I have researched other products on the market and by comparison, I would rate Tenable SC a ten out of ten. It still has some features lacking, but it is better than the other solutions that are on the market.

There are positives and negatives, but despite looking at other options, we haven't found anything better suited for us. So, we continue to use it and have plans to keep using it in the near future.

We explored other products, but Tenable was more user-friendly. Tenable has better accuracy, too.

In my own work, I've used some open-source solutions like Nmap. I've messed around with Retina, another open-source solution. Most of the stuff I've used has been freeware, open-source tools. In terms of a commercial competitor, the one I've used most is Nexpose, Rapid7's tool.

One thing I liked about Rapid7 Nexpose, that Security Center does not have, is that when we scheduled scans in Rapid7 Nexpose, there was a graphical calendar that showed when scans are taking place. Security Center doesn't have that. It's a small thing, but it helps to visualize what's happening.

We did two sets of white papers looking at the competition. We did a white paper in 2015 and another one in 2018. We selected Tenable after the 2018 white paper was written.

Between 2015 and 2018, the market had contracted considerably. Many of the products that we evaluated in 2015 had either been bought out by a competitor or just no longer existed. When we looked at it in 2018, Tenable had the strongest pedigree. They also had the ability to scale the deployment, versus some of the other products. 

We looked at Ivanti, which really wasn't designed for vulnerability management; it was a bolt-on. We looked at Qualys. That was too heavy-handed. It was a good product, but there was too much overhead in managing or maintaining that product.

Tenable was the best fit for our needs. Tenable is also the provider for the ACAS solution for the US government. Since the vast majority of our customers are government customers, and our auditors are government officials, it was seen as an easy way to get past an audit, or at least that we would be looked upon favorably.

We did not test any of the competitors. We had done some tests in 2015, but again, many of those competitors were no longer in business or they had been bought out. The other product that made it as a finalist was Qualys, but there was a significant commitment and infrastructure needed. We felt that if that was the minimum just to get it tested, then it was not going to work for us on an enterprise scale.

We evaluated Qualys. It depends on whether you want to do on-prem or in the cloud. Qualys really is a black box. You literally put this thing on your network, you can't touch it, and if you want to do something like troubleshoot, it is just not very friendly from an "if things go wrong" perspective.

Before choosing this solution we evaluated Qualys Labs and Rapid7.

No, I wasn't given the opportunity. SecurityCenter was brought in, vetted, and implemented by a separate team from the one I work with daily.

We just renewed the solution and didn't look into any other product on the market before we did.

We primarily use Tenable SC for vulnerability scanning and did not evaluate other options. This meets our needs.

We evaluated Rapid7 and Qualys before choosing this solution.