Most Helpful Review
Researched Rapid7 Metasploit but chose Tenable SC: Good dashboards, reporting, and technical support, with a low rate of errors
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"It's not possible to do penetration testing without being very proficient in Metasploit."
"The option to generate phishing emails has proven to be very valuable in understanding the behavior of users."
"It contains almost all the available exploits and payloads."
"The most valuable feature for us is the support for testing Linux-based web server components."
"The reporting on the solution is good."
"All of the features are great."
"We really love the Security Center dashboard. It basically performs vulnerability scanning and then outputs a vulnerability data."
"I think that this is a good solution for evaluating vulnerability in the network."
"What is useful to me is being able to fulfill very customized scanning policies. In the clinical environment, because of vendor control, we can't perform credential-vulnerability scanning. And network scans, which I've done before, can cause a lot of impact. Being able to create very customized policies to be able to routinely scan and audit our clinical networks, while simultaneously not causing impact, is important to us."
"One of the most valuable features is their distributed scan model for allotting engines to work together as a pool and handle multiple scans at once, across multiple environments. Automatic scanning distribution is a distinguishing feature of their toolset."
"This solution has a much lower rate of false positives compared to competing products."
"The predictive prioritization features are pretty good. They do a lot of research and we trust the research that they do internally. They have knowledge of what's going on with many companies, where we only get a view into what's going on here. So the ability to get best practices out of them as part of this solution, is valuable to us."
"Tenable also helps us to focus resources on the vulnerabilities that are most likely to be exploited. And since it is continuously updated, it allows us to reevaluate quickly if there are new vulnerabilities found..."
"The scans are the most valuable aspect of this solution."
"The initial setup was a bit "tweaky" for the open-source version."
"Metasploit cannot be installed on a machine with an antivirus."
"It is necessary to add some training materials and a tutorial for beginners."
"Better automation capabilities would be an improvement."
"The solution should improve the responsiveness of its live technical support."
"At the time I was using it, the graphical user interface needed some improvements."
"A good plugin editor would be a good additional option for the Security Center."
"The web application scanning area can be improved."
"If I want to have a very low-managed scan policy, it's a lot of work to create something which is very basic. If I use a tool like Nmap, all I have to do is download it, install it, type in the command, and it's good to go. In Security Center, I have to go through a lot of work to create a policy that's very basic."
"It's good at creating information, it's good creating dashboards, it's good at creating reports, but if you want to take that reporting metadata and put it into another tool, that is a little bit lacking."
"The vulnerability scan does not work correctly until the access privileges are set by the system administrator."
"There's a lot of information being streamed out of the reports. What would be nice, and maybe we just haven't found it, would be more of an executive-type view. We still expect it to collect all this information, but we would like a feature that would allow us to show it to an executive or a director or someone like that and give them some type of high-level overview but not get into the nitty-gritty."
"The reporting needs a lot of work on the template."
"The integration is very good, although it still needs to improve."
Pricing and Cost Advice
"I use the open-source version of this product. Pricing is not relevant."
"It is expensive. Our license expired, and our company is not thinking to renew because of our budget."
"The great advantage with Rapid7 Metasploit, of course, is that it's free."
"We're able to save because we don't have to employ more staff members to help wit ht he scheduling of the scans, running the reports or sending them out to the systems owners. That alone is a big ROI for us."
"The licensing costs for this solution are approximately $100,000 US, and I think that covers everything."
"The pricing is more than Nexpose."
"Costing is pretty reasonable compared to the competition."
"We're a Fortune 500 company... our licensing costs [are] in the seven figures."
"We pay around 60,000 on a yearly basis."
"The price can start at €10,000 ($13,000 USD) for between 500 and 1,000 assets, and the price can climb into the millions as more assets are added."
Questions from the Community
Ask a question
Earn 20 points
Top Answer: The scans are the most valuable aspect of this solution.
Top Answer: We pay around 60,000 on a yearly basis.
out of 36 in Vulnerability Management
Average Words per Review
out of 36 in Vulnerability Management
Average Words per Review
Compared 51% of the time.
Compared 12% of the time.
Compared 11% of the time.
Compared 7% of the time.
Compared 1% of the time.
Compared 41% of the time.
Compared 25% of the time.
Compared 13% of the time.
Compared 10% of the time.
Compared 2% of the time.
Also Known As
|Metasploit||Tenable Unified Security, Tenable SecurityCenter|
|Rapid7||Tenable Network Security|
Attackers are always developing new exploits and attack methods—Metasploit penetration testing software helps you use their own weapons against them. Utilizing an ever-growing database of exploits, you can safely simulate real-world attacks on your network to train your security team to spot and stop the real thing.
Tenable SC consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture. With SecurityCenter, get the visibility and context you need to effectively prioritize and remediate vulnerabilities, ensure compliance with IT security frameworks, standards and regulations, and take decisive action to ensure the effectiveness of your IT security program and reduce business risk.
Learn more about Rapid7 Metasploit
Learn more about Tenable SC
|City of Corpus Christi, Diebold, Lumenate, Nebraska Public Power District, Prairie North Regional Health, Apptio, Automation Direct, Bob's Stores, Cardinal Innovations Healthcare Solutions, Carnegie Mellon University||IBM, Sempra Energy, Microsoft, Apple, Adidas, Union Pacific|
Comms Service Provider32%
Computer Software Company26%
K 12 Educational Company Or School4%
Financial Services Firm29%
Comms Service Provider14%
Computer Software Company31%
Comms Service Provider21%
Financial Services Firm5%
Rapid7 Metasploit is ranked 7th in Vulnerability Management with 5 reviews while Tenable SC is ranked 4th in Vulnerability Management with 9 reviews. Rapid7 Metasploit is rated 7.4, while Tenable SC is rated 8.4. The top reviewer of Rapid7 Metasploit writes "Straightforward to set up, and helpful for moving from development to production". On the other hand, the top reviewer of Tenable SC writes "Enables us to centralize and correlate all data and understand where the gaps are in our security posture". Rapid7 Metasploit is most compared with Tenable Nessus, Wireshark, Rapid7 InsightVM, Qualys VM and SecurityScorecard, whereas Tenable SC is most compared with Tenable.io Vulnerability Management, Tenable Nessus, Qualys VM, Rapid7 InsightVM and Forescout Platform. See our Rapid7 Metasploit vs. Tenable SC report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.