topic Re: Tenable.io vs Security Center in Tech Talk

Tenable.io vs Security Center

Jbayle1 — Mon, 08 Jan 2018 22:30:19 GMT

Hello,

I currently use Nessus Pro for vulnerability scanning and management and I'm looking to add additional reporting and tracking of the history of my hosts to the setup. I've noticed that Nessus Pro greatly lacks any form of reporting and dashboard creation. The two solutions to this appear to be Security Center(on-prem) or Tenable.IO Vulnerability Management (cloud). I'm looking to get some opinions from those that use or have looked into using these two products what seem to be the pros and cons of each.

Cheers,

Josh

Re: Tenable.io vs Security Center

praving5 — Tue, 09 Jan 2018 01:41:32 GMT

Hi Josh, You could look at my company - https://cavirin.com/ We have a strong cloud security, docker security, patch and vulnerability management and DevSecOps. If you are interested, I can get you up to a quick demo. Drop me some detailed information on your requirements at my first name at my company name. Thanks and regards, Pravin Goyal

Re: Tenable.io vs Security Center

jekat — Tue, 09 Jan 2018 14:09:39 GMT

hi,

I am using Nessus Pro as well and fully agree with you, lacking reporting and snap-ins.

We are looking at moving towards Nessus Manager which have much better reporting and snap-ip.

If you need to inspiration, i suggest you to look at the Tenable education site. There are a tons of videos, very well made.

You have video for Nessus pro, manager, Security center and IO ( i think)

/Jesper

Re: Tenable.io vs Security Center

Jbayle1 — Tue, 09 Jan 2018 14:20:50 GMT

Jesper,

Thanks for the tip. I will dig into their education site as part of my research on which tenable product to go with. I have not looked into manager at all so might be worth a look as well.

Cheers,

Josh

Re: Tenable.io vs Security Center

Clayjk — Fri, 12 Jan 2018 03:21:45 GMT

Security Center is the more matured and functional product at this point. IO does look to be the future of their products though as they are pressing hard to convert people to it (and to subscription based liscensing...). We started with SC and recently looked at going IO but from a liscensing an functionality standpoint it wasn’t a good fit for us. I’m sure over more time they will shore up some of the functionality gaps between IO and SC but that may be moot if IO would work for you as is today.

Re: Tenable.io vs Security Center

Jbayle1 — Fri, 12 Jan 2018 15:46:24 GMT

Yeah I think we are leaning towards Tenable.IO over Security Center. SC does appear to be more feature filled then IO. We are looking into pricing for both right now to see where they stack up. That and a good POC will validate that IO can meet the reporting requirements we are looking for.

Thanks for your input.

Cheers,

Josh

Re: Tenable.io vs Security Center

luckydude — Fri, 23 Feb 2018 17:18:15 GMT

I know this thread is a little dated, but I'll give you the rundown of both.

Currently, SC is the more mature product. With SecurityCenter, you have over 350 dashboards and reports, dynamic asset lists, automated events, RBAC, etc. It's downfall is that it's an IP-based model, so if you have DHCP or transient assets then SC will think the asset is a different machine every time it changes IP addresses.

Tenable.IO will one day have most of the functional parity from SC, but it's not there yet. The big advantage is that it uses an Asset based model instead of IP. Every unique asset gets assigned a GUID so it's tracked as the same asset no matter what changes. Tenable.IO also lets you expand into the Container and WAS markets with it's additional modules. If you are coming from Nessus Pro and don't mind your data being in the cloud, Tenable.IO would be my recommendation. I wouldn't send a SC user to T.IO until it's done some more maturing though.

Re: Tenable.io vs Security Center

Jbayle1 — Fri, 23 Feb 2018 22:18:15 GMT

Much appreciated feed back from everyone in this thread. Just to close the loop we did end up going with Security Center over IO specifically because the product is more mature and fits the needs (and cost) we were looking for. After speaking with the rep. it should be semi easy to migrate into IO once it gains more features but SC solved our use cases quite well.

