Most Helpful Review
Enables us to centralize and correlate all data and understand where the gaps are in our security posture
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
The scalability is good. The scalability is more than good because it can operate both as a standalone and it can be integrated as part of applications. So that really makes it a very, very versatile solution to have.
For us, the most valuable aspect of the solution is the log-sequence feature.
It can operate both as a standalone and it can be integrated with other applications, which makes it a very versatile solution to have.
Our developers can run the attacks directly from their environments, desktops.
The vulnerability scanning option for analyzing the security loopholes on the websites is the most valuable feature of this solution.
The automated approach to these repetitive discovery attempts would take days to do manually and therefore it helps reduce the time needed to do an assessment.
Their technical support has been very active. If I have an issue, I can reach out to them and get an answer pretty quick.
We are able to create a report which shows the PCI DSS scoring and share it with the application teams. Then, they can correlate and see exactly what they need to fix, and why.
The scans are the most valuable aspect of this solution.
The predictive prioritization features are pretty good. They do a lot of research and we trust the research that they do internally. They have knowledge of what's going on with many companies, where we only get a view into what's going on here. So the ability to get best practices out of them as part of this solution, is valuable to us.
Tenable also helps us to focus resources on the vulnerabilities that are most likely to be exploited. And since it is continuously updated, it allows us to reevaluate quickly if there are new vulnerabilities found...
This solution has a much lower rate of false positives compared to competing products.
One of the most valuable features is their distributed scan model for allotting engines to work together as a pool and handle multiple scans at once, across multiple environments. Automatic scanning distribution is a distinguishing feature of their toolset.
What is useful to me is being able to fulfill very customized scanning policies. In the clinical environment, because of vendor control, we can't perform credential-vulnerability scanning. And network scans, which I've done before, can cause a lot of impact. Being able to create very customized policies to be able to routinely scan and audit our clinical networks, while simultaneously not causing impact, is important to us.
I think that this is a good solution for evaluating vulnerability in the network.
We really love the Security Center dashboard. It basically performs vulnerability scanning and then outputs a vulnerability data.
Tripwire IP360 is a very stable solution.
It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed.
We want to see how much bandwidth usage it consumes. When we monitor traffic we have issues with the consumption and throttling of the traffic.
The solution limits the number of scans. It would be much better if we could have unlimited scans.
When monitoring the traffic we always have issues with the bandwidth consumption and the throttling of traffic.
Tools that would allow us to work more efficiently with the mobile environment, with Android and iOS.
In terms of what needs improvement, the way the licensing model is currently is not very convenient for us because initially, when we bought it, the licensing model was very flexible, but now it restricts us.
It would be nice to have a feature to "retest" only a single vulnerability that the customer reports as patched, and delete it from the next scans since it has already been patched.
You can't actually change your password after you've set it unless you go back into the administration account and you change it there. Thus, if you're locked out and don't remember your password, that's a thing.
We have had issues during upgrades where their scans worked on some apps better with previous versions. Then, we had to work with their tech support, who were great, to get it fixed for the next version.
The reporting needs a lot of work on the template.
There's a lot of information being streamed out of the reports. What would be nice, and maybe we just haven't found it, would be more of an executive-type view. We still expect it to collect all this information, but we would like a feature that would allow us to show it to an executive or a director or someone like that and give them some type of high-level overview but not get into the nitty-gritty.
The vulnerability scan does not work correctly until the access privileges are set by the system administrator.
It's good at creating information, it's good creating dashboards, it's good at creating reports, but if you want to take that reporting metadata and put it into another tool, that is a little bit lacking.
If I want to have a very low-managed scan policy, it's a lot of work to create something which is very basic. If I use a tool like Nmap, all I have to do is download it, install it, type in the command, and it's good to go. In Security Center, I have to go through a lot of work to create a policy that's very basic.
The web application scanning area can be improved.
A good plugin editor would be a good additional option for the Security Center.
In terms of configuration, there is some level of flexibility that we are not able to achieve.
I am not very impressed by the technical support.
The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side.
Pricing and Cost Advice
The costs aren't very expensive. It costs around $3000 or $4000.
All things considered, I think it has a good price/value ratio.
The pricing and licensing are reasonable to a point. In order to run multiple scans at a time, we are going to have to purchase a 100 count license, which is an overkill. Though, compared to what we were paying for, the cost seems reasonable.
When we looked at all other vendors and what they were asking for, to provide a third of what Acunetix was capable of doing, it was an easy decision... But now that it's coming to a cost where it's line with market value, it becomes more of a competition... Acunetix is raising the cost of licensing. It's 3.5 times what we were initially quoted.
Acunetix was around the same price as all the other vendors we looked at, nothing special.
We pay around 60,000 on a yearly basis.
We're a Fortune 500 company... our licensing costs [are] in the seven figures.
Costing is pretty reasonable compared to the competition.
The pricing is more than Nexpose.
The licensing costs for this solution are approximately $100,000 US, and I think that covers everything.
We're able to save because we don't have to employ more staff members to help wit ht he scheduling of the scans, running the reports or sending them out to the systems owners. That alone is a big ROI for us.
It is slightly more expensive than other solutions in the same sphere.
I believe the price compares well within the market.
Compared 25% of the time.
Compared 11% of the time.
Compared 10% of the time.
Compared 27% of the time.
Compared 23% of the time.
Compared 15% of the time.
Compared 60% of the time.
Compared 7% of the time.
Compared 6% of the time.
Also Known As
|AcuSensor||Tenable Unified Security, Tenable SecurityCenter||IP360|
|Acunetix||Tenable Network Security||Tripwire|
Acunetix Web Vulnerability Scanner is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross site scripting, and other exploitable vulnerabilities.
Tenable SC consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture. With SecurityCenter, get the visibility and context you need to effectively prioritize and remediate vulnerabilities, ensure compliance with IT security frameworks, standards and regulations, and take decisive action to ensure the effectiveness of your IT security program and reduce business risk.
Tripwire IP360 delivers risk-based vulnerability assessment and asset discovery capabilities. With IP360, you get:
Learn more about Acunetix Vulnerability Scanner
Learn more about Tenable SC
Learn more about Tripwire IP360
|Joomla!, Digicure, Team Random, Credit Suisse, Samsung, Air New Zealand||IBM, Sempra Energy, Microsoft, Apple, Adidas, Union Pacific||State of Iowa, State of Minnesota, U.S. Cellular|
Financial Services Firm38%
Comms Service Provider13%
Non Tech Company13%
Software R&D Company40%
Comms Service Provider13%
Software R&D Company42%
Comms Service Provider11%
Software R&D Company24%
Comms Service Provider16%