The most popular use cases include vulnerability detection, cloud security posture management, software composition analysis (comparing code), and supporting cloud-native application protection in runtime environments.
Tenable Cloud Security [Private Offer Only]
Tenable, Inc.External reviews
41 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Making DevOps & Security Teams Easier
What do you like best about the product?
As a DevOps engineer, it makes my life easier when I use Tenable Cloud Security.
It's helping me navigate and jump between resources in all the accounts, to find which resource is connected to which and to easily monitor the cloud events. In addition, the provided links to each resource are reducing the searching time significantly.
It's helping me navigate and jump between resources in all the accounts, to find which resource is connected to which and to easily monitor the cloud events. In addition, the provided links to each resource are reducing the searching time significantly.
What do you dislike about the product?
The only disadvantage is that it's quite expensive.
What problems is the product solving and how is that benefiting you?
Tenable Cloud Security gives me efficient and easy navigation between the AWS resources and the IAM roles. It helps us to track what is connected to what and gives us the best visibility for the accounts state.
Has vulnerability detection, software composition analysis and asset management features
What is our primary use case?
What is most valuable?
Tenable Cloud Security excels in vulnerability detection, one of its strongest features. Another valuable feature is software composition analysis, which highlights and automates the detection of security flaws. Additionally, their knowledge base is excellent; if anything goes wrong, they provide clear guidance on what needs to be done to address specific vulnerabilities.
The asset management is also really good, with effective discovery and categorization of assets. The DevOps integration is also strong, supporting Shift-Left Security practices with integration into pipeline tools.
What needs improvement?
Due to its robust nature, the platform's adoption can be overwhelming initially. However, once organizations start using it, they tend to get used to it. I haven't had much direct interaction with the support team, but some partners have reported a desire for better support for the product.
Another area needing improvement is the implementation complexity, especially in multi-cloud environments. Tenable Cloud Security's features mean there's a steep learning curve, which can consume significant time and resources to utilize the platform's potential and fully see immediate benefits. It's similar to AI in that you must spend time fine-tuning and training before it truly helps.
For how long have I used the solution?
I have been working with the product for three years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
I rate the solution's scalability a ten out of ten. Managing many assets (e.g., 500 or 5,000+) can become overwhelming in a multi-cloud environment. However, for smaller environments with fewer than 5,000 assets, it should be pretty straightforward and manageable.
How are customer service and support?
My partners complain that support is not consistent and replies come late. It is small company and to offer worldwide support will be a challenge.
How was the initial setup?
The solution's integration and configuration can be overwhelming. If you have a simple environment, I'd rate Tenable Cloud Security's deployment ease very close to ten out of ten. It's easy to deploy, run the first discovery, and manage the assets. Its strength lies in covering the environment thoroughly, discovering assets, and categorizing them.
What other advice do I have?
I rate the overall solution a ten out of ten. I think it's the best on the market right now. Other solutions, like Trend Micro, provide incident response across multiple security layers. However, Tenable Cloud Security is not primarily a threat protection tool. Even though it deploys malware detection and removal in the code, it is not like real-time incident response such as Trend Micro.
Helps to react promptly with monitoring and alerting capabilities
What is our primary use case?
We use Ermetic for monitoring and alerting.
How has it helped my organization?
The tool alerts us on depreciating performance or deficiencies of our web application. It helps us react on time.
What needs improvement?
Ermetic needs to improve its security scanning. I would like to see more dynamic graphical forms.
For how long have I used the solution?
I have been working with the solution for four years.
What do I think about the stability of the solution?
I rate Ermetic's stability a ten out of ten.
What do I think about the scalability of the solution?
I rate the solution a ten out of ten.
How was the initial setup?
Ermetic's deployment is easy.
What was our ROI?
We have seen ROI with the tool's use.
What's my experience with pricing, setup cost, and licensing?
The tool's pricing is fair.
What other advice do I have?
I rate Ermetic a ten out of ten.
A stable solution providing comprehensive vulnerability scanning for modern web applications
What is our primary use case?
Tenable Cloud Security essentially falls under the umbrella of cloud security.
In cloud security, we have a diverse Tenable portfolio which includes Nessus, Nessus Professional, Nessus Expert, Tenable.io Vulnerability Management, Tenable Security Center, Tenable Cloud Security, Tenable Lumen, Tenable Active Directory, and Tenable One.
What is most valuable?
We're discussing vulnerability management here, and in this realm, it's considered one of the top vendors in the security field. The key benefit lies in having the largest and most up-to-date database. When it comes to using any Tenable product, it excels in finding vulnerabilities and providing analytics. Tenable possesses the biggest vulnerability database, sourcing data from various places including open sources, the dark net, and forums where hackers discuss vulnerabilities. This makes Tenable and its products highly regarded in the realm of vulnerability management.
The concept of a "black box" or a "closed box" in this context involves a solution that provides results and resolutions specifically tailored to your cloud environment's compliance and security needs. In essence, cloud security tools scan your cloud resources and evaluate them to ensure they adhere to policies, have correct configurations, and conduct an analysis to verify the proper functioning of your cloud infrastructure. This encapsulates the core advantages of Tenable Cloud Security.
What needs improvement?
Personally, I don't have any critical concerns about this product. As I mentioned earlier, it's a comprehensive and well-rounded solution that provides results effectively. However, I do think there might be room for more integrations. This could allow for further customization and flexibility, essentially offering different functionality options to accommodate various budgets. It's similar to customizing a wedding package to fit different preferences and budgets. This could be achieved through licensing, enabling users to choose specific functionalities based on their needs. For instance, if someone only requires container-related features and doesn't need in-depth analysis of their entire cloud environment, they could opt for a more tailored solution.
