I recommend Tenable Security Center, particularly if the pricing can be adjusted to compete better in regions like Central Eastern Europe. I would rate it 9.6 or 9.8 out of 10, as it needs minor improvements, particularly in localization and report flexibility in the age of AI. Overall, I rate the solution 9.8 out of 10.
IT Helpdesk at a manufacturing company with 51-200 employees
Real User
Top 5
2024-11-14T13:17:45Z
Nov 14, 2024
I rate Tenable Security Center ten out of ten. ManageEngine is also rated ten out of ten as it served different scopes and provided essential patch management features.
Cyber Security Charter Engineer at Banglalink Digital Communications
Real User
Top 20
2024-10-18T09:24:00Z
Oct 18, 2024
Proper configuration and automation are key to success with Tenable Security Center. Automating vulnerability scans and notifications can significantly reduce manual repetitive tasks, leading to better efficiency and time management. I'd rate the solution nine out of ten.
Tenable supports integrations with tools like Jira and Symantec, which are relatively easy to implement. However, when it comes to other cloud services beyond AWS and Azure, such as Oracle, support is less robust. Personal or niche cloud platforms may not receive adequate support. There's a significant distinction between agent-based and non-agent-based approaches in Tenable's solutions. Agent-based scanning requires installation akin to antivirus software on servers, whereas non-agent-based methods operate differently. This difference impacts reporting and usability, particularly evident in Google Cloud environments where agent-based scanning is mandated. Accessing and managing Tenable is straightforward for administrators, but specialist knowledge may be necessary for certain configurations or troubleshooting. Small-scale businesses implementing Tenable Security Center may find it cost-prohibitive compared to Tenable.io for cloud solutions, which offers more affordable options and promotions. Overall, I rate the solution a nine out of ten.
I don't use the product for compliance support. In terms of the product's valuable feature for threat detection, I would say that the solution's reporting overview in the dashboard is nice. The prioritization of vulnerabilities in the tool is very nice. The real-time monitoring capabilities of the product are very useful for our company, as they help us to be more in control and interact more actively. The tool's dashboard and reporting capabilities match our company's needs since we are able to modify the basic view to create a new dashboard, and it works out very well for our needs. Speaking about how Tenable Security Center's integration capabilities with other tools have affected our company's security operations, I would say that I have very little experience with the integration part, but from what I can see in the product's documentation and description, it can be really well-integrated with a lot of systems, like service desk in ServiceNow and other security vendors, which is good for our company. I can say that the integration capabilities of the product are good. I would definitely recommend the product to those who plan to use it. I rate the tool a nine out of ten.
It is very difficult to manage internal servers from the server team. You should go for the cloud if you want to manage any extra hardware or VM. We were able to integrate with other security solutions, like SIEM, and activate monitoring. There were no challenges in integrating it. However, it doesn't support all types of SIEMs except major SIEMs like IBM QRadar and Splunk. I recommend first configuring your alert monitoring system and doing the configuration with the advice of OEM support staff. It's very easy to use. If you want to compare it with other solutions, you can use the beta version or demo version, and you will be confident and strong and use it happily and without any pain. Overall, I rate the solution a nine out of ten.
I would rate the product a nine out of ten. I would advise to focus on partner relationship development and enablement. If your partner is not confident enough or they are not getting training or direct channel attachments, then it becomes difficult for System Integrator professionals.
The product helps with web application security. I advise others to use Tenable IO and NAS, especially in regions with specific data protection regulations like GDPR and PDPA. I rate it a nine out of ten.
Information Security Engineer at Nhq Distribution Ltd
Real User
Top 5
2023-08-28T08:39:37Z
Aug 28, 2023
Two or three engineers in my company are involved in the maintenance of the solution. I recommend the solution to those planning to use it. I rate the overall product an eight out of ten.
I would suggest running a proof of concept to evaluate the product's suitability. Test it on a smaller scale over a period of one to two months to see how it works. It's essential to assess whether the solution aligns with the organization's specific needs. Our approach involves using agent-based scanning, but this varies based on individual requirements. Be aware of the network "noise" it might produce. Default scanning intensity might be too much and you might need to alter it in order to prevent network problems (DoS yourself). My advice would be to give it a trial run before committing. It's hard to tell if it fits without firsthand experience. Additionally, the fact that Nessus, the scanning component of the security center, has been around for decades and even had open-source iterations in the early 2000s provides some confidence in its longevity and reliability. However, for newcomers, I would recommend testing it out on a smaller scale before making a decision. Overall, I would rate the solution a seven out of ten.
