Tenable SC Overview

Tenable SC is the #5 ranked solution in our list of top Vulnerability Management tools. It is most often compared to Tenable.io Vulnerability Management: Tenable SC vs Tenable.io Vulnerability Management

What is Tenable SC?

Tenable SC consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture. With SecurityCenter, get the visibility and context you need to effectively prioritize and remediate vulnerabilities, ensure compliance with IT security frameworks, standards and regulations, and take decisive action to ensure the effectiveness of your IT security program and reduce business risk.

Tenable SC is also known as Tenable Unified Security, Tenable SecurityCenter.

Tenable SC Buyer's Guide

Download the Tenable SC Buyer's Guide including reviews and more. Updated: January 2021

Tenable SC Customers

IBM, Sempra Energy, Microsoft, Apple, Adidas, Union Pacific

Tenable SC Video

Pricing Advice

What users are saying about Tenable SC pricing:
  • "We're a Fortune 500 company... our licensing costs [are] in the seven figures."
  • "The pricing is more than Nexpose."
  • "The price can start at €10,000 ($13,000 USD) for between 500 and 1,000 assets, and the price can climb into the millions as more assets are added."
  • "I use a local license to perform penetration testing and I'm pretty happy with everything when it comes to pricing and licensing."
  • "The licensing costs for this solution are approximately $100,000 US, and I think that covers everything."
  • "Costing is pretty reasonable compared to the competition."

Tenable SC Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
reviewer1230882
Sr. Principal IT Architect at a manufacturing company with 10,001+ employees
Real User
Nov 26, 2019
Enables us to centralize and correlate all data and understand where the gaps are in our security posture

What is our primary use case?

Our primary use case is compliance for our audits, for our customers. We were exposed in that we were not meeting contractual obligations. We are monitoring our infrastructure: servers, switches, storage, routers, SAN storage, operating systems, and applications to the extent that the tool is able to see into them. We use it to hit the high ones like Adobe or Microsoft Office and the like. Some of the more niche products that we use may not be in their inventory of vulnerabilities.

Pros and Cons

  • "The predictive prioritization features are pretty good. They do a lot of research and we trust the research that they do internally. They have knowledge of what's going on with many companies, where we only get a view into what's going on here. So the ability to get best practices out of them as part of this solution, is valuable to us."
  • "Tenable also helps us to focus resources on the vulnerabilities that are most likely to be exploited. And since it is continuously updated, it allows us to reevaluate quickly if there are new vulnerabilities found..."
  • "There's a lot of information being streamed out of the reports. What would be nice, and maybe we just haven't found it, would be more of an executive-type view. We still expect it to collect all this information, but we would like a feature that would allow us to show it to an executive or a director or someone like that and give them some type of high-level overview but not get into the nitty-gritty."

What other advice do I have?

Go in with open expectations. Companies don't realize how big their infrastructure really is before they can get a single pane of glass view, which Tenable provides. Don't be disheartened when you run that first scan. It is a process. This is not a sprint, this is a marathon. If you're not willing to invest in this for the long run, then maybe your organization just isn't ready. I don't know how to assess our vulnerability status compared to that of our peers. The defense industry is fairly secretive about what goes on. But I think we're doing the right things. Having the licensing and the…
Joey Smith
Medical Device Cybersecurity Analyst at a healthcare company with 10,001+ employees
Real User
Top 20
Jun 2, 2019
Enables very customized policies to routinely scan, while simultaneously not causing impact

What is our primary use case?

I'm the one who scans and performs assessments on clinical and medical equipment in our environment. I manage the clinical endpoint devices: MRI systems, bedside monitoring, Alaris pumps, fusion pumps, CTUs, EEGs, EKGs, wireless defibrillators, and a lot of IP cameras that are part of operation room labs. My colleague handles all the regular enterprise IT, database servers, etc. From a scanning standpoint, I do everything from discovery scanning to full-credential auditing and anything and everything in between. That's just for the medical space in a 24/7 production medical environment. We're… more »

Pros and Cons

  • "What is useful to me is being able to fulfill very customized scanning policies. In the clinical environment, because of vendor control, we can't perform credential-vulnerability scanning. And network scans, which I've done before, can cause a lot of impact. Being able to create very customized policies to be able to routinely scan and audit our clinical networks, while simultaneously not causing impact, is important to us."
  • "If I want to have a very low-managed scan policy, it's a lot of work to create something which is very basic. If I use a tool like Nmap, all I have to do is download it, install it, type in the command, and it's good to go. In Security Center, I have to go through a lot of work to create a policy that's very basic."

What other advice do I have?

In my type of medical environment, when you get into an operational technology environment, PVS or something that's a passive scanner is more the way to go than something that actively goes out and scans and tries to interrogate endpoints, because that can cause impact. When dealing with the healthcare space or, say, the electrical grid, the consequences can be very widespread or can cause significant impact. Something like PVS is a great idea to look into. If you're scanning operational technology, definitely use connectionless-oriented discovery policies. For example, perform UDP scans…
Learn what your peers think about Tenable SC. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
464,369 professionals have used our research since 2012.
Justin Kolker
IT Security Specialist at a consultancy with 1,001-5,000 employees
Real User
Jul 10, 2019
Automatic scanning distribution and the ability to write custom audit files are distinguishing features

What is our primary use case?

