What is our primary use case?
At work we use the enterprise version of Tenable, Tenable.io, and I also use Tenable.sc — which I refer to as SecurityCenter — for local scanning.
I use Tenable SecurityCenter every day to scan our entire environment for vulnerabilities. I use a local license during the discovery process for penetration testing. So I'll do an en masse scan, and then also do a scan with Tenable to scan for IPs and vulnerabilities.
User-wise, with Tenable SecurityCenter, there's different roles. We have security analysts, admin, etc. I'd say there's probably four or five different roles from people that can just go in and view. Security analysts can upload manual scans and create dashboards and download reports. Then administrators can create accounts, assign roles and responsibilities, and things like that.
How has it helped my organization?
Tenable SecurityCenter has absolutely improved our organization, by making everything more secure and helping ensure solid vulnerability management.
What is most valuable?
The feature we've liked most recently was being able to take the YARA rules from FireEye and put them into Tenable's scan for the most recent SolarWinds exploit. That was really useful.
What needs improvement?
I'm pretty happy with it, but I do see a lot of stuff coming out about risk-based vulnerability management. And so I've been looking at that. I don't think we're using that as of yet and it seems like a newer feature they're talking about a lot that I'm interested in.
I will say it's a lot slower compared to an MS scan. It takes so much longer, so the performance could definitely be worked on.
There was also an issue with SecurityCenter once where we had agents deployed on each device, and while it was scanning we were collecting the data real time. During this process, we had an enclave that was not submitting. It didn't have the agent installed because it wasn't connected to the enterprise network.
They were scanning locally and submitting the scans and we would then upload them into SecurityCenter manually. Each time that there were any duplicates with host names or IPs, or that there were issues with the scanner device with authentication, it failed. But then you scanned it again and it was successful.
When you uploaded that, SecurityCenter was counting it as two devices. And when you ran your report for unauthorized devices, even though it was scanned a second time successfully, the first time would show as a failure. So it was throwing off reporting.
So we would run a report and say, "Okay, which device has failed scanning with authentication?" And it would give a device and we'd be like, "Well, here's the secondary scan showing that it was successful." And so we were having to manually go in there and delete the failed ones.
And that was a pain in the butt. We eventually got that enclave online so we fixed the problem, but I felt that was a limitation of Tenable SecurityCenter that it couldn't see that.
For how long have I used the solution?
I have been using Tenable SecurityCenter for the past few years now.
What do I think about the stability of the solution?
We have only run into one troublesome issue that I can remember. It had to do with the way SecurityCenter inaccurately reported real-time scan results whenever there was a transient problem such as with a duplicate host name or IP, or with authentication.
It was a pain to deal with, because we kept having to go in and manually delete all the failed (but actually successful) scan results.
What do I think about the scalability of the solution?
When it comes to scalability, so far so good, and no issues. We've got the whole environment monitored right now and I don't see any significant increases in use anytime soon.
How are customer service and technical support?
Their technical support is good. Because I don't give out tens much for anything, I would say in the eight to nine range, out of ten.
Which solution did I use previously and why did I switch?
For vulnerability management, Tenable SecurityCenter is the only one I've used in the past six years. Though we do use other tools in conjunction with it.
We've pretty much used Nessus for scanning, vulnerability management, and reporting, and that's it. And it does it very well. And then I use different tools for other things. I'm sure Tenable had that on the plugins for other things, but we don't use those.
How was the initial setup?
The setup is straightforward.
What about the implementation team?
I personally implement SecurityCenter with a local license. And then we also have different roles like security analysts and administrators who can just go in and perform various functions such as uploading manual scans, creating dashboards, downloading reports, assigning accounts, and so on.
What's my experience with pricing, setup cost, and licensing?
I use a local license to perform penetration testing and I'm pretty happy with everything when it comes to pricing and licensing.
What other advice do I have?
I can easily recommend Tenable SecurityCenter, and I have nothing really bad to say about it. I think it's a great tool for what it does. I enjoy the webinars, and the people that run the company seem very engaged with what's going on when you're into current events and the overall security climate, and they're continuously looking to improve.
I can't speak to every option that they have, but I have no reservations recommending them.
I would rate Tenable SecurityCenter an eight out of ten.
Which deployment model are you using for this solution?