BMC TrueSight Vulnerability Management Review

Good features for infrastructure application; lacking in integrations with other software


What is our primary use case?

We deal with server automation and end-point automation. Right now we're working with a very big client. We're partners with BMC and I'm an Information Security GRC Senior Consultant. 

What is most valuable?

The solution is valuable because it takes reports from other vulnerabilities - scanners like Nessus, Rapid7 and Qualys. That's a major feature that I can apply to my infrastructure, send the reports back, and discover where action should be taken, which systems put in place, etc. 

What needs improvement?

There is always room for improvement in all products. With BMC I'd like to see the ability to  integrate with other software. For example, having a CMDB, access to Qualys, or because we've found something from BMC, to be able to work closely to find a solution. The idea would be that it's all updated from one point automatically. I'm looking for third-party applications and integrations with other software. 

For how long have I used the solution?

I've been using this solution for three months. 

What do I think about the stability of the solution?

In general, all BMC products are stable. It was one of the reasons we chose to work with them. 

What do I think about the scalability of the solution?

In terms of scalability, I can only tell you my experience from our clients. I had Remedy installed. And then we installed Discovery. Two months ago, we installed Server Automation and we've now completed the installation with Vulnerability Management. And everything is inter-operational, it's all automated now. Our customers are happy.

How are customer service and technical support?

We work closely with technical support. There is always room for improvement but in general I'm satisfied. It's not about the response time, they possibly lack the quality of support for the services they provide. 

How was the initial setup?

Initial setup is quite complicated so we use a consultant to assist. Deployment time depends on the company. For an experienced administrator with quite good knowledge of Linux, it can take a week but the more installations one does, the smoother the process. We usually have two engineers involved in deployment and we have administrators who work with the clients. 

What other advice do I have?

My advice would be that you should make sure you know the product you are using very well, and know your requirements. To know what is on your system and what you're looking for. 

I would rate this product a seven out of 10. 

Which deployment model are you using for this solution?

On-premises
**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Add a Comment
Guest