Vulnerability assessment and compliance auditing are our primary use cases. That includes baseline configuration scanning. We use it to protect everything in the enterprise environment: servers, workstations, pretty much all operating systems, networking gear. We are doing cloud and we are doing some IOT. We are not using their web application scanning tool.

Pros and Cons

  • "One of the most valuable features is their distributed scan model for allotting engines to work together as a pool and handle multiple scans at once, across multiple environments. Automatic scanning distribution is a distinguishing feature of their toolset."
  • "It's good at creating information, it's good creating dashboards, it's good at creating reports, but if you want to take that reporting metadata and put it into another tool, that is a little bit lacking."

What other advice do I have?

Make sure that your sizing is done correctly, in terms of the hardware size. When you do buy Tenable, a lot of times you'll use Professional Services to help you implement the tool. Whatever advice Tenable has, listen to it very specifically and also talk to them specifically about what your goals are. Instead of talking tactics, talk about goals. What's going to happen is that they may say "Hey, we're going to do things slightly differently than how you used to do it," but in a lot of instances, they're going to be right. In terms of features that we're looking forward to, VPR is one that…
JoaoManso
CIO / IT Consultant at RedShift
Reseller
Jun 7, 2020
Good dashboards, reporting, and technical support, with a low rate of errors

What is our primary use case?

We are a reseller and Tenable SC is one of the products that we implement for our clients. The primary use case is to check for compliance against a specific framework, like NIST, CIS, or something similar. Tenable will check compliance on the assets against that specific framework and give that visibility to the technical staff, top management, and the risk management team. In turn, this will enable them to evaluate the risk that they are facing for non-compliance issues. The second use case is helping the technical staff that handles updates and upgrades to the operating system. It means… more »

Pros and Cons

  • "This product has the best results in terms of the lowest number of false-positives and false-negatives."
  • "The integration is very good, although it still needs to improve."

What other advice do I have?

My advice for anybody who is implementing this product is to search for a certified partner to help with the process. It's not difficult, but it's very important to have a partner who knows the product well. The first steps in the implementation have to be the correct ones. If not, the product will not achieve the objectives that the company usually needs. It would be wrong for someone that doesn't know the product very well to begin implementing it by themselves. This is the best product that we have found for risk management. I would rate this solution a nine out of ten.
reviewer1468566
Program Manager at a tech services company with 201-500 employees
Real User
Jan 6, 2021
Monitors our whole environment in real time and makes everything more secure

What is our primary use case?

At work we use the enterprise version of Tenable, Tenable.io, and I also use Tenable.sc — which I refer to as SecurityCenter — for local scanning. I use Tenable SecurityCenter every day to scan our entire environment for vulnerabilities. I use a local license during the discovery process for penetration testing. So I'll do an en masse scan, and then also do a scan with Tenable to scan for IPs and vulnerabilities. User-wise, with Tenable SecurityCenter, there's different roles. We have security analysts, admin, etc. I'd say there's probably four or five different roles from people that can just… more »

Pros and Cons

  • "The feature we've liked most recently was being able to take the YARA rules from FireEye and put them into Tenable's scan for the most recent SolarWinds exploit. That was really useful."
  • "I will say it's a lot slower compared to an MS scan. It takes so much longer, so the performance could definitely be worked on."

What other advice do I have?

I can easily recommend Tenable SecurityCenter, and I have nothing really bad to say about it. I think it's a great tool for what it does. I enjoy the webinars, and the people that run the company seem very engaged with what's going on when you're into current events and the overall security climate, and they're continuously looking to improve. I can't speak to every option that they have, but I have no reservations recommending them. I would rate Tenable SecurityCenter an eight out of ten.
SeniorIn3d86
Senior Information Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
May 10, 2019
A scalable solution for detecting and pro-actively mitigating network vulnerabilities

What is our primary use case?

The primary use case is to perform vulnerability assessments across the entire network.

Pros and Cons

  • "I think that this is a good solution for evaluating vulnerability in the network."
  • "The web application scanning area can be improved."

What other advice do I have?

This is a good solution for evaluating vulnerability in the network. It gives wide coverage, and it is able to scan most platforms on the network. I would rate this product an eight out of ten.
reviewer1395987
Presales Engineer at a tech services company with 11-50 employees
Reseller
Sep 10, 2020
Easy to install, very customizable with a lot of templates available; great technical support

What is our primary use case?

I'm a pre-sales engineer and we are resellers of Tenable.

Pros and Cons

  • "Very customizable with a lot of templates."
  • "Current web page needs improvement, slows down processes."

What other advice do I have?

I would definitely recommend the solution but I would tell people that it requires dedicated staff. You need to have someone looking at what's going on when you scan and you need somebody to go through all the results, otherwise it just sits there. I would rate this solution an eight out of 10.
Manoj Nair
Tech Specialist at Select Softwares
Real User
Top 5Leaderboard
Oct 1, 2019
Provides clear and precise vulnerability details with few false positives compared to other solutions

What is our primary use case?

I use this solution to perform vulnerability assessments and then patch my systems using third-party tools. The vulnerability scan is pretty fast and once you give it the right access privileges on the target system, you get very clear and precise details of the vulnerabilities.

Pros and Cons

  • "This solution has a much lower rate of false positives compared to competing products."
  • "The vulnerability scan does not work correctly until the access privileges are set by the system administrator."
See 1 more Tenable SC Reviews
Product Categories
Vulnerability Management
Buyer's Guide
Download our free Tenable SC Report and get advice and tips from experienced pros sharing their opinions.