I would rate the tool an eight out of ten. The tool has community support. From my experience of using the solution, I would recommend it to anyone looking to use it.
Sr. Director - Group Head - IT Security (CISO) at Jubilant Organosys Ltd., India, Leading Chemical M
Real User
2023-03-14T11:43:20Z
Mar 14, 2023
I rate Tenable.sc seven out of 10. I typically recommend Tenable.io instead, but Tenable.sc is an option if data regulations require you to use a private cloud or on-prem infrastructure.
Technical Consultant at a tech consulting company with 51-200 employees
Real User
Top 20
2022-10-20T13:17:53Z
Oct 20, 2022
We sell Tenable. I'm using something around version five. I have installed the demo version of it in my Docker. The product really stands out in comparison to the competition. However, the price tag is a bit on the higher. I would advise new users to scan all assets and grab the results and set up all security postures and do stats for mitigating those attacks which are critical. For the first time, I would recommend they go for the critical and high vulnerabilities first in order to mitigate effectively very early on. I'd rate the solution nine out of ten.
Technical Consultant at a tech consulting company with 51-200 employees
Real User
Top 20
2022-10-20T13:17:53Z
Oct 20, 2022
We sell Tenable. I'm using something around version five. I have installed the demo version of it in my Docker. The product really stands out in comparison to the competition. However, the price tag is a bit on the higher. I would advise new users to scan all assets and grab the results and set up all security postures and do stats for mitigating those attacks which are critical. For the first time, I would recommend they go for the critical and high vulnerabilities first in order to mitigate effectively very early on. I'd rate the solution nine out of ten.
Senior Cybersecurity Consultant at a tech services company with 11-50 employees
Consultant
2022-10-10T12:08:00Z
Oct 10, 2022
For anyone considering implementing Tenable.sc into their organization, I would recommend that they have the proper design of the solution and the proper placement of the scanners before implementing the solution. Tenable is a good product, I have no concerns with it as a solution. I rate this product a nine out of ten overall.
I would give the product an overall rating of nine out of 10. The product is a very good solution. I would advise potential users to look at other solutions. The product is our second solution, and we are happy that it meets our requirements.
I would give the product an overall rating of nine out of 10. The product is a very good solution. I would advise potential users to look at other solutions. The product is our second solution, and we are happy that it meets our requirements.
The rule is always garbage in, garbage out. Be sure to configure the solution well and take advantage of technical support to understand how things should work. Mistakes are made when people assume they know how to do things. I believe in using technical support to confirm the process and ensure everything is done correctly. I rate the solution a ten out of ten.
Tenable SC is suitable for medium and large companies, but it's not feasible for small ones. If you're in the US, I advise buying services from Tenable to implement the system instead of trying to implement it yourself. There are always some tricks that come with knowledge of the product that will make for a faster and better installation. Similarly, if you're in EMEA or Asia, please choose a good integrator. I would give Tenable SC a rating of nine out of ten.
Tenable SC is suitable for medium and large companies, but it's not feasible for small ones. If you're in the US, I advise buying services from Tenable to implement the system instead of trying to implement it yourself. There are always some tricks that come with knowledge of the product that will make for a faster and better installation. Similarly, if you're in EMEA or Asia, please choose a good integrator. I would give Tenable SC a rating of nine out of ten.
Information Security Officer at SEG Automotive Germany, GmbH
Real User
2022-07-26T10:24:53Z
Jul 26, 2022
I like this tool a lot but I work in the security area, so my concerns are always about security and how we can increase the security of everything that we have. It's important to be cautious about who gets access to what. I rate this solution eight out of 10.
I rate Tenable SC nine out of 10. It needs some improvements in the reporting engine and training. For example, I need the ability to easily check what happened on Tenable specific dates.
The size of our customers run the gamut, from small medium to large, in certain cases exceeding 5,000 IPs. I would definitely recommend the solution. I rate Tenable SC as an eight-plus out of ten.
The size of our customers run the gamut, from small medium to large, in certain cases exceeding 5,000 IPs. I would definitely recommend the solution. I rate Tenable SC as an eight-plus out of ten.
Information Security Analyst at a tech services company with 51-200 employees
Real User
2021-04-28T20:32:08Z
Apr 28, 2021
It is a much better solution than other competitors. It provides almost everything that is required in terms of vulnerability management. If you are looking for overall enterprise security in terms of integrations and vulnerability management, you should go for Tenable SC or Tenable SCCV. I would rate Tenable SC a nine out of ten.
