Tenable.io Vulnerability Management Review

Supports container scanning, and the technical support is good

What is our primary use case?

I am a consultant and I advise my clients from a security standpoint. My goal is to get them to maximize value from Tenable.io. I am also a user of it. 

What is most valuable?

The most valuable feature for me is container scanning because I am interested in CICD security. The standard infrastructure scanning is pretty robust, which is why I was focusing on containers.

What needs improvement?

We had some challenges with the implementation because of Docker Version 2, although with help from the support team, we were able to proceed.

It would be helpful if Tenable could be more clear with regard to everything the solution can and cannot do with the particular license that you have. The information is not available on the web site and they should be more upfront about it.

For how long have I used the solution?

I have been using Tenable.io for between six and eight months. My company had acquired it before I joined, although it was not being utilized properly.

What do I think about the stability of the solution?

I have never encountered any issues relating to stability. I have never seen a scan crash, and we've been able to configure multiple scans to run concurrently. Everything appears to run smoothly.

What do I think about the scalability of the solution?

Other than running multiple scans concurrently, we have not looked at scalability. However, I have no doubt that we will be able to get support in order to meet our expectations.

How are customer service and technical support?

The support team is very good and we are quite happy with them. When we had the trouble with Docker Version 2, they responded and were able to help us troubleshoot, and then guide us to the resolution. It now works the way we wanted it to.

Which solution did I use previously and why did I switch?

I have worked with the open-source solution OpenVAS, as well as with Rapid7 and Qualys. I can see that Tenable.io is going to be one of the big players because they are doing very well in this space.

What's my experience with pricing, setup cost, and licensing?

I think that the price is reasonable for now, although given that everybody is looking to cut costs, I think that they should take measures to lower it. There are additional features that can be licensed for an additional cost.

What other advice do I have?

My advice for anybody who is implementing this product is to have all of the requirements documented and ready in advance. You match the solution to your requirements. Out of the box, we found that Tenable.io matched almost all of our requirements. The only clarification that we needed had to do with the Tenable.io Web App license. 

We have a good understanding of how Tenable.io works with containers and infrastructure, but when it comes to deep driving into applications, databases, APIs, and toolkits that you have in your environment, you need a separate license for that. This is what the Web Application license is.

In order to enjoy the maximum value, you need to have the appropriate licensing.

Overall, I am quite happy with Tenable.io.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Tenable.io Vulnerability Management reviews from users
...who compared it with Qualys VM
Add a Comment