For how long have I used the solution?
I have been using Tenable Cloud Security for the past seven years.
How are customer service and support?
Our vendor is Broadview, and they offer various support levels. In a typical scenario, with the initial level of support, you might expect a relatively simple approach to problem-solving, with an SLA that allows several hours for issue resolution.
When you open a ticket for a problem, that ticket is overseen by a designated support technical specialist and their manager. If the ticket isn't resolved, you have the option to escalate it through another channel, such as your organization's Cabinet. This process works in a similar way to what we consider normal.
To increase the response speed, you simply need to invest more in advanced support. It doesn't work like it might in smaller vendors. In this context, when there are four tiers of support, each comes with different response times. If you require a one-hour response time, you can opt for premium support, and that's about it. Even before purchasing a solution, whether it's Scalable Security, Account Security, Scalable Security Center, or any other, you can review the support SLAs to gauge how long you might have to wait for assistance with various issues.
How would you rate customer service and support?
Positive
What other advice do I have?
In general, when you want to make comparisons, you must consider various factors, and this applies to many other solutions as well. However, this implies that we don't encounter significant issues or problems with the product, whether it's related to its functionality or overall performance. Consequently, it can be rated as a solid ten.
Intuitive and easy to use, awesome capabilities
What do you like best about the product?
Ermetic is an awesome tool that helps a lot in making the cloud environments secure. It's very intuitive, easy to use, easy to integrate with could environments, ticketing tools and also with IAM tools in order to control user's lyfecicle. It's possible to remediate issues in the clould using Ermetic only, once it has the capability to identify the security risks and also to fix them, if desirible, based in the suggestions that the tool provides to mitigagte the found issues. The interface is very intuitive and provides us vairous ways to identify risks based in standards and regulations like PCI, HIPAA, NIST and others.
What do you dislike about the product?
Few ways to extract data, like user's for example.
What problems is the product solving and how is that benefiting you?
Issues related to IAM security, like overprivileged accesses, roles, inactive users, public resources. This is helping in keep our cloud resources secure and understanding the gaps we have.
Excellent org to work with!
What do you like best about the product?
Ermetic is genuinely concerned with the success of not just our product usage, but that of our organization. They're engaged at the highest levels of their company, actively soliciting feedback and implementing those changes into their product. They listen intently to needs, concerns, and desires to output features and functions that provide the best value to their customers. They proactively review and monitor our account, providing guidance and best practices.
What do you dislike about the product?
There are no downsides that I have to note about doing business with Ermetic.
What problems is the product solving and how is that benefiting you?
Ermetic provides CIEM functionality for all of the major CSP's that we utilize, through a single plane of glass.
Great tool, very easy to implement and integrate
What do you like best about the product?
It is easily integrated with Azure and AWS. It is also easy to deploy and manage, create reports and look for vulnerabilities and remdiations.
What do you dislike about the product?
Probably creating more options to remediate vulnerabilities within identities.
What problems is the product solving and how is that benefiting you?
We are monitoring our cloud environments for potential miss configuration and data leakage.
Ermetic, our solution for CSPM and CNAPP
What do you like best about the product?
Excellent CSPM tool for our AWS use case. Saves us a ton of time drilling done configuration security.
The "if you only have 5 minutes" feature is a great way to ensure you don't get overwhelmed with the amount of tasks to complete. Helps guide you on a clear, daily progression to cloud security
The "if you only have 5 minutes" feature is a great way to ensure you don't get overwhelmed with the amount of tasks to complete. Helps guide you on a clear, daily progression to cloud security
What do you dislike about the product?
The kubernetes aspect is still developing. I know for a fact Ermetic has on the road map to release an agented Kubernetes monitoring solution, but until then you'll just have to wait.
What problems is the product solving and how is that benefiting you?
Ermetic helps us fix over provisioned privledges in AWS, it's replaced our cloud trail log search, and we also utilize it's automated slack alerting for unusual cloud activity.
Fantastic CSPM Tool
What do you like best about the product?
Fantastic CSPM tool for multi-cloud environments. It lets you quickly get the "lay of the land" in your environment, seeing what services and resources are in place.
The IAM permission breakdown is second to none in my experience. Lets you really drill down to see what resources are affected by what policies and is extrememly useful in cracking down on overpriviliged IAM resources.
Add in findings, toxic combos, and the "if you only have 5 minutes" and you can quickly see what you need to pay attention to right away to better secure your environment.
The IAM permission breakdown is second to none in my experience. Lets you really drill down to see what resources are affected by what policies and is extrememly useful in cracking down on overpriviliged IAM resources.
Add in findings, toxic combos, and the "if you only have 5 minutes" and you can quickly see what you need to pay attention to right away to better secure your environment.
What do you dislike about the product?
Theres is still some work to be done with WAFs in place of load balancer when looking at network resource views. However I am confident that they will get to this sooner or later as well.
What problems is the product solving and how is that benefiting you?
Helps us to quickly see the resources we have in our environment, any security concerns with those resources, and how we can remediate quickly. Gives us truly fantastic IAM breakdowns as well.
Great product for having a good insight in the cloud environment.
What do you like best about the product?
The detailed information which Ermetic provides is excellent. The user interface and accessibility to the features are good. A lot of information is provided by Ermetic. Setting up the account is easy. The documentation is excellent and easy to follow. The feature which creates least privilege policy just by selecting the time period is one of the cool feature.
What do you dislike about the product?
I didn't find and disliking factor as per my usage.
What problems is the product solving and how is that benefiting you?
Ermetic is solving our cloud environment issues. It shows us the missed out stuff like permissions, policies and helps us create new and better policies following the principle of least privilege.
showing 1 - 10