Information Security Analyst at a tech services company with 51-200 employees
Real User
2021-04-28T20:32:08Z
Apr 28, 2021
It is a much better solution than other competitors. It provides almost everything that is required in terms of vulnerability management. If you are looking for overall enterprise security in terms of integrations and vulnerability management, you should go for Tenable SC or Tenable SCCV. I would rate Tenable SC a nine out of ten.
Information Security Analyst at a retailer with 1,001-5,000 employees
Real User
2021-03-19T15:13:43Z
Mar 19, 2021
We are just customers and end-users of the product. If a company does decide to implement the solution, I'd advise working with Tenable engineers during the process, and even afterward, in order to ensure everything is set up appropriately. I'd rate the solution at an eight out of ten We've had a largely very positive experience with the solution so far.
Program Manager at a tech services company with 201-500 employees
Real User
2021-01-06T08:10:07Z
Jan 6, 2021
I can easily recommend Tenable SecurityCenter, and I have nothing really bad to say about it. I think it's a great tool for what it does. I enjoy the webinars, and the people that run the company seem very engaged with what's going on when you're into current events and the overall security climate, and they're continuously looking to improve. I can't speak to every option that they have, but I have no reservations recommending them. I would rate Tenable SecurityCenter an eight out of ten.
Program Manager at a tech services company with 201-500 employees
Real User
2021-01-06T08:10:07Z
Jan 6, 2021
I can easily recommend Tenable SecurityCenter, and I have nothing really bad to say about it. I think it's a great tool for what it does. I enjoy the webinars, and the people that run the company seem very engaged with what's going on when you're into current events and the overall security climate, and they're continuously looking to improve. I can't speak to every option that they have, but I have no reservations recommending them. I would rate Tenable SecurityCenter an eight out of ten.
Presales Engineer at a tech services company with 11-50 employees
Reseller
2020-09-08T09:10:01Z
Sep 8, 2020
I would definitely recommend the solution but I would tell people that it requires dedicated staff. You need to have someone looking at what's going on when you scan and you need somebody to go through all the results, otherwise it just sits there. I would rate this solution an eight out of 10.
My advice for anybody who is implementing this product is to search for a certified partner to help with the process. It's not difficult, but it's very important to have a partner who knows the product well. The first steps in the implementation have to be the correct ones. If not, the product will not achieve the objectives that the company usually needs. It would be wrong for someone that doesn't know the product very well to begin implementing it by themselves. This is the best product that we have found for risk management. I would rate this solution a nine out of ten.
IT Consultant - Microsoft Design and Implementation at a tech services company with 1,001-5,000 employees
Consultant
2020-04-06T08:22:00Z
Apr 6, 2020
Nessus is for a single company and tenable SC is for when you've got multiple repositories. SC is the same as Nessus, except it's got central logging. It's the same thing. For large widespread companies, you use SC, if you're a small to medium-sized company, you use Nessus. I would rate it an eight out of ten. Not a ten because of the reporting. It needs improvement.
Sr. Principal IT Architect at a manufacturing company with 10,001+ employees
Real User
2019-11-14T06:34:00Z
Nov 14, 2019
Go in with open expectations. Companies don't realize how big their infrastructure really is before they can get a single pane of glass view, which Tenable provides. Don't be disheartened when you run that first scan. It is a process. This is not a sprint, this is a marathon. If you're not willing to invest in this for the long run, then maybe your organization just isn't ready. I don't know how to assess our vulnerability status compared to that of our peers. The defense industry is fairly secretive about what goes on. But I think we're doing the right things. Having the licensing and the investment that we put in place puts us ahead in the industry. I can only really speak for myself, but I think that we are doing the right things, and investing the right dollar. And if our competitors are doing that, good for them. If not, I wish they would. Security Center is generally run by either the information security manager or the information security officer. There are a few dozen people who have access to it and their roles would be two-fold: There are the lower-level, cybersecurity folks who are dealing with it on a day-to-day basis. And there are the more managerial types who would be getting reports and making decisions off of it. Lastly, the general IT staff would be using the reports or the remediation recommendations for making changes to their environment. For deployment and maintenance of the solution we don't need that many. We had Professional Services in and we added a team of four to the Professional Services engineer to help us get it stood up over those two weeks. In terms of ongoing support of the solution, we have one or two people who are tasked with updating the vulnerability database and verifying scans and the like. But it's not overly burdensome. They are information security officers or cybersecurity specialists. I would rate Security Center at eight out of ten. First, it's a little heavy-handed for us from a licensing perspective and second, there are some features and functionality that we'd like to see in the future which would make it more user-friendly for non-technical or more managerial types. It seems that the product is really written for technologists, especially on the reporting side.
