We just raised a $30M Series A: Read our story
2018-03-12T13:28:00Z

What needs improvement with Tenable SC?

63

Please share with the community what you think needs improvement with Tenable SC.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
1515 Answers

author avatar
Top 5LeaderboardReal User

Internal ticketing systems require improvement. The GUI could be improved to have all concerns and priorities use the same GUI, allowing them to see all tickets, assign vulnerabilities, and assign variation failures to each member of their team.

2021-10-05T10:32:10Z
author avatar
Top 20Reseller

Everything in life has room for improvement. While I consider the solution to perform as it should, most customers, for the wrong reasons, wish for it to have the penetration testing capabilities. This is not a problem with the product, but with the demands of the customer and I remain uncertain if I can meet these. The pricing is reasonable, but this could be brought down more aggressively, such as we see with Rapid7, Tenable SC's main competitor.

2021-09-06T14:05:31Z
author avatar
Real User

There is not much room for improvement. However, there should be a guide that describes the step-by-step procedures for doing tasks. Otherwise, training is required from a senior guy to a junior guy.

2021-04-28T20:32:08Z
author avatar
Top 20Real User

I'm pretty happy with it, but I do see a lot of stuff coming out about risk-based vulnerability management. And so I've been looking at that. I don't think we're using that as of yet and it seems like a newer feature they're talking about a lot that I'm interested in. I will say it's a lot slower compared to an MS scan. It takes so much longer, so the performance could definitely be worked on. There was also an issue with SecurityCenter once where we had agents deployed on each device, and while it was scanning we were collecting the data real time. During this process, we had an enclave that was not submitting. It didn't have the agent installed because it wasn't connected to the enterprise network. They were scanning locally and submitting the scans and we would then upload them into SecurityCenter manually. Each time that there were any duplicates with host names or IPs, or that there were issues with the scanner device with authentication, it failed. But then you scanned it again and it was successful. When you uploaded that, SecurityCenter was counting it as two devices. And when you ran your report for unauthorized devices, even though it was scanned a second time successfully, the first time would show as a failure. So it was throwing off reporting. So we would run a report and say, "Okay, which device has failed scanning with authentication?" And it would give a device and we'd be like, "Well, here's the secondary scan showing that it was successful." And so we were having to manually go in there and delete the failed ones. And that was a pain in the butt. We eventually got that enclave online so we fixed the problem, but I felt that was a limitation of Tenable SecurityCenter that it couldn't see that.

2021-01-06T08:10:07Z
author avatar
Reseller

I think the company should redo their web page because the way things are now there are a lot of things you can't do. For example, if you want to filter something on the solution and have it filter down to all of your widgets, you can't do it, you have to go from one widget to the other. It takes some time if you have a big customer dashboard that's using some data. I think that the integration with a solution like Jira could be a little bit better for when you create tickets based on your vulnerability. I know they are working on additional features related to the integration with the patch management like Qualys has, which is really amazing. This is the future and I know they're working on it.

2020-09-08T09:10:01Z
author avatar
Top 20Reseller

Parallel scanning would be a nice improvement because it would speed up the detection process. It is not possible to search for vulnerabilities and do compliance checking at the same time. Rather, they are done one after the other. The integration is very good, although it still needs to improve. For example, it would be useful to have better integration with other tools in the space of identity management (IAM). As it is now, integration with new tools has to be developed specifically, so it's not easy. We would like to see better collection capability for external data that will help to improve detection and discovery.

2020-06-04T09:41:24Z
author avatar
Top 20Consultant

There should be an easier way to build your own type of reports because the data is there but it is quite painful to get what I want from it. I prefer Tenable SC to other solutions.

2020-04-06T08:22:00Z
author avatar
Real User

Using the product — especially very early on — even though we have things like prioritization, it can be a little verbose in that there's a lot of information being streamed out of the reports. What would be nice, and maybe we just haven't found it, would be more of an executive-type view. We still expect it to collect all this information, but we would like a feature that would allow us to show it to an executive or a director or someone like that and give them some type of high-level overview but not get into the nitty-gritty.

