Tenable SC Overview
Tenable SC is the #4 ranked solution in our list of top Vulnerability Management tools. It is most often compared to Tenable.io Vulnerability Management: Tenable SC vs Tenable.io Vulnerability Management
What is Tenable SC?
Tenable SC consolidates and evaluates vulnerability data across the enterprise, prioritizing security risks and providing a clear view of your security posture. With SecurityCenter, get the visibility and context you need to effectively prioritize and remediate vulnerabilities, ensure compliance with IT security frameworks, standards and regulations, and take decisive action to ensure the effectiveness of your IT security program and reduce business risk.
Tenable SC is also known as Tenable Unified Security, Tenable SecurityCenter.
Tenable SC Buyer's Guide
Download the Tenable SC Buyer's Guide including reviews and more. Updated: April 2021
Tenable SC Customers
IBM, Sempra Energy, Microsoft, Apple, Adidas, Union Pacific
Tenable SC Video
What users are saying about Tenable SC pricing:
- "We're a Fortune 500 company... our licensing costs [are] in the seven figures."
- "The pricing is more than Nexpose."
- "The price can start at €10,000 ($13,000 USD) for between 500 and 1,000 assets, and the price can climb into the millions as more assets are added."
- "I use a local license to perform penetration testing and I'm pretty happy with everything when it comes to pricing and licensing."
- Highest Rating
- Lowest Rating
- Review Length
Showingreviews based on the current filters.
Sr. Principal IT Architect at a manufacturing company with 10,001+ employees
Nov 26, 2019
Enables us to centralize and correlate all data and understand where the gaps are in our security posture
What is our primary use case?Our primary use case is compliance for our audits, for our customers. We were exposed in that we were not meeting contractual obligations. We are monitoring our infrastructure: servers, switches, storage, routers, SAN storage, operating systems, and applications to the extent that the tool is able to see into them. We use it to hit the high ones like Adobe or Microsoft Office and the like. Some of the more niche products that we use may not be in their inventory of vulnerabilities.
Pros and Cons
- "The predictive prioritization features are pretty good. They do a lot of research and we trust the research that they do internally. They have knowledge of what's going on with many companies, where we only get a view into what's going on here. So the ability to get best practices out of them as part of this solution, is valuable to us."
- "Tenable also helps us to focus resources on the vulnerabilities that are most likely to be exploited. And since it is continuously updated, it allows us to reevaluate quickly if there are new vulnerabilities found..."
- "There's a lot of information being streamed out of the reports. What would be nice, and maybe we just haven't found it, would be more of an executive-type view. We still expect it to collect all this information, but we would like a feature that would allow us to show it to an executive or a director or someone like that and give them some type of high-level overview but not get into the nitty-gritty."
What other advice do I have?Go in with open expectations. Companies don't realize how big their infrastructure really is before they can get a single pane of glass view, which Tenable provides. Don't be disheartened when you run that first scan. It is a process. This is not a sprint, this is a marathon. If you're not willing to invest in this for the long run, then maybe your organization just isn't ready. I don't know how to assess our vulnerability status compared to that of our peers. The defense industry is fairly secretive about what goes on. But I think we're doing the right things. Having the licensing and the…
Medical Device Cybersecurity Analyst at a healthcare company with 10,001+ employees
Jun 2, 2019
Enables very customized policies to routinely scan, while simultaneously not causing impact
What is our primary use case?I'm the one who scans and performs assessments on clinical and medical equipment in our environment. I manage the clinical endpoint devices: MRI systems, bedside monitoring, Alaris pumps, fusion pumps, CTUs, EEGs, EKGs, wireless defibrillators, and a lot of IP cameras that are part of operation room labs. My colleague handles all the regular enterprise IT, database servers, etc. From a scanning standpoint, I do everything from discovery scanning to full-credential auditing and anything and everything in between. That's just for the medical space in a 24/7 production medical environment. We're… more »
Pros and Cons
- "What is useful to me is being able to fulfill very customized scanning policies. In the clinical environment, because of vendor control, we can't perform credential-vulnerability scanning. And network scans, which I've done before, can cause a lot of impact. Being able to create very customized policies to be able to routinely scan and audit our clinical networks, while simultaneously not causing impact, is important to us."
- "If I want to have a very low-managed scan policy, it's a lot of work to create something which is very basic. If I use a tool like Nmap, all I have to do is download it, install it, type in the command, and it's good to go. In Security Center, I have to go through a lot of work to create a policy that's very basic."
What other advice do I have?In my type of medical environment, when you get into an operational technology environment, PVS or something that's a passive scanner is more the way to go than something that actively goes out and scans and tries to interrogate endpoints, because that can cause impact. When dealing with the healthcare space or, say, the electrical grid, the consequences can be very widespread or can cause significant impact. Something like PVS is a great idea to look into. If you're scanning operational technology, definitely use connectionless-oriented discovery policies. For example, perform UDP scans…
Learn what your peers think about Tenable SC. Get advice and tips from experienced pros sharing their opinions. Updated: April 2021.
501,818 professionals have used our research since 2012.
IT Security Specialist at a consultancy with 1,001-5,000 employees
Jul 10, 2019
Automatic scanning distribution and the ability to write custom audit files are distinguishing features
What is our primary use case?Vulnerability assessment and compliance auditing are our primary use cases. That includes baseline configuration scanning. We use it to protect everything in the enterprise environment: servers, workstations, pretty much all operating systems, networking gear. We are doing cloud and we are doing some IOT. We are not using their web application scanning tool.
Pros and Cons
- "One of the most valuable features is their distributed scan model for allotting engines to work together as a pool and handle multiple scans at once, across multiple environments. Automatic scanning distribution is a distinguishing feature of their toolset."
- "It's good at creating information, it's good creating dashboards, it's good at creating reports, but if you want to take that reporting metadata and put it into another tool, that is a little bit lacking."
What other advice do I have?Make sure that your sizing is done correctly, in terms of the hardware size. When you do buy Tenable, a lot of times you'll use Professional Services to help you implement the tool. Whatever advice Tenable has, listen to it very specifically and also talk to them specifically about what your goals are. Instead of talking tactics, talk about goals. What's going to happen is that they may say "Hey, we're going to do things slightly differently than how you used to do it," but in a lot of instances, they're going to be right. In terms of features that we're looking forward to, VPR is one that…
CIO / IT Consultant at RedShift
Jun 7, 2020
Good dashboards, reporting, and technical support, with a low rate of errors
What is our primary use case?We are a reseller and Tenable SC is one of the products that we implement for our clients. The primary use case is to check for compliance against a specific framework, like NIST, CIS, or something similar. Tenable will check compliance on the assets against that specific framework and give that visibility to the technical staff, top management, and the risk management team. In turn, this will enable them to evaluate the risk that they are facing for non-compliance issues. The second use case is helping the technical staff that handles updates and upgrades to the operating system. It means… more »
Pros and Cons
- "This product has the best results in terms of the lowest number of false-positives and false-negatives."
- "The integration is very good, although it still needs to improve."
What other advice do I have?My advice for anybody who is implementing this product is to search for a certified partner to help with the process. It's not difficult, but it's very important to have a partner who knows the product well. The first steps in the implementation have to be the correct ones. If not, the product will not achieve the objectives that the company usually needs. It would be wrong for someone that doesn't know the product very well to begin implementing it by themselves. This is the best product that we have found for risk management. I would rate this solution a nine out of ten.
Program Manager at a tech services company with 201-500 employees
Real UserTop 10
Jan 6, 2021
Monitors our whole environment in real time and makes everything more secure
What is our primary use case?At work we use the enterprise version of Tenable, Tenable.io, and I also use Tenable.sc — which I refer to as SecurityCenter — for local scanning. I use Tenable SecurityCenter every day to scan our entire environment for vulnerabilities. I use a local license during the discovery process for penetration testing. So I'll do an en masse scan, and then also do a scan with Tenable to scan for IPs and vulnerabilities. User-wise, with Tenable SecurityCenter, there's different roles. We have security analysts, admin, etc. I'd say there's probably four or five different roles from people that can just… more »
Pros and Cons
- "The feature we've liked most recently was being able to take the YARA rules from FireEye and put them into Tenable's scan for the most recent SolarWinds exploit. That was really useful."
- "I will say it's a lot slower compared to an MS scan. It takes so much longer, so the performance could definitely be worked on."
What other advice do I have?I can easily recommend Tenable SecurityCenter, and I have nothing really bad to say about it. I think it's a great tool for what it does. I enjoy the webinars, and the people that run the company seem very engaged with what's going on when you're into current events and the overall security climate, and they're continuously looking to improve. I can't speak to every option that they have, but I have no reservations recommending them. I would rate Tenable SecurityCenter an eight out of ten.
Information Security Analyst at a retailer with 1,001-5,000 employees
Mar 20, 2021
Intuitive with excellent technical support and good stability
What is our primary use case?Essentially we use the solution to monitor hard devices on a network with it. That includes laptops, desktops, tablets, et cetera. I'm just using that to make sure that all of our patching is up to date.
Pros and Cons
- "Their overall cost of service is pretty good."
- "The biggest issue I have with the solution is when I'm using the scanning it picks up the original DNS of that device. That means, before we image it and actually change the DNS to something within our company structure, it'll just be random numbers and letters and Tenable will stick to that DNS for a long time."
What other advice do I have?We are just customers and end-users of the product. If a company does decide to implement the solution, I'd advise working with Tenable engineers during the process, and even afterward, in order to ensure everything is set up appropriately. I'd rate the solution at an eight out of ten We've had a largely very positive experience with the solution so far.
Presales Engineer at a tech services company with 11-50 employees
Sep 10, 2020
Easy to install, very customizable with a lot of templates available; great technical support
What is our primary use case?I'm a pre-sales engineer and we are resellers of Tenable.
Pros and Cons
- "Very customizable with a lot of templates."
- "Current web page needs improvement, slows down processes."
What other advice do I have?I would definitely recommend the solution but I would tell people that it requires dedicated staff. You need to have someone looking at what's going on when you scan and you need somebody to go through all the results, otherwise it just sits there. I would rate this solution an eight out of 10.
Information Security Analyst at a tech services company with 51-200 employees
May 1, 2021
Good reporting, alerting, and filtering capabilities and good integration with multiple vendors
What is our primary use case?We had a requirement to connect multiple branches into one console. We installed Nessus at multiple locations and then connected Nessus. We did the service scan and got the report on the central site with Tenable SC.
Pros and Cons
- "Tenable SC is good for reporting and alerting. The filtering feature is also very valuable. Its integration with multiple vendors is quite good. It can be integrated with SIEM solutions and PAM solutions such as Thycotic, which is very helpful."
- "There is not much room for improvement. However, there should be a guide that describes the step-by-step procedures for doing tasks. Otherwise, training is required from a senior guy to a junior guy."
What other advice do I have?It is a much better solution than other competitors. It provides almost everything that is required in terms of vulnerability management. If you are looking for overall enterprise security in terms of integrations and vulnerability management, you should go for Tenable SC or Tenable SCCV. I would rate Tenable SC a nine out of ten.
See 2 more Tenable SC Reviews
Product CategoriesVulnerability Management
Download our free Tenable SC Report and get advice and tips from experienced pros sharing their opinions.
- Vulnerability Management and Risk Management Integration
- How inadvisable it is to use a single vulnerability analysis tool?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the benefits of continuous scanning for vulnerability management?
- Qualys Vm vs Tenable Nessus: Comparison
- Vulnerability Management and Risk Management Integration