IT Security Specialist at a consultancy with 1,001-5,000 employees
Real User
2019-06-30T10:29:00Z
Jun 30, 2019
Make sure that your sizing is done correctly, in terms of the hardware size. When you do buy Tenable, a lot of times you'll use Professional Services to help you implement the tool. Whatever advice Tenable has, listen to it very specifically and also talk to them specifically about what your goals are. Instead of talking tactics, talk about goals. What's going to happen is that they may say "Hey, we're going to do things slightly differently than how you used to do it," but in a lot of instances, they're going to be right. In terms of features that we're looking forward to, VPR is one that we're going to start using more. And they also recently had a SAML integration for single sign-on. That was a new feature in 5.9. Overall, Tenable is easily a nine out of ten. It's not a ten because there is no perfect tool out there, and Tenable SecurityCenter does have its limitations.
Medical Device Cybersecurity Analyst at a healthcare company with 5,001-10,000 employees
Real User
2019-05-30T08:12:00Z
May 30, 2019
In my type of medical environment, when you get into an operational technology environment, PVS or something that's a passive scanner is more the way to go than something that actively goes out and scans and tries to interrogate endpoints, because that can cause impact. When dealing with the healthcare space or, say, the electrical grid, the consequences can be very widespread or can cause significant impact. Something like PVS is a great idea to look into. If you're scanning operational technology, definitely use connectionless-oriented discovery policies. For example, perform UDP scans instead of TCP scans. From my experience, TCP scans have definitely brought down systems. When it comes to insight, it helps but, the way we're using it now, scans only pick up what's active on the network, while the scan is occurring. For my environment, I perform most of my scans overnight, so I'm missing a lot of stuff that is used during the day in the clinical environment. That includes point-of-care devices, ultrasonography, and some other stuff. I don't scan the networks during the day, for the most part, so I do miss a lot of that stuff. PVS, the passive scanner, would pick up on a lot of that. When talking about actually detecting intrusion, I think it would be more powerful if we're able to get it deployed everywhere. Two people in our organization actively use it for a lot of scanning. Some of the other security guys use it, but for the most part, it's just my colleague and I who use it. I have my scheduled, routine scans that run automatically and there are the scans I schedule for overnight. I run discovery scans daily. I run my vulnerability audit scans every other month. I'm doing the RDP scans now. I log into it daily and I run scans in it several times a week manually, outside of the scheduled scans. I use it heavily. Right now there is just one person who manages the solution. I handle some of the PVS stuff but it's my colleague who is running the show. Overall, I would give Security Center a nine out of ten. Of all the tools I've used, when it comes to managing the vulnerabilities and risks of a whole enterprise environment, I don't think I've used a better tool than Security Center. The reason I say nine and not a ten, is because I like to have a lot of control. When I use a Nmap, I'm able to write my own scripts. Security Center has a lot of that built-in, but I feel like there's very deep and more granular control once you know how to use some of the open-source tools out there.
Assistant Manager - Cyber & Cloud Security at a financial services firm with 1,001-5,000 employees
Real User
2019-05-09T13:12:00Z
May 9, 2019
This is a good solution for evaluating vulnerability in the network. It gives wide coverage, and it is able to scan most platforms on the network. I would rate this product an eight out of ten.
Information Security Expert at a comms service provider with 5,001-10,000 employees
Real User
2018-12-13T11:34:00Z
Dec 13, 2018
Before, just preparing the monthly scans alone would take us about two weeks to set up. Then, we would have to wait for at least another two weeks for those assessments to be done, for the scanning to be done, and then it will take us about another two weeks to generate the report before we can send them out to the system owners. That's the reason why those were our main drivers, as well, for us to push the use of the Tenable Security Center as a self-service platform to the system owners. The quick turnaround time in terms of generating reports and sending them out to the respective system owners is significant.
