Tenable Vulnerability Management Room for Improvement
SC
Shay Chouker
CSO at a manufacturing company with 1,001-5,000 employees
I would like the solution to cover the whole cycle of mitigation since it's an area where the solution currently lacks.
Nessus was created and, like, covered afterward. All the system is built around a basic unit that is mitigation, not the vulnerabilities. You don't have all the vulnerabilities where you build all the processes and all the reports that you have around it. Vulnerability is not like you have this problem. They say to you. Basically, you have a problem, but you don't have the patch. And the patch, inside of it, you have fifteen vulnerabilities, and it appears as a vulnerability. You are missing a patch, but it's not a vulnerability. All the system is built around missing mitigation. As a basic unit that everything is built around, and so this part is what you see when you do reports or when you build dashboards, and you have several databases inside that you can build reports around, but it's all beautiful, and you have a lot of reports, right, out of the box. But when you start creating something that you really need, like a new report, then you're, like, this data is in this database or downloaded database and this in another database of mitigations, and hence they cannot easily be connected, so each report can be all around this database because they have, like, two, three databases. I don't remember exactly, but they have separate databases inside, and you need to build the reports around one database, and it's not easy to connect two databases into one meaningful report. So, this is a hard part.
In short, I would like to see the databases seamlessly connected while doing a report.
The tool is okay, but, like I said, to cover the whole cycle and is like connecting the unconnectable things because they are built this way which I don't think they can change right now.
They can add things like brand reputation monitoring because it's the system that needs to identify all the vulnerabilities and infrastructure vulnerabilities. They can take it to add code vulnerabilities, like, if it's an R&D company that creates software, they have vulnerabilities of other types, like application-level vulnerabilities in the things that they are developing. And if it's a cloud, then it needs to be covered in a good way, considering the cloud infrastructure. Also, it works on the IP level. On the cloud, you can do it around EC2 instances. You can do the same in Tenable.io but then all the part of the cloud layer that is cloud-based but not on the EC2 level. Let's say it's CloudWatch logs and all the con configurations that are at a cloud provider level. So, there can be vulnerabilities there not at the EC2 level of the machine itself. So these are also vulnerabilities, and it can be good if they are shown and covered by the system.
In general, brand reputation and external CTI are needed in the solution.
Somewhere outside in the open world that it was bridged, and it's there, and then maybe we can show it to you also that it was bridged. So it's now in the open world, and they don't want to be, you know, to be the open world and also on the external attack surface, but I think we saw that some module that they are doing that is in just the right direction. So, it's a good direction.
SN
Steven Nkwane
Intake Specialist at Maxtec
They've been able to think about everything in terms of where the world is going and the type of assets that you've got. They've everything sorted out in that aspect, but you have to pay for most of the other components that they've got to give you complete visibility across your tech surface. If it already had those capabilities in-built, without having to add them on to take advantage of them, it would be a very compelling value proposition.
Their support needs to be improved in terms of turnaround time.
View full review »It's a fantastic product, but there are some things to consider. One is the price. Compared to on-prem solutions, the SaaS model can be expensive.
Price is definitely a concern and needs improvement, especially for the Indian market. While it's a fantastic product, it should be more accessible to small and medium-sized businesses (SMBs).
Currently, only larger enterprises seem to be able to afford and evaluate it thoroughly.
So, pricing can be improved and be more affordable for the Indian market, specifically for SMBs.
Another area of improvement is customer service and support. Tenable needs to include support in the pricing/license. Currently, they push clients to get support from partners or channel distributors, who often charge a lot.
Even for a simple one-time setup, they may charge three to four lakhs, and then additional annual charges for ongoing support. We have the technical skills to handle basic tasks, but relying on Tenable itself often results in just receiving emails or being redirected back to channel partners.
So, support should be bundled with the product cost.
View full review »Buyer's Guide
Tenable Vulnerability Management
February 2024
Learn what your peers think about Tenable Vulnerability Management. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
763,955 professionals have used our research since 2012.
VR
Vinayaka R
Security Analyst at a consultancy with 10,001+ employees
The asset identification has room for improvement. Since we are using a cloud-based scanner, we must scan devices based on their ID. However, we are encountering many issues with reporting. Assets are often being incorrectly merged or we encounter issues related to assets. If we had an agent with a scanning system, this issue may not have occurred, but it currently exists.
The UI has room for improvement. The previous version of the UI was better.
The technical support has room for improvement.
View full review »MM
MatteoMazzei
Security Manager at Yarix S.r.l.
The shortcoming of the solution that needs improvement is related to its capability to do vulnerability assessments on applications.
MC
reviewer1248330
Security Specialist at a security firm with 51-200 employees
I'd like to see them improve their support.
It would be great if there was more integration with other third-party products. They have a robust API, so it's possible to write a script in Python and extend or integrate with another solution, however, will be great if they had this integration automatically.
VS
VishalShah
Senior Information Security Engineer at a consultancy with 5,001-10,000 employees
The solution creates vulnerability tickets within the VM profile but should also include them under the Remediation tab so the fixes can be viewed in the ticketing queue.
Qualys is a competitor product and handles vulnerability tickets in this comprehensive manner.
SP
reviewer2293332
IT Manager at a financial services firm with 1,001-5,000 employees
There is no good work assignment system in the product. Specifically, if an SQL patch needs to be applied, then that needs to go to the SQL team, but Tenable wants to assign the ticket to an individual and not a team.
The reporting was never great in Tenable Vulnerability Management, so, in my company, we imported all the data into Ivanti RiskSense to start using it for reporting.
I believe that Tenable.io is currently the best vulnerability management system. Compared to other vulnerability systems such as Rapid7 InsightVM, I find Tenable.io to be one of the best. However, Tenable.io lacks a platform to exploit or test the vulnerabilities it identifies. For example, if I identify a critical vulnerability, I cannot use Tenable.io to determine the risk of exploitation. Unfortunately, Tenable.io does not have a platform to test this.
The initial setup is complex and has room for improvement.
View full review »The price could be lower, and the grouping of platforms on the dashboard can be included in the next release of the product.
View full review »MC
reviewer1248330
Security Specialist at a security firm with 51-200 employees
They can improve in the area of role management and compliance reporting.
They should include better customization of the dashboard and integration tools.
View full review »HE
HARI EDARA
IT Manager at a government with 1,001-5,000 employees
The one drawback that we have found is the reports. We are still getting reports from Tenable.sc since the maturity levels on the reports are lacking. They need to improve the reporting in this solution. We just aren't seeing that many features or options.
View full review »DK
Donald Koketso
Security engineer at a construction company with 1,001-5,000 employees
The product could be easier to set up on the cloud.
View full review »The solution is a bit slow. It should be faster. They could improve the performance.
View full review »I didn't work a lot with the solution. My experience was pretty smooth. I don't have any recommendations for improvement. Maybe it's because I don't use it a lot.
The only drawback of the solution is that it is expensive. The pricing should be kept lower.
Tenable could improve visibility into assets, including automated asset tagging. You should be able to automatically tag assets based on location, function, ownership, etc. That would help us because we spend a lot of time identifying and tagging assets by hand.
View full review »GK
Ganesh K
IT support at Ganesh
Improvements should be made to the solution to make it easy to use. It's not a user-friendly tool since it has a complicated interface. The solution needs to have a more user-friendly interface.
View full review »The user interface could be improved by being able to change the user interface to fit your position or your job. The graphs are set in stone and you can only print reports.
We'd like to see a bit more user-friendliness. They need to work on that aspect of the solution.
View full review »CL
Carl Lavarro
Cyber Security Associate at a consultancy with 10,001+ employees
They need to have more dependable and faster support.
We'd like them to add more features surrounding the filtering of vulnerabilities. My understanding is that they are working on this already.
View full review »The solution’s pricing could be improved.
View full review »DS
Dapo Salami
Executive Director at Platview Technologies Limited
The response times from the customer service and support team could be improved. Additionally, the pricing could be better.
View full review »The solution must provide penetration testing.
View full review »Tenable.io Vulnerability Management could be improved with an increased number of dashboards and MSSP integration.
View full review »YF
reviewer2298213
Information Security Manager at a international affairs institute with 10,001+ employees
The solution must be promoted more in the market. It will make the customers more aware of the product.
AL
ArchieLin
Director Information Security at Chup
Users get confused between VPR and CVSS ratings.
View full review »I don't recommend Tenable.io Vulnerability Management for web scanning.
View full review »The stability has room for improvement.
View full review »Buyer's Guide
Tenable Vulnerability Management
February 2024
Learn what your peers think about Tenable Vulnerability Management. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
763,955 professionals have used our research since 2012.