What is our primary use case?
Primarily we're a partner of Tenable and what we've done is we've essentially created a middleware. We created a middleware on top of Tenable.io engine, the API, and the middleware was developed back in 2003. It has gone through about three different iterations since then.
Essentially, we simplify their user interface. It's been designed so that the managed service providers, the MSPs, are able to use the Tenable system with our interface on top. In a sense, what we've done is dramatically dummied down the Tenable interface through the use of our own GUI. We connect to the Tenable API in the backend, however, they're doing the heavy lifting, so to speak, and we're just presenting the information in a much more logical, easily understood manner.
What is most valuable?
The API is pretty good.
The solution works well for enterprise-level organizations.
They're a standup product. They really are. They're one of the first in the industry which means they're a quite well-established site. It's pretty hard to improve upon.
The initial setup is pretty straightforward.
They are on a good trajectory as a company and investing in R&D in the right ways.
The stability is excellent.
The scalability is pretty good.
What needs improvement?
The solution seems to focus too much on enterprises, and they really need a product that works for SMBs. The enterprise product is too expensive for smaller companies, however, they really are looking for a product like this in the market.
It's too technologically advanced for SMBs - Tenable is kind of a little bit like flying a 747. There's a lot of bells and whistles and switches and things like that, that quite frankly are not used or not understood largely by the average user. If they don't begin to cater to smaller organizations, they'll likely lose market share.
They could use a better user interface that could be developed a lot better than it is. It really could be more intuitive.
For how long have I used the solution?
I've used Tenable for 20 years or so. 18 to be exact. It's been a good amount of time. I have a lot of experience with the company.
What do I think about the stability of the solution?
The stability is excellent. There are no bugs or glitches. It doesn't crash or freeze. It's one of the reasons we chose it. It's reliable and the performance is excellent.
What do I think about the scalability of the solution?
Aside from their licensing, which needs some serious reworking, when you get the licensing in order the scaling is not that bad. It's pretty much on-par in terms of what others are doing. However, getting the provisioning of the licensing and all of that stuff through their partners, namely Ingram Micro, is nothing short of pulling teeth really.
How are customer service and technical support?
I've never used technical support in the past. I've never had a need to. Therefore, I wouldn't be able to assess them. I can't say how knowledgeable or responsive they are.
Which solution did I use previously and why did I switch?
We've only been with Nessus. Nessus Professional came out way back in the day, in 2002, 2003, there was WebInspect which was then, bought by IBM. We used WebInspect which was another iteration of vulnerability scanning. It's kind of like Burp Suite, which is commonly used now. That was our only other experience. That was very far back, it's almost another lifetime.
How was the initial setup?
The initial setup is pretty straightforward. We've got staff members that are certified for decades, two decades or more, and they know their way around quite easily. It's quite easy in that regard to set up.
What's my experience with pricing, setup cost, and licensing?
In terms of the pricing side, I would say that they've lost a little touch on the pricing. It seems that the enterprise companies are the ones that primarily use Tenable for DIY security. However, the needs are much greater adoption in terms of the SMB space. These companies are screaming for attention. They've gotten interest from the hackers as hackers seem to be quite focused on the SMB space - which means they need protection. Most of the VA companies that are out there are servicing the enterprise and they all need the help. They've got the budget, they've got the resources, they have the CISSP certified guys on the bench taking care of their needs.
In terms of the volume of users interacting with the solution, you're looking at tens of thousands. As a service provider, we use the solution for companies of all sizes.
What other advice do I have?
We're a partner for Tenable Nessus.
The Tenable.io is what we're using currently. It suits our needs best due to the fact that it's in the cloud. The API is okay. It's not wonderful. Seems to serve a purpose.
The biggest problem with the solution is that if you're a small company, you're not going to be able to afford it, nor are you going to be able to manage it.
I would recommend other organizations use the product. People probably don't consider the amount of, let's say, understanding or comprehension that they need of their own network to truly be able to deploy and manage and get the results they're looking for, however. Many often underestimate all their skillsets. Tenable has a number of features and functionalities and it can be a little confusing for, let's say, a non-security savvy person. It could be a little bit of a challenge, to be honest. I'd suggest any company that considers it also does their homework first.
I'd rate the solution at a seven out of ten. It gets the job done. It really is smooth to operate once it's set up. It is for the most part pretty easy to set and forget.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?