Senior Manager, IT Security at a financial services firm with 5,001-10,000 employees
Real User
2018-10-28T09:33:00Z
Oct 28, 2018
If you are considering a product like this, you must take into account and properly plan, scope, and scan. You need to know how to properly place your scanners and how to schedule automatic scans. You need to properly schedule your scans, so for example you don't need to scan your data center during that day when your business is most active, you can schedule your scans to run in the middle of the night, when your systems are least active. If you wake up on LAN, then you can even scan clients during the night. You schedule wake up on LAN, your boxes are woken up on LAN, then the scanning is run, and then the boxes are shut down once the scan is over. So that's proper scoping and planning with this solution.
Network Security Analyst at Arkansas Department of Finance and Administration
User
2018-03-12T13:28:00Z
Mar 12, 2018
Know what you're getting into, and know the difference between security compliance suites and SIEM suites. The two are very different, which is why I'm very unhappy using SecurityCenter, because it's been forced upon me as a replacement for a product that it doesn't even compete with.
Get a risk-based view of your IT, security and compliance posture so you can quickly identify, investigate and prioritize your most critical assets and vulnerabilities.
Managed on-premises and powered by Nessus technology, the Tenable Security Center (formerly Tenable.sc) suite of products provides the industry’s most comprehensive vulnerability coverage with real-time continuous assessment of your network. It’s your complete end-to-end vulnerability management solution.
I recommend Tenable Security Center, particularly if the pricing can be adjusted to compete better in regions like Central Eastern Europe. I would rate it 9.6 or 9.8 out of 10, as it needs minor improvements, particularly in localization and report flexibility in the age of AI. Overall, I rate the solution 9.8 out of 10.
I rate Tenable Security Center ten out of ten. ManageEngine is also rated ten out of ten as it served different scopes and provided essential patch management features.
Proper configuration and automation are key to success with Tenable Security Center. Automating vulnerability scans and notifications can significantly reduce manual repetitive tasks, leading to better efficiency and time management. I'd rate the solution nine out of ten.
Tenable supports integrations with tools like Jira and Symantec, which are relatively easy to implement. However, when it comes to other cloud services beyond AWS and Azure, such as Oracle, support is less robust. Personal or niche cloud platforms may not receive adequate support. There's a significant distinction between agent-based and non-agent-based approaches in Tenable's solutions. Agent-based scanning requires installation akin to antivirus software on servers, whereas non-agent-based methods operate differently. This difference impacts reporting and usability, particularly evident in Google Cloud environments where agent-based scanning is mandated. Accessing and managing Tenable is straightforward for administrators, but specialist knowledge may be necessary for certain configurations or troubleshooting. Small-scale businesses implementing Tenable Security Center may find it cost-prohibitive compared to Tenable.io for cloud solutions, which offers more affordable options and promotions. Overall, I rate the solution a nine out of ten.
I don't use the product for compliance support. In terms of the product's valuable feature for threat detection, I would say that the solution's reporting overview in the dashboard is nice. The prioritization of vulnerabilities in the tool is very nice. The real-time monitoring capabilities of the product are very useful for our company, as they help us to be more in control and interact more actively. The tool's dashboard and reporting capabilities match our company's needs since we are able to modify the basic view to create a new dashboard, and it works out very well for our needs. Speaking about how Tenable Security Center's integration capabilities with other tools have affected our company's security operations, I would say that I have very little experience with the integration part, but from what I can see in the product's documentation and description, it can be really well-integrated with a lot of systems, like service desk in ServiceNow and other security vendors, which is good for our company. I can say that the integration capabilities of the product are good. I would definitely recommend the product to those who plan to use it. I rate the tool a nine out of ten.
It is very difficult to manage internal servers from the server team. You should go for the cloud if you want to manage any extra hardware or VM. We were able to integrate with other security solutions, like SIEM, and activate monitoring. There were no challenges in integrating it. However, it doesn't support all types of SIEMs except major SIEMs like IBM QRadar and Splunk. I recommend first configuring your alert monitoring system and doing the configuration with the advice of OEM support staff. It's very easy to use. If you want to compare it with other solutions, you can use the beta version or demo version, and you will be confident and strong and use it happily and without any pain. Overall, I rate the solution a nine out of ten.
I rate Tenable Security Center a five out of ten.
I would rate the product a nine out of ten. I would advise to focus on partner relationship development and enablement. If your partner is not confident enough or they are not getting training or direct channel attachments, then it becomes difficult for System Integrator professionals.
The product helps with web application security. I advise others to use Tenable IO and NAS, especially in regions with specific data protection regulations like GDPR and PDPA. I rate it a nine out of ten.
We are satisfied with the solution. Overall, I rate the product a nine out of ten.
Two or three engineers in my company are involved in the maintenance of the solution. I recommend the solution to those planning to use it. I rate the overall product an eight out of ten.
