Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Visibility / Asset Coverage

Traditional IT Assets

Tenable actively and passively assesses systems, networks and applications to gain unmatched depth and continuous visibility of weaknesses that threaten your security posture.

Modern assets (containers, web apps)

Tenable offers the first and only solution to provide complete visibility of modern assets by combining web application scanning and container security into a unified, easy-to-use cyber-exposure platform.

Limited

Qualys WAS module required for web application scanning; No solution available for containers

Public cloud (ex. AWS)

Tenable delivers comprehensive cloud security through continuous network monitoring based on active vulnerability and compliance scanning, intelligent connectors with instant asset detection, host data analysis, and agent-based scan capabilities. Specifically, Tenable.io incorporates an advanced asset identification algorithm using an extensive set of attributes to accurately track changes to assets, regardless of how they roam or how long they last.

Rapid7 cloud connectors are an API connection from a required on-premises implementation of Nexpose to a cloud environment (eg: AWS)

OT (ICS / SCADA)

Tenable's ability to passively analyze network traffic allows for asset discovery and vulnerability identification on critical infrastructure and embedded systems, such as ICS and SCADA, which require a non-intrusive approach to vulnerability management.

Limited

Limited to active and agent-based scanning; no passive, non-intrusive network monitoring capabilities.

Limited

Limited to active and agent-based scanning; no passive, non-intrusive network monitoring capabilities.

Eliminate blind spots with the industry's broadest asset and vulnerability coverage Try Now

Detection Effectiveness

Active scanning w Scanners and Agents

Tenable on-premises and cloud-based sensors provide active scanning to deliver the broadest coverage of assets and vulnerabilities in the industry. In addition, Tenable provides agent-based scanning to increase scan flexibility (support on- or off-network hosts), reduce network impact, and eliminate the need to manage credentials for vulnerability scanning.

Passive / Continuous scanning

From IT to OT, Nessus Network Monitor which is included with SecurityCenter Continuous View and with Tenable.io, illuminates blind spots so you can see and protect your entire environment. Tenable provides a safe and non-intrusive way to