Fortify by OpenText vs. Tenable Vulnerability Management

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Fortify by OpenText
Score 9.0 out of 10
N/A
An AppSec solution formerly from Micro Focus, spanning SCA, SAST and DAST that supports the breadth and management of any application portfolio, used to secure code. Features API discovery and testing for any application, throughout the software lifecycle.N/A
Tenable Vulnerability Management
Score 9.5 out of 10
N/A
Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable Web App Scanning (formerly Tenable.io), a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicating a vulnerability.N/A
Pricing
Fortify by OpenTextTenable Vulnerability Management
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Fortify by OpenTextTenable Vulnerability Management
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Fortify by OpenTextTenable Vulnerability Management
Features
Fortify by OpenTextTenable Vulnerability Management
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Fortify by OpenText
-
Ratings
Tenable Vulnerability Management
8.4
Ratings
6% above category average
Network Analytics00 Ratings10.00 Ratings
Threat Recognition00 Ratings10.00 Ratings
Vulnerability Classification00 Ratings10.00 Ratings
Automated Alerts and Reporting00 Ratings4.00 Ratings
Threat Analysis00 Ratings10.00 Ratings
Threat Intelligence Reporting00 Ratings5.00 Ratings
Automated Threat Identification00 Ratings10.00 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
Fortify by OpenText
-
Ratings
Tenable Vulnerability Management
8.8
Ratings
8% above category average
IT Asset Realization00 Ratings8.00 Ratings
Authentication00 Ratings10.00 Ratings
Configuration Monitoring00 Ratings8.00 Ratings
Web Scanning00 Ratings8.00 Ratings
Vulnerability Intelligence00 Ratings10.00 Ratings
Best Alternatives
Fortify by OpenTextTenable Vulnerability Management
Small Businesses
GitLab
GitLab
Score 8.7 out of 10
Action1
Action1
Score 9.5 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Action1
Action1
Score 9.5 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Fortify by OpenTextTenable Vulnerability Management
Likelihood to Recommend
9.0
(0 ratings)
10.0
(0 ratings)
Likelihood to Renew
10.0
(0 ratings)
9.0
(0 ratings)
Usability
7.0
(0 ratings)
8.0
(0 ratings)
Support Rating
10.0
(0 ratings)
8.8
(0 ratings)
User Testimonials
Fortify by OpenTextTenable Vulnerability Management
Likelihood to Recommend
I think Micro Focus Fortify WebInspect could fit really any organization well that needs to perform static code analysis on their applications (they do have dynamic scanning but I don't have any experience using it). Different static analysis tools scan code differently, Micro Focus Fortify WebInspect requires you to provide a full build of the application to be submitted with debugging files which could be easy or hard depending on how your organization is building it's apps.
Read full review
Tenable.io is a cost effective Internal and External scanner. The Internal scanner came with a .ova, so it was very simple and quick to deploy it into our ESXi environment. It has a cloud-based dashboard for management and the internal scanner is configured to auto-update from Tenable.io. The license came with 4 External PCI scans (with remediation) a year.
Read full review
Pros
  • prevents malware
  • mitigates risks
  • visibility
  • safety
Read full review
  • Wide range of capabilities that can be customized to fit each user's environment and needs
  • Provides high-quality data and insights into detected vulnerabilities
  • Great customer support
Read full review
Cons
  • It should focus on microservices and develop features
  • Performance need to be improved
  • Multiple apps should be easy to scan in parallel thus saving time
Read full review
  • Configuration is not always intuitive, but the comprehensive training and documentation comes to the rescue.
  • The mix of classic and beta UIs currently is confusing and we find the classic UI is actually better.
Read full review
Likelihood to Renew
Since every firm needs to perform static code analysis on their applications, I believe Micro Focus Fortify WebInspect would work well for them (they also offer dynamic scanning, although I haven't used it myself). Different static analysis tools scan code in different ways, and Micro Focus Fortify WebInspect asks you to submit a complete build of the application along with debugging files. Depending on how your company builds its apps, this requirement may be simple or challenging.
Read full review
We like to renew tenable each year we have had it so far.
Read full review
Usability
It is a cloud-based platform which can provide us a very useful and unique features like Application Assessment, Scans, Vulnerability Test, Comprehensive Reporting, Monitoring, etc. Fortify by Open Text is also outstanding in various parameters for the support and integration and it is highly adaptable in various DevOps Program where you need secure app testing with all given features.
Read full review
Overall it is good, it took a little while to understand it and figure things out but once you have a good grasp on it then, it is very good.
Read full review
Support Rating
Always receive excellent support from the vendor. No issues there.
Read full review
Support is usually really great at walking you through any steps you need to take when you get stuck on something. There are a few false positives and errors that have come up over the years that required their help to get through. Unfortunately, the steps required to diagnose some problems are more tedious than I think should be necessary. (IE: SQL instances can throw errors that clog up your logs because one plugin affects it in a certain way. The process to diagnose this is to watch timestamps of plugins in a log while monitoring the SQL logs at the same time and using your best guess as to what is causing it.)
Read full review
Alternatives Considered
Micro Focus Fortify WebInspect is better when it comes to speed, integration and detection capabilities as compared to Insight Appsec. What I loved the most is the broad coverage of vulnerabilities it identified as against Insight Appsec. Apart from detection capabilities the time taken is also less compared to Insight Appsec. Given the performance of Micro Focus Fortify WebInspect I would strongly recommend to everyone looking for DevSecOps and application security solutions
Read full review
I think Tenable and Qualys have a lot of similarities, I continue to go back to Tenable because of my familiarity and comfort level with it. I've also used a company called SecurityMetrics which has vulnerability scanning included but it is not as comprehensive as Tenable.
Read full review
Return on Investment
  • Good as part of our security suite to help prevent successful attacks.
  • Reporting of defects helps to educate developers.
  • Worth the price we paid.
Read full review
  • We're able to mitigate over 90% of our vulnerability risk without too much effort. It helps find where automated patching fails and we can plan a fix from the findings.
  • A side effect of our scanning reveals new devices on our network that aren't cleared to be.
Read full review
ScreenShots