2019-11-14T06:34:00Z
author avatar
Top 5LeaderboardReal User

We need to give more customer demos and also highlight the strengths of the product that have been developed over a twenty-year period. The vulnerability scan does not work correctly until the access privileges are set by the system administrator.

2019-09-20T05:17:00Z
author avatar
Real User

It's good at creating information, it's good creating dashboards, it's good at creating reports, but if you want to take that reporting metadata and put it into another tool, that is a little bit lacking. It does great for things for the API. For instance, if we say, "What vulnerabilities do we have?" or "How many things have we scanned?" those things are great. But if we want to know more trending stuff over time, it can create a chart, but that's in a format which is really difficult to get into another program. Integration into other reporting platforms, or providing more specific scanning program metadata, would be an opportunity. It does have a fully-bolstered API which is available online that you can look at, but it is more aimed at getting more vulnerability information out instead of reporting information out.

2019-06-30T10:29:00Z
author avatar
Real User

In terms of the reporting, it's good for IT tools, but it doesn't give me contextual insight into what device, what kind of medical equipment it is. And in my world, that's a big deal. That's a con, given what my needs are. We can't integrate it with our biomed database to correlate data. So I can know what vulnerabilities are on it by IP address, but it doesn't tell me what device it is. Is it an MRI or a workstation? Is it the workstation which is running MRI's or is it the one that's just pulling patient images? Things like that are things that I need to know, and usually the tool can't do that in and of itself. With that said, we do have some work toward some other integrations to try to improve some of that. Also, I don't know of a process right now to do what I'll call mass risk-acceptance. I have thousands of devices which allow high and critical vulnerabilities and there's really not much I can do about it. But if we put a firewall in front of it, the risk of the whole device is accepted. I need to be able to accept all those risks in the tool. It's really not easy to do within my workflow at this time. There are ways to get around it, but they're not conducive to what I do in my work. If I want to have a very low-managed scan policy, it's a lot of work to create something which is very basic. If I use a tool like Nmap, all I have to do is download it, install it, type in the command, and it's good to go. In Security Center, I have to go through a lot of work to create a policy that's very basic. Finally, the way we're using it now, for routine scans, it's only good for as long as a device is active on the network. That's one of my biggest concerns at this time: What about the stuff I don't have access to on the network when it runs the scans?

2019-05-30T08:12:00Z
author avatar
Real User

The web application scanning area can be improved. A feature that I would like to see is the ability to integrate with exploit tools.

2019-05-09T13:12:00Z
author avatar
Real User

One of the challenges that we may have experienced with that platform would be the flexibility of how to modify or create. They have this configuration compliance audit function, so if ever an organization has their own configuration standards that should be set on their servers, you have to modify those plugins in Tenable for it to match the specific values that you are looking for when you perform the configuration assessment on your equipment. It is a small challenge because it uses regular expressions on their plugins and so we are having a hard time either creating a blank template from scratch. We usually base our compliance audit plugin on an existing one and then modify the values or describe whatever is not up to our standards. A good plugin editor is an additional option for the Security Center.

2018-12-13T11:34:00Z
author avatar
Real User

In terms of the configuration of the reports, there's some level of flexibility that we are not able to achieve. In terms of configuring the reports to achieve certain percentages and all of that. So, that's really the main thing I've noticed. But, apart from that, I think it's one of the best vulnerability management tools I've used, in terms of giving us the full visibility into the environment.

2018-10-28T09:33:00Z
author avatar
User

Security Center's vulnerability scanners are excellent in terms of compliance reporting, and the dashboards certainly seem to make the less technical of our staff all starry-eyed, but to be honest, I find SecurityCenter to be lacking in too many ways where my usage of it has been concerned. Dashboards, to me, are much less interesting than a powerful and flexible query engine, and that's an area where I find SecurityCenter most lacking.

2018-03-12T13:28:00Z
Learn what your peers think about Tenable SC. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,305 professionals have used our research since 2012.