Tenable.io Vulnerability Management
Strengths: Solid vulnerability management solution. Easy to deploy and start scanning in minutes.
Weaknesses: During testing, we ran into a few issues with remote scanner implementation.
Verdict: Tenable has been one of the big names in this space and continues to deliver an amazing solution at a great price.
Tenable's Nessus tool has been a mainstay in the vulnerability space. I haven't met a security professional who hasn't used Nessus at some point in their career. Tenable has continued to evolve their solution and Tenable.io is no different. This solution hosts the management interface in the cloud and leverages agents and remote scanners to find vulnerabilities. With more than 104,000 plugins (checks), Tenable.io covers tens of thousands of unique CVE IDs and Bugtraq IDs for firewalls, operating systems, databases, web applications, virtual and cloud environments and more. To conduct this review, SC Labs utilized a 60-day trial of the Tenable.io vulnerability management tool.
When you log into the cloud-based toolset, you are met with a simply stunning command center; prepare to be dazzled by a dashboard that displays vulnerabilities in a variety of ways. The default dashboard view focuses on vulnerability information, but you can also select from assets, web applications, and health & status centered views.
Based on personal experience from some of the other vulnerability tools, our first test was to try and scan 127.0.0.0/8 and some private address space which was rejected due to internal rules. Next, we scanned a few public IPs belonging to the lab. Setting up these scans was straight-forward and required no prior knowledge of the tool. The folks at Tenable have done a good job of creating scan templates to cover most scenarios, and still allow you to build a custom scan template if you can't find the right fit.
In addition to using the default cloud scanner, users can also link Nessus scanners, NNM (passive traffic listening) scanners, API-driven AWS connectors, and Nessus Agents to Tenable.io. Scanners and agents support Mac, Linux, and Windows operating systems. Each has their uses and were easy to set up and get going. We started off by installing a few agents on separate virtual networks to simulate remote users. The agent scanned the workstation and reported the vulnerabilities. This is a great feature if you have users who are in-and-out of the office and you want to keep an eye on them.
The other solution was the on-site scanner. We downloaded this and then got it installed and functional. We had a bit of issue getting this connected to the cloud scanner. We tried some basic troubleshooting but with no luck. We came back the next morning and to our surprise, it was connected and ready to use.
We then logged into the web interface of the local scanner and were able to set scans up locally as well as in the cloud management interface. If you decide to kick a scan off locally, you will need to export it from the local scanner and import it into the cloud management interface to review the results.
Tenable.io comes with very simple to advanced, compliance-specific scan templates to meet a wide variety of needs. Tenable also provides access to their customer portal and support site which has a solid knowledge base and well-written documentation. Tenable has done a really good job of developing their offerings over the years. Tenable.io is a complete vulnerability management solution that also addresses the modern workplace environment.
- Michael Diehl;
tested by Michael Diehl and Matt Hreben