TrustRadius: an HG Insights company

Tenable Vulnerability Management

Score9.5 out of 10

64 Reviews and Ratings

Get a Demo

What is Tenable Vulnerability Management?

Vulnerability management specialist Tenable offers their cloud application and container security platform Tenable Web App Scanning (formerly Tenable.io), a vulnerability management tool that emphasizes visibility of web applications, automatic scanning, and a unified view of cloud infrastructure and possible inconsistencies indicating a vulnerability.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features Tenable Vulnerability Management has to offer, as determined by TrustRadius' reviewers.
Based on 64 ratings of Tenable Vulnerability Management's features
View all features

Top Performing Features

  • Network Analytics

    Analyzes various data reports and logs (DNS, firewall, user data, security information etc.) to identify threats in a network.

    Category average: 7.8

  • Threat Recognition

    Detection and recognition of malicious software within a network that could pose a threat to sensitive information.

    Category average: 7.9

  • Vulnerability Classification

    Prioritizing vulnerabilities, to determine which vulnerabilities are most urgent and require a quicker resolution.

    Category average: 8.7

Areas for Improvement

  • Web Scanning

    Specifically scans webpages for potential threats or vulnerabilities.

    Category average: 7.8

  • Threat Intelligence Reporting

    Generates reports that display information on threats (such as name, type, frequency of attack, area affected, etc.)

    Category average: 7.7

  • Automated Alerts and Reporting

    Systems in place to automatically alert, report, or notify of issues that may need timely remediation.

    Category average: 8.1

Reviews

What users are saying about Tenable Vulnerability Management.
View all reviews

Great Vulnerability Management Tool

Incentivized
Verified User
Manager in Information Technology (11-50 employees employees)

Use Cases and Deployment Scope

We use it to comply with essential 8 frameworks. We use it for vulnerability management across multiple clients. We also make use of the MSSP portal. Tenable allows us to reduce our attack surface level and helps to prioritize which vulnerabilities need to be actioned first.

Pros

  • Explain the vulnerability and provide link to how to resolve
  • Display of information
  • Filtering

Cons

  • Better email notification
  • auto remdiation
  • templated client facing reports

Return on Investment

  • it is expensive
  • its a requirement for essential 8
  • easy to use once you understand it

Usability

Other Software Used

DNSFilter, ThreatLocker, usecure uLearn, IT Glue, LastPass for Business

The Cadillac of Vulnerability Management

Incentivized
Randy MunroeView profile
Information Security Analyst in Information Technology at Randall-Reilly (201-500 employees employees)

Use Cases and Deployment Scope

We're using Tenable.io across all IT controlled infrastructure assets to find and patch vulnerabilities. It allows us to find outdated, unsupported and unpatched software no matter the OS or its location(cloud or on-premises.) Once found, it also generally has very easy to follow instructions on remediating the vulnerabilities found.

Pros

  • Scans using on-site and cloud scanners, giving you visibility from different angles.
  • The best in the business when it comes to plugin accuracy and coverage.

Cons

  • Expensive - You do pay a slight premium for the best product in the space.
  • Asset management is difficult to work with if you have a lot of asset turnover, the license can be ''held'' for 3-6 months after the asset is gone from your environment.

Return on Investment

  • We're able to mitigate over 90% of our vulnerability risk without too much effort. It helps find where automated patching fails and we can plan a fix from the findings.
  • A side effect of our scanning reveals new devices on our network that aren't cleared to be.

Alternatives Considered

Qualys Cloud Platform (formerly Qualysguard) and Rapid7 Nexpose

Other Software Used

Elasticsearch, AlienVault USM, KnowBe4, KnowBe4 KCM GRC Platform

Quick Threat Detection with Tenable.io

Incentivized
Verified User
Engineer in Engineering (201-500 employees employees)

Use Cases and Deployment Scope

My organization uses Tenable.io to regularly scan our network for potential vulnerabilities. This helps identify areas where our network might be vulnerable to attack, such as outdated software or misconfigured devices. Once identified, we can use Tenable.io remediation features to fix the vulnerabilities and reduce the risk of a security breach. We also use Tenable.io continuous network monitoring capabilities to monitor the network in real-time for suspicious activity. This helps identify and respond to potential threats as they emerge, allowing us to take action to prevent a security incident.

Pros

  • Wide range of capabilities that can be customized to fit each user's environment and needs
  • Provides high-quality data and insights into detected vulnerabilities
  • Great customer support

Cons

  • Can be difficult to maintain in environments with high asset turnover

Most Important Features

  • Continuous network monitoring
  • Scan scheduling

Return on Investment

  • Allows us to keep all devices up-to-date and avoid major vulnerabilities
  • Quick threat detection and incident response increases device uptime

Other Software Used

Splunk Enterprise Security (ES), Red Hat Ansible Automation Platform, Nessus

All your scanning needs under one roof at a competitive price

Incentivized
Matthew WhiteView profile
Cloud Security Architect/SQL Server DBA in Information Technology at BLUE MOTOR FINANCE LIMITED (51-200 employees employees)

Pros

  • Tenable.io provides predictable and repeatable scanning
  • Tenable.io allows us to do PCI attestation scanning (Tenable.IO is an Approved Scanning Vendor)
  • Tenable.io provides a comprehensive set of features that can be configured in detail to customize scanning requirements

Cons

  • Configuration is not always intuitive, but the comprehensive training and documentation comes to the rescue.
  • The mix of classic and beta UIs currently is confusing and we find the classic UI is actually better.

Return on Investment

  • Negated the need for regular manual scanning
  • Covers reporting requirements to send to managers and for monthly reporting

Alternatives Considered

Qualys Web Application Scanning (WAS) and Acunetix

Other Software Used

AlienVault USM, Trend Micro Deep Security for the Hybrid Cloud, CloudCheckr

Looking for a vulnerability scanner for PCI compliance?

Incentivized
Verified User
Director in Information Technology (201-500 employees employees)

Use Cases and Deployment Scope

We use Tenable to scan our public facing web and VPN infrastructure and e-commerce applications for software and configuration security vulnerabilities. While this is required for PCI compliance, we also have business partners and our Cyber Insurance provider who expect us to maintain a vulnerability management program.

Pros

  • The configuration options for vulnerability scans are very flexible, there are plenty of settings to get scans configured for just about any need.
  • There are also good options for reporting, from PCI compliance reports to executive summaries.
  • An internal network scanner can be linked to and controlled from the cloud portal for a consolidated view of scans and results.

Cons

  • Over the years, Tenable has changed their product names and features a bit too much and every year when I go to renew my licenses, I need to review the different packages and options to ensure I'm actually getting what I think I'm getting.
  • Depending on how you configure scans, sometimes there are an overwhelming number of options and some types of scans have too few... it can be confusing!

Most Important Features

  • We need to maintain PCI compliance so we need a vulnerability scanner, from time to time I look at other options but keep coming back to Tenable.
  • Other than PCI compliance or other compliance requirements, any company which has a public facing internet infrastructure should be doing vulnerability scans on a regular basis so you can expose security issues before someone exploits them and you end up with a data breach!
  • Doing regular vulnerability scans gives us the ability to just pull the latest report summary at any given time and provide it to executive leadership or business partners looking for information about our IT security posture.

Return on Investment

  • Since this is a requirement for our PCI compliance and the cost is relatively low, the ROI isn't really something we need to think too much about, Tenable's pricing is fair and affordable.

Alternatives Considered

Qualys Cloud Platform (formerly Qualysguard)

Other Software Used

KnowBe4 PhishER, Sophos Intercept X, The Okta Identity Cloud