Tenable SecurityCenter Review

Quick turnaround time but needs a good plugin editor


What is our primary use case?

I primarily use this solution for vulnerability assessment on the assets that we have. This includes servers, network equipment, appliances, routers, firewalls, and switches. 

How has it helped my organization?

Before, we did manual management of our assets. We have an EXO file that has all our assets in it. They have the IP address and all the details of each equipment. We manually enrolled those assets to our vulnerability scanning tool for them to be scanned on a monthly basis and check what new vulnerabilities they may have. With the  Security Center, we are able to automate. We were able to automate how we enroll our assets in the Security Center, and the scheduling of when we scan each asset, and how we report them to respective system owners. We are trying to use it as a channel of a self-service platform to the system owners or system administrators. It helps to access the Security Center for them to review the vulnerabilities that the equipment or the servers may be assigned or under the domain.

What is most valuable?

We really love the Security Center dashboard. It performs vulnerability scanning and then outputs vulnerability data. When you are working with one, two, three, up to 10 IT pieces of equipment, managing the vulnerability data would just be fine, but when you are managing assets across an organization of 10,000+ employees, you have a really hard time normalizing those vulnerability data. The dashboard helps us out to map what things need to be prioritized, what is our current threat landscape and what would be the latest threats that we have in our network.

What needs improvement?

One of the challenges that we may have experienced with that platform would be the flexibility of how to modify or create. They have this configuration compliance audit function, so if ever an organization has their own configuration standards that should be set on their servers, you have to modify those plugins in Tenable for it to match the specific values that you are looking for when you perform the configuration assessment on your equipment. It is a small challenge because it uses regular expressions on their plugins and so we are having a hard time either creating a blank template from scratch. We usually base our compliance audit plugin on an existing one and then modify the values or describe whatever is not up to our standards. A good plugin editor is an additional option for the Security Center.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Whenever you have a vulnerability scan running of  5000 IP addresses all at the same time running, it tends to keep resources on the Tenable server itself, a huge amount of CPU and memory. Right now, it's still goes up, but at least it's below the threshold, which I think would be 73% or 75%.

What do I think about the scalability of the solution?

As long as you can buy the license, you can easily add up until you need an additional scan engine.

Which solutions did we use previously?

We previously used Qualys Virtual Scanner Appliance.

How was the initial setup?

Setup is easy as long as you have the right hardware requirements. The deployment took about a week. We used two network guys, two system admins, one application admin, and two security admins to implement the solution.

The longer process was on the hardening part of the components of the servers. We had to install everything on servers, all the dependencies, all of the software that Tenable needs, including the Security Center itself, and then once everything is installed, meaning everything is locked down, no other software is needed to be added to it. We performed a patch check and configuration checks on it to see they have met our standards. After that, we requested the connectivity performance from our firewall team and performed discovery across our network, if it will be able to see all the systems or all the IPs or all the networks that we have in our network. That would be one of the long processes that we took since there were a lot of different network segments that each engine or each Tenable component will pass through. We had to look for each one, just to make sure that we have the full coverage of our network.

What was our ROI?

We're able to save because we don't have to employ more staff members to help with the scheduling of the scans, running the reports or sending them out to the system owners. That alone is a big ROI. A massive security breach would cost us a lot. This is a preventative measure worth our investment.

What other advice do I have?

Before, just preparing the monthly scans alone would take us about two weeks to set up. Then, we would have to wait for at least another two weeks for those assessments to be done, for the scanning to be done, and then it will take us about another two weeks to generate the report before we can send them out to the system owners. That's the reason why those were our main drivers, as well, for us to push the use of the Tenable Security Center as a self-service platform to the system owners. The quick turnaround time in terms of generating reports and sending them out to the respective system owners is significant.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email