-Josh

Re: Tenable.io vs Security Center

Beads — Mon, 26 Feb 2018 22:11:40 GMT

Agreed Pro feels stripped down since the last maybe two major releases only to expose the flaws in both Pro and .IO in general.

Keep in mind, if not watch a video or two, creating a scanning and reporting routine is first divided into two phases: Object creation and reporting. No longer a one step configuration as happened in the past. The latest reporting is truly worth the effort and cost if your so inclined but setup may take longer than initially expected.

I did break one process with Golden Gate in the

Launching Network Vulnerability Analyzer, a tool for analyzing Nessus scan files.

NVAnalyzer — Sat, 08 Sep 2018 15:57:31 GMT

Network Vulnerability Analyzer (NVA) allows users of the Nessus scanner to combine multiple .nessus files into Composite Scans.

Scans can be composed of .nessus files that are produced from multiple scanner runs.
Fulfilling the needs of an organization to run scans on numerous devices can be very time consuming.
Composite Scans allow an organization to scan subsets of all their devices and start the analysis immediately, while the rest of the devices continue to be scanned.
Each .nessus file produced by scanning a subset of devices can be later added to the Composite Scan.

NVA allows individual Composite Scans to be analyzed and compared.
Scan comparison allows an organization to determine and prove whether security measures are implemented promptly and efficiently, resulting in reducing the number of vulnerabilities.

Reports can be analyzed in tabular and graphic format and can also be exported to various file formats (.xls, .csv, .xml) for further analysis.

To get a quick idea of whether the NVA would benefit your company's needs, create a Demo Account.
This gives you 15 days to play around with the tool and get familiar with its capabilities.
Demo Accounts provide example Composite Scans, Scan Comparisons, and an Admin and non-Admin user.
Demo Accounts are Read-Only.

The content of the .nessuss files are encrypted on load, and resides encrypted in our DB which is running in the Amazon Cloud.

Licensing is based on the number of users that can access NVA at the same time.
There is no limit on the number of devices being scanned.

Monthly and Yearly Subscriptions are available.

Subscription can be canceled at any time and a prorated refund will be issued for the unused portion.

Re: Tenable.io vs Security Center

NVAnalyzer — Sat, 08 Sep 2018 15:58:28 GMT

Check https://nvanalyzer.com for a tool that allows combining Nessus scan files into logical scans, analyzing and comparing them.

Re: Tenable.io vs Security Center

robinfoprotech — Mon, 24 Sep 2018 11:19:18 GMT

Hi, just thought I would add my experience. We started life with Openvas and then added a Nessus Pro when our pen testers started giviing us reports from a Nessus scan. We were using Nessus pro for approx 6 months and exporting the results into Excel with resonable success. We then started to look at Security Center but were guided down the IO route as we were looking at a Siem solution to run alongisde. Tenable IO is a great product and easy to use, you can make API calls into the backend to export results into a SIEM, you can also do the normal export into Excel. The reporting in TIO is ok, I still think it needs work as a lot of the reports are fixed and it lacks the ability to create fully custom reports. I would say you would be best to sign up for a free trial to have a look through the TIO reporting options. Happy to take any futher questions if I can help.

Re: Tenable.io vs Security Center

Elvar — Wed, 26 Sep 2018 12:29:00 GMT

It could be worth your time to take a look at VulnWhisperer (https://github.com/austin-taylor/VulnWhisperer)

It can integrate with various scanners like Nessus, OpenVAS and Qualys. So you can have multiple scanners and view the results in the same interface. The big use case I can see that you can purchase a certified scanner for your internet facing IP addresses while using OpenVAS for your internal environment.

Note that I have not personally tried it yet but I do know the underlying stack it uses (The Elastic Stack) and the reporting and data mining features are solid. Also I am in no way connected to that project, just find the approach to be good.