I would suggest running a proof of concept to evaluate the product's suitability. Test it on a smaller scale over a period of one to two months to see how it works. It's essential to assess whether the solution aligns with the organization's specific needs. Our approach involves using agent-based scanning, but this varies based on individual requirements. Be aware of the network "noise" it might produce. Default scanning intensity might be too much and you might need to alter it in order to prevent network problems (DoS yourself). My advice would be to give it a trial run before committing. It's hard to tell if it fits without firsthand experience. Additionally, the fact that Nessus, the scanning component of the security center, has been around for decades and even had open-source iterations in the early 2000s provides some confidence in its longevity and reliability. However, for newcomers, I would recommend testing it out on a smaller scale before making a decision. Overall, I would rate the solution a seven out of ten.
I am dealing with the latest version of the solution. It's a very good product to use. Overall, I rate the product a nine out of ten.
My recommendation is to stick with the data scanning tool and not worry about downloading the other features. I rate this solution nine out of 10.
I would rate the tool an eight out of ten. The tool has community support. From my experience of using the solution, I would recommend it to anyone looking to use it.
I rate Tenable.sc seven out of 10. I typically recommend Tenable.io instead, but Tenable.sc is an option if data regulations require you to use a private cloud or on-prem infrastructure.
I would give Tenable.sc a rating of eight out of ten.
We sell Tenable. I'm using something around version five. I have installed the demo version of it in my Docker. The product really stands out in comparison to the competition. However, the price tag is a bit on the higher. I would advise new users to scan all assets and grab the results and set up all security postures and do stats for mitigating those attacks which are critical. For the first time, I would recommend they go for the critical and high vulnerabilities first in order to mitigate effectively very early on. I'd rate the solution nine out of ten.
We sell Tenable. I'm using something around version five. I have installed the demo version of it in my Docker. The product really stands out in comparison to the competition. However, the price tag is a bit on the higher. I would advise new users to scan all assets and grab the results and set up all security postures and do stats for mitigating those attacks which are critical. For the first time, I would recommend they go for the critical and high vulnerabilities first in order to mitigate effectively very early on. I'd rate the solution nine out of ten.
For anyone considering implementing Tenable.sc into their organization, I would recommend that they have the proper design of the solution and the proper placement of the scanners before implementing the solution. Tenable is a good product, I have no concerns with it as a solution. I rate this product a nine out of ten overall.
I would rate Tenable eight out of ten.
I would rate Tenable eight out of ten.
I would give the product an overall rating of nine out of 10. The product is a very good solution. I would advise potential users to look at other solutions. The product is our second solution, and we are happy that it meets our requirements.
I would give the product an overall rating of nine out of 10. The product is a very good solution. I would advise potential users to look at other solutions. The product is our second solution, and we are happy that it meets our requirements.
The rule is always garbage in, garbage out. Be sure to configure the solution well and take advantage of technical support to understand how things should work. Mistakes are made when people assume they know how to do things. I believe in using technical support to confirm the process and ensure everything is done correctly. I rate the solution a ten out of ten.
I rate Tenable.sc nine out of ten.
I would recommend this solution to others. I rate Tenable SC an eight out of ten.
I would recommend this solution to others. I rate Tenable SC an eight out of ten.
Tenable SC is suitable for medium and large companies, but it's not feasible for small ones. If you're in the US, I advise buying services from Tenable to implement the system instead of trying to implement it yourself. There are always some tricks that come with knowledge of the product that will make for a faster and better installation. Similarly, if you're in EMEA or Asia, please choose a good integrator. I would give Tenable SC a rating of nine out of ten.
Tenable SC is suitable for medium and large companies, but it's not feasible for small ones. If you're in the US, I advise buying services from Tenable to implement the system instead of trying to implement it yourself. There are always some tricks that come with knowledge of the product that will make for a faster and better installation. Similarly, if you're in EMEA or Asia, please choose a good integrator. I would give Tenable SC a rating of nine out of ten.
I like this tool a lot but I work in the security area, so my concerns are always about security and how we can increase the security of everything that we have. It's important to be cautious about who gets access to what. I rate this solution eight out of 10.
I rate Tenable SC nine out of 10. It needs some improvements in the reporting engine and training. For example, I need the ability to easily check what happened on Tenable specific dates.
I rate Tenable SC an eight out of ten.
I rate Tenable SC an eight out of ten.
I would rate the solution as a nine out of ten.
