compared the solution with other tools but chose Tenable Cloud Security because it fit our requirements.

We haven’t used the workload features yet. I will recommend the solution to others based on their organization’s requirements. Overall, I rate the tool an eight out of ten.

The use cases attached to Tenable Cloud Security include compliance verifications for the cloud environment.

The product lacks automatic remediation features. From an improvement perspective, the tool should be able to offer automatic remediation features.

There is a need for the support team to improve their response time since it is one of the areas where the product's technical team has certain shortcomings.

I have been using Tenable Cloud Security for around ten years. My company sells solutions like Fortinet, Qualys, Tenable, and SentinelOne. My company has a partnership with Tenable.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight out of ten.

The solution's technical support is not good. I rate the technical support a three out of ten.

Negative

Products like Fortinet, Qualys, and Rapid7 offer the same set of services. The only common issue I found between all the products was that though the tools can be deployed on the cloud services offered by Microsoft, AWS, and Google, the products cannot be deployed on Oracle.

I am in the process of testing different solutions from vendors like Rapid7 and Qualys.

I rate the product's initial setup phase an eight on a scale of one to ten.

The solution can be deployed in a couple of minutes.

There is a need to opt for a subscription-based pricing model to use Tenable Cloud Security. I rate the product price an eight on a scale of one to ten, where one is low price and ten is high price.

Tenable Cloud Security is a basic tool for security engineers since most of the cloud solutions do not offer high standard compliance, like PCI DSS compliant. Most of the cloud solutions use CIS as a benchmark or reference. Microsoft has its own compliance tool.

Tenable Cloud Security is a new solution in the market and cannot be compared with the other vulnerability tools.

Speaking about how the product has improved the security posture, I would say that Tenable Cloud Security is usually installed on a person's computer, so one needs to be very careful not to make any mistakes during configuration. The cloud providers don't offer security, so it is important for a potential buyer to read the information on the way the services are provided to them by the cloud.

The product's visibility and remediation work fine for me.

Around two people are required for the maintenance of the product, considering that there are changes in cloud products and every customer is different. It is not a static solution.

I rate the overall tool an eight out of ten.

We use Ermetic for monitoring and alerting. 

The tool alerts us on depreciating performance or deficiencies of our web application. It helps us react on time. 

Ermetic needs to improve its security scanning. I would like to see more dynamic graphical forms. 

I have been working with the solution for four years. 

I rate Ermetic's stability a ten out of ten. 

I rate the solution a ten out of ten. 

Ermetic's deployment is easy. 

We have seen ROI with the tool's use. 

The tool's pricing is fair. 

I rate Ermetic a ten out of ten.