Please share with the community what you think needs improvement with Tenable SecurityCenter Continuous View.
What are its weaknesses? What would you like to see changed in a future version?
One area which is missing is cloud security because there are a lot of configurations. Rapid7 has a product called a DV cloud. I would like to have a similar kind of solution and feature.
There are two areas that have room for improvement. One is account lockouts; we have had some issues with that. Part of it could just be the way we've handled it, but if we're scanning a large section of the network, and we end up with an account lockout, we can't do authenticated scans. That scan will just continue executing, even without credentials and that makes it difficult to figure things out. Where did it fail? Which ones were fully scanned? Which ones weren't fully scanned? We'd like the ability to only do authenticated scans, so if there's an authentication failure perhaps the scan stops. Or we'd like to have some way to recover scanned data. We export that scanned data to another tool and that's where things start breaking down, because it doesn't know. It sees that it was an authenticated scan, but half the hosts might not have been authenticated to. That may be specific to our use case, to a certain degree. The other area for improvement is that in specific vulnerability occurrences we would like a little more support for various operational needs. There are certain things that might be false positives. There are certain circumstances where they may have found a vulnerable service and they just removed the service completely from the device because nobody was using it. There's no way to go into SecurityCenter and mark it, to say, "This is no longer an issue. It doesn't exist anymore." Or, "The risk was accepted for one year, so let's not report it as a 'high' until that one-year period is done." The handling of operational flow around vulnerability management could be improved.
One thing that is missing from the Predictive Prioritization is some extra context. I've given this feedback to their engineering leadership. What's missing is integrating with certain data sources like the CMDB. If you knew a given asset was supporting a Tier-1 application, you would naturally rate the vulnerability on that asset higher than you would that same vulnerability on an asset that's in a protected enclave. There are other areas with room for improvement. When it comes to traditional network-based vulnerability assessment Tenable is, hands-down, the best solution. I'm highly confident in that statement. When it comes to some of the other areas they have ventured into, like dynamic application scanning, I think they are lagging behind the curve. They have a lackluster solution, to the point where I think they need to determine, as a company, whether or not that's a space they even want to play in. And if they want to play in that space, they need a significant investment in it. In the container space, they are not really viewed as a market leader yet. I think they've got a way to go in container vulnerability management. There are a bunch of other solutions out there, like Anchor, that a lot of folks use. That's definitely an area of opportunity. Also, you see a bunch of other technologies that lay on top of platforms such as Tenable for risk prioritization. Tenable is dabbling in that with their Predictive Prioritization, dabbling in ranking solutions. That needs to be a continued focus. I think there is a lot of opportunity there, and it has gone down a good path, but that needs to be a continued focus. The difficulty with that is that it's limited. When you look at an enterprise vulnerability management program, Tenable's solutions aren't going to cover every aspect. If you think about the SDLC, aside from some of their container scanning, they don't really have much embedded in the SDLC. You're going to have a bunch of different types of scanning that all need to come together to effectively rank your priorities, or the solutions that need to be implemented. Tenable is really just looking at one piece, which is primarily your operating system, databases, and middleware. They're not really looking at any of the applications.
What do you like most about Tenable SecurityCenter Continuous View?
Thanks for sharing your thoughts with the community!