I would rate the solution as a nine out of ten.
This is a good solution for what I use it for. I would recommend it to others. I rate Tenable SC a seven out of ten.
This is a good solution for what I use it for. I would recommend it to others. I rate Tenable SC a seven out of ten.
I would say there are approximately 30 users in our organization using the Tenable SC product.
It has been good so far. I would rate it an eight out of 10.
It has been good so far. I would rate it an eight out of 10.
I would rate it a seven out of ten.
I would rate it a seven out of ten.
Tenable SC is without a doubt a good choice. I would rate Tenable SC a nine out of ten.
Tenable SC is without a doubt a good choice. I would rate Tenable SC a nine out of ten.
The size of our customers run the gamut, from small medium to large, in certain cases exceeding 5,000 IPs. I would definitely recommend the solution. I rate Tenable SC as an eight-plus out of ten.
The size of our customers run the gamut, from small medium to large, in certain cases exceeding 5,000 IPs. I would definitely recommend the solution. I rate Tenable SC as an eight-plus out of ten.
It is a much better solution than other competitors. It provides almost everything that is required in terms of vulnerability management. If you are looking for overall enterprise security in terms of integrations and vulnerability management, you should go for Tenable SC or Tenable SCCV. I would rate Tenable SC a nine out of ten.
It is a much better solution than other competitors. It provides almost everything that is required in terms of vulnerability management. If you are looking for overall enterprise security in terms of integrations and vulnerability management, you should go for Tenable SC or Tenable SCCV. I would rate Tenable SC a nine out of ten.
We are just customers and end-users of the product. If a company does decide to implement the solution, I'd advise working with Tenable engineers during the process, and even afterward, in order to ensure everything is set up appropriately. I'd rate the solution at an eight out of ten We've had a largely very positive experience with the solution so far.
I can easily recommend Tenable SecurityCenter, and I have nothing really bad to say about it. I think it's a great tool for what it does. I enjoy the webinars, and the people that run the company seem very engaged with what's going on when you're into current events and the overall security climate, and they're continuously looking to improve. I can't speak to every option that they have, but I have no reservations recommending them. I would rate Tenable SecurityCenter an eight out of ten.
I can easily recommend Tenable SecurityCenter, and I have nothing really bad to say about it. I think it's a great tool for what it does. I enjoy the webinars, and the people that run the company seem very engaged with what's going on when you're into current events and the overall security climate, and they're continuously looking to improve. I can't speak to every option that they have, but I have no reservations recommending them. I would rate Tenable SecurityCenter an eight out of ten.
I would definitely recommend the solution but I would tell people that it requires dedicated staff. You need to have someone looking at what's going on when you scan and you need somebody to go through all the results, otherwise it just sits there. I would rate this solution an eight out of 10.
My advice for anybody who is implementing this product is to search for a certified partner to help with the process. It's not difficult, but it's very important to have a partner who knows the product well. The first steps in the implementation have to be the correct ones. If not, the product will not achieve the objectives that the company usually needs. It would be wrong for someone that doesn't know the product very well to begin implementing it by themselves. This is the best product that we have found for risk management. I would rate this solution a nine out of ten.
Nessus is for a single company and tenable SC is for when you've got multiple repositories. SC is the same as Nessus, except it's got central logging. It's the same thing. For large widespread companies, you use SC, if you're a small to medium-sized company, you use Nessus. I would rate it an eight out of ten. Not a ten because of the reporting. It needs improvement.
Go in with open expectations. Companies don't realize how big their infrastructure really is before they can get a single pane of glass view, which Tenable provides. Don't be disheartened when you run that first scan. It is a process. This is not a sprint, this is a marathon. If you're not willing to invest in this for the long run, then maybe your organization just isn't ready. I don't know how to assess our vulnerability status compared to that of our peers. The defense industry is fairly secretive about what goes on. But I think we're doing the right things. Having the licensing and the investment that we put in place puts us ahead in the industry. I can only really speak for myself, but I think that we are doing the right things, and investing the right dollar. And if our competitors are doing that, good for them. If not, I wish they would. Security Center is generally run by either the information security manager or the information security officer. There are a few dozen people who have access to it and their roles would be two-fold: There are the lower-level, cybersecurity folks who are dealing with it on a day-to-day basis. And there are the more managerial types who would be getting reports and making decisions off of it. Lastly, the general IT staff would be using the reports or the remediation recommendations for making changes to their environment. For deployment and maintenance of the solution we don't need that many. We had Professional Services in and we added a team of four to the Professional Services engineer to help us get it stood up over those two weeks. In terms of ongoing support of the solution, we have one or two people who are tasked with updating the vulnerability database and verifying scans and the like. But it's not overly burdensome. They are information security officers or cybersecurity specialists. I would rate Security Center at eight out of ten. First, it's a little heavy-handed for us from a licensing perspective and second, there are some features and functionality that we'd like to see in the future which would make it more user-friendly for non-technical or more managerial types. It seems that the product is really written for technologists, especially on the reporting side.
