We just raised a $30M Series A: Read our story

Tenable.io Vulnerability Management Questions

Netanya Carmi
Content Manager
IT Central Station
Nov 24 2021

Which do you use and why?

Jairo Willian PereiraBoth, but I prefer Nessus Pro (costs and you can define out-of-band your better… more »
Dhananjay Naldurgkar
Senior Consultant - Cyber Security Services at Siam City Cement PCL
Sep 16 2021
Hello community professionals, I'm working as a Senior Consultant (Cyber Security Services) at a construction company with 10000+ employees.  I've been researching security-related products (by Tenable) such as: Tenable SC, Tenable.io, Tenable.ep and Tenable.ad, and I'd like to get your piece… (more)

Hello community professionals,

I'm working as a Senior Consultant (Cyber Security Services) at a construction company with 10000+ employees. 

I've been researching security-related products (by Tenable) such as: Tenable SC, Tenable.io, Tenable.ep and Tenable.ad, and I'd like to get your piece of advice about which of them to choose.

Thank you.

(less)
User at DDD
Jul 16 2021

Hi, I'm doing integration between Tenable and ServiceNow and I'm looking for an API for Tenable Connector into ServiceNow.

Does anyone have good recommendations? 

Thank you!

Miriam Tover
Content Specialist
IT Central Station
Aug 10 2021

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Jairo Willian PereiraIMO, the previous version (Nessus) is more interesting in costs for some… more »
Miriam Tover
Content Specialist
IT Central Station
Aug 10 2021

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Julia Frohwein
Content and Social Media Manager
IT Central Station
Jun 09 2021

Hi Everyone,

What do you like most about Tenable.io Vulnerability Management?

Thanks for sharing your thoughts with the community!

Julia Frohwein
Content and Social Media Manager
IT Central Station
Jun 09 2021

Please share with the community what you think needs improvement with Tenable.io Vulnerability Management.

What are its weaknesses? What would you like to see changed in a future version?

Julia Frohwein
Content and Social Media Manager
IT Central Station
Jun 09 2021

If you were talking to someone whose organization is considering Tenable.io Vulnerability Management, what would you say?

How would you rate it and why? Any other tips or advice?

Vulnerability Management Questions
Evgeny Belenky
IT Central Station
Nov 29 2021
Hi security professionals, As the majority of you have probably heard, GoDaddy has been hacked again a few days ago. Based on what is already known, what has been done wrong and what can be done better?  Share your thoughts! (more)

Hi security professionals,

As the majority of you have probably heard, GoDaddy has been hacked again a few days ago.

Based on what is already known, what has been done wrong and what can be done better? 

Share your thoughts!

(less)
Evgeny Belenky
IT Central Station
Nov 22 2021

Hello dear members,

What are the MITRE ATT&CK framework use cases? How can it be integrated/used in an enterprise security strategy?

Jairo Willian PereiraYou can simulate different types of access/attacks using the matrix suggested by… more »
Evgeny Belenky
IT Central Station
Nov 22 2021

Hi peers,

What should one include (essential items) into a Service Level Agreement (SLA) when purchasing cloud penetration testing services? 

Jairo Willian PereiraUsually, CSPs provide a list of what is/isn´t presented in their SLA and… more »
Ram-Chenna
User at FD
Oct 08 2021
Hi peers, We have developed an eCommerce system using the Microsoft Technology Stack.  Now, we would like to perform Vulnerability Assessment and Penetration Testing (VAPT) of this system using a comprehensive tool.  Can anyone recommend a tool that (preferably, an open-source one) to perform… (more)

Hi peers,

We have developed an eCommerce system using the Microsoft Technology Stack. 

Now, we would like to perform Vulnerability Assessment and Penetration Testing (VAPT) of this system using a comprehensive tool. 

Can anyone recommend a tool that (preferably, an open-source one) to perform VAPT on the eCommerce application before releasing it to the client on production?

Thanks for your help!

(less)
Jairo Willian PereiraYou can start with OpenVAS (an excellent tool during "first steps")… more »
Elsayed Ahmed
CIO at AIMS
Nov 24 2021

Hi cybersecurity professionals,

I'm looking for your recommendations about penetration testing tools for SMB/SME. 

What would be your choice? Please share a technical description of why would you choose this tool over others.

Thanks in advance.

Evgeny Belenky
IT Central Station
Jul 28 2021
Hi peers, Which automated tools for penetration testing would you recommend to your colleagues working for enterprises?  Please share 1-3 reasons why you like those tools. (more)

Hi peers,

Which automated tools for penetration testing would you recommend to your colleagues working for enterprises? 

Please share 1-3 reasons why you like those tools.

pentesting automation
(less)
VishalDhamkeThere are many automated DAST & SAST tools but from my perspective, there is no… more »
John RendyHi Evgeny, There is one automated penetration testing tool that performs way… more »
Jairo Willian Pereira
Information Security Manager at a financial services firm with 5,001-10,000 employees
Nov 06 2021
Does anyone have recommendations about methodologies (e.g. use of FAIR framework), plug-ins (ETL schemas, FOSS add-ons) or commercial/free solutions (like Kenna) that can help us during "integration, transformation and consolidation" of vulnerability into risks (from Tenable.IO to Archer)? (more)

Does anyone have recommendations about methodologies (e.g. use of FAIR framework), plug-ins (ETL schemas, FOSS add-ons) or commercial/free solutions (like Kenna) that can help us during "integration, transformation and consolidation" of vulnerability into risks (from Tenable.IO to Archer)?

(less)
James DirksenYes, take a look at DeepSurface. It’s designed to automate the process. 
Stewart GwynClear use with the NIST compliance framework, Archer IRM 6.9.sp3.p2, use of… more »
Rony_Sklar
IT Central Station
Jun 15 2021

Is continuous vulnerability scanning essential? 

Are there other approaches to vulnerability management that do not involve continuous scanning?

George FyffeAs data increasingly moves from on-prem to Public Cloud, we need a complete… more »
Gilbert-KabugiI believe vulnerability scanning is usually a scheduled activity where you can… more »
Jairo Willian PereiraYes, essential*. You can start your program, for example, based on "Internet… more »
Rony_Sklar
IT Central Station
Aug 21 2021

In the past vulnerability assessment has been the primary approach used to detect cyber threats. 

Risk-based vulnerability management has become increasingly popular. 

How do each of these approaches work, and which do you think is more effective?

DavidGilliesAs soon as a vulnerability assessment is complete, it is obsolete. Your… more »
Nikos ChristakisVulnerabiity Assement is a useful process but it's still a snap-shot of your… more »
Paresh MakwanaYOU are right that earlier vulnerability assessment was very basic and done as… more »
Ariel Lindenfeld
Sr. Director of Community
IT Central Station

Let the community know what you think. Share your opinions now!

Fin Nish- Great dashboard - Reporting - Supports multiple formats (PDF, CSV, XML) -… more »
Micheal Iroko-Msc, CISA, CISM, CRISC, COBIT, CEHEnsure compatibility of the vulnerability software to the organization's needs.