Tenable SC Room for Improvement

Sr. Principal IT Architect at a manufacturing company with 10,001+ employees
Using the product — especially very early on — even though we have things like prioritization, it can be a little verbose in that there's a lot of information being streamed out of the reports. What would be nice, and maybe we just haven't found it, would be more of an executive-type view. We still expect it to collect all this information, but we would like a feature that would allow us to show it to an executive or a director or someone like that and give them some type of high-level overview but not get into the nitty-gritty. View full review »
Joey Smith
Medical Device Cybersecurity Analyst at a healthcare company with 10,001+ employees
In terms of the reporting, it's good for IT tools, but it doesn't give me contextual insight into what device, what kind of medical equipment it is. And in my world, that's a big deal. That's a con, given what my needs are. We can't integrate it with our biomed database to correlate data. So I can know what vulnerabilities are on it by IP address, but it doesn't tell me what device it is. Is it an MRI or a workstation? Is it the workstation which is running MRI's or is it the one that's just pulling patient images? Things like that are things that I need to know, and usually the tool can't do that in and of itself. With that said, we do have some work toward some other integrations to try to improve some of that. Also, I don't know of a process right now to do what I'll call mass risk-acceptance. I have thousands of devices which allow high and critical vulnerabilities and there's really not much I can do about it. But if we put a firewall in front of it, the risk of the whole device is accepted. I need to be able to accept all those risks in the tool. It's really not easy to do within my workflow at this time. There are ways to get around it, but they're not conducive to what I do in my work. If I want to have a very low-managed scan policy, it's a lot of work to create something which is very basic. If I use a tool like Nmap, all I have to do is download it, install it, type in the command, and it's good to go. In Security Center, I have to go through a lot of work to create a policy that's very basic. Finally, the way we're using it now, for routine scans, it's only good for as long as a device is active on the network. That's one of my biggest concerns at this time: What about the stuff I don't have access to on the network when it runs the scans? View full review »
Justin Kolker
IT Security Specialist at a consultancy with 1,001-5,000 employees
It's good at creating information, it's good creating dashboards, it's good at creating reports, but if you want to take that reporting metadata and put it into another tool, that is a little bit lacking. It does great for things for the API. For instance, if we say, "What vulnerabilities do we have?" or "How many things have we scanned?" those things are great. But if we want to know more trending stuff over time, it can create a chart, but that's in a format which is really difficult to get into another program. Integration into other reporting platforms, or providing more specific scanning program metadata, would be an opportunity. It does have a fully-bolstered API which is available online that you can look at, but it is more aimed at getting more vulnerability information out instead of reporting information out. View full review »
Learn what your peers think about Tenable SC. Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
464,857 professionals have used our research since 2012.
CIO / IT Consultant at RedShift
Parallel scanning would be a nice improvement because it would speed up the detection process. It is not possible to search for vulnerabilities and do compliance checking at the same time. Rather, they are done one after the other. The integration is very good, although it still needs to improve. For example, it would be useful to have better integration with other tools in the space of identity management (IAM). As it is now, integration with new tools has to be developed specifically, so it's not easy. We would like to see better collection capability for external data that will help to improve detection and discovery. View full review »
Program Manager at a tech services company with 201-500 employees
I'm pretty happy with it, but I do see a lot of stuff coming out about risk-based vulnerability management. And so I've been looking at that. I don't think we're using that as of yet and it seems like a newer feature they're talking about a lot that I'm interested in. I will say it's a lot slower compared to an MS scan. It takes so much longer, so the performance could definitely be worked on. There was also an issue with SecurityCenter once where we had agents deployed on each device, and while it was scanning we were collecting the data real time. During this process, we had an enclave that was not submitting. It didn't have the agent installed because it wasn't connected to the enterprise network. They were scanning locally and submitting the scans and we would then upload them into SecurityCenter manually. Each time that there were any duplicates with host names or IPs, or that there were issues with the scanner device with authentication, it failed. But then you scanned it again and it was successful. When you uploaded that, SecurityCenter was counting it as two devices. And when you ran your report for unauthorized devices, even though it was scanned a second time successfully, the first time would show as a failure. So it was throwing off reporting. So we would run a report and say, "Okay, which device has failed scanning with authentication?" And it would give a device and we'd be like, "Well, here's the secondary scan showing that it was successful." And so we were having to manually go in there and delete the failed ones. And that was a pain in the butt. We eventually got that enclave online so we fixed the problem, but I felt that was a limitation of Tenable SecurityCenter that it couldn't see that. View full review »
Senior Information Security Analyst at a financial services firm with 1,001-5,000 employees
The web application scanning area can be improved. A feature that I would like to see is the ability to integrate with exploit tools. View full review »
Presales Engineer at a tech services company with 11-50 employees
I think the company should redo their web page because the way things are now there are a lot of things you can't do. For example, if you want to filter something on the solution and have it filter down to all of your widgets, you can't do it, you have to go from one widget to the other. It takes some time if you have a big customer dashboard that's using some data. I think that the integration with a solution like Jira could be a little bit better for when you create tickets based on your vulnerability. I know they are working on additional features related to the integration with the patch management like Qualys has, which is really amazing. This is the future and I know they're working on it. View full review »
Manoj Nair
Tech Specialist at Select Softwares
We need to give more customer demos and also highlight the strengths of the product that have been developed over a twenty-year period. The vulnerability scan does not work correctly until the access privileges are set by the system administrator. View full review »
IT Consultant - Microsoft Design and Implementation at a tech services company with 1,001-5,000 employees
There should be an easier way to build your own type of reports because the data is there but it is quite painful to get what I want from it. I prefer Tenable SC to other solutions. View full review »
Learn what your peers think about Tenable SC. Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
464,857 professionals have used our research since 2012.