Make sure that your sizing is done correctly, in terms of the hardware size. When you do buy Tenable, a lot of times you'll use Professional Services to help you implement the tool. Whatever advice Tenable has, listen to it very specifically and also talk to them specifically about what your goals are. Instead of talking tactics, talk about goals. What's going to happen is that they may say "Hey, we're going to do things slightly differently than how you used to do it," but in a lot of instances, they're going to be right. In terms of features that we're looking forward to, VPR is one that we're going to start using more. And they also recently had a SAML integration for single sign-on. That was a new feature in 5.9. Overall, Tenable is easily a nine out of ten. It's not a ten because there is no perfect tool out there, and Tenable SecurityCenter does have its limitations.
In my type of medical environment, when you get into an operational technology environment, PVS or something that's a passive scanner is more the way to go than something that actively goes out and scans and tries to interrogate endpoints, because that can cause impact. When dealing with the healthcare space or, say, the electrical grid, the consequences can be very widespread or can cause significant impact. Something like PVS is a great idea to look into. If you're scanning operational technology, definitely use connectionless-oriented discovery policies. For example, perform UDP scans instead of TCP scans. From my experience, TCP scans have definitely brought down systems. When it comes to insight, it helps but, the way we're using it now, scans only pick up what's active on the network, while the scan is occurring. For my environment, I perform most of my scans overnight, so I'm missing a lot of stuff that is used during the day in the clinical environment. That includes point-of-care devices, ultrasonography, and some other stuff. I don't scan the networks during the day, for the most part, so I do miss a lot of that stuff. PVS, the passive scanner, would pick up on a lot of that. When talking about actually detecting intrusion, I think it would be more powerful if we're able to get it deployed everywhere. Two people in our organization actively use it for a lot of scanning. Some of the other security guys use it, but for the most part, it's just my colleague and I who use it. I have my scheduled, routine scans that run automatically and there are the scans I schedule for overnight. I run discovery scans daily. I run my vulnerability audit scans every other month. I'm doing the RDP scans now. I log into it daily and I run scans in it several times a week manually, outside of the scheduled scans. I use it heavily. Right now there is just one person who manages the solution. I handle some of the PVS stuff but it's my colleague who is running the show. Overall, I would give Security Center a nine out of ten. Of all the tools I've used, when it comes to managing the vulnerabilities and risks of a whole enterprise environment, I don't think I've used a better tool than Security Center. The reason I say nine and not a ten, is because I like to have a lot of control. When I use a Nmap, I'm able to write my own scripts. Security Center has a lot of that built-in, but I feel like there's very deep and more granular control once you know how to use some of the open-source tools out there.
This is a good solution for evaluating vulnerability in the network. It gives wide coverage, and it is able to scan most platforms on the network. I would rate this product an eight out of ten.
Before, just preparing the monthly scans alone would take us about two weeks to set up. Then, we would have to wait for at least another two weeks for those assessments to be done, for the scanning to be done, and then it will take us about another two weeks to generate the report before we can send them out to the system owners. That's the reason why those were our main drivers, as well, for us to push the use of the Tenable Security Center as a self-service platform to the system owners. The quick turnaround time in terms of generating reports and sending them out to the respective system owners is significant.
If you are considering a product like this, you must take into account and properly plan, scope, and scan. You need to know how to properly place your scanners and how to schedule automatic scans. You need to properly schedule your scans, so for example you don't need to scan your data center during that day when your business is most active, you can schedule your scans to run in the middle of the night, when your systems are least active. If you wake up on LAN, then you can even scan clients during the night. You schedule wake up on LAN, your boxes are woken up on LAN, then the scanning is run, and then the boxes are shut down once the scan is over. So that's proper scoping and planning with this solution.
Know what you're getting into, and know the difference between security compliance suites and SIEM suites. The two are very different, which is why I'm very unhappy using SecurityCenter, because it's been forced upon me as a replacement for a product that it doesn't even compete with.