We used Qualys as an ASV, and Nexpose for all our internal scanning.

We were using one of Tenable's main competitors. There are only a couple. Part of the reason for our switch to Tenable was related to licensing costs. Some of it was related to the speed of updates that we were seeing with plugins, and things of that nature. We found that Tenable was a little bit quicker in rolling out updated plugins, especially for some high-level vulnerabilities which came out. Coincidentally, right around the time of our PoC, there were some of those remote code execution vulnerabilities in WebLogic and a couple of other devices. We found Tenable was just a lot faster delivering updated plugins to detect those than the product we were using before.

In terms of the visibility of Tenable versus our previous solution, they're comparable. We have visibility everywhere that we can reach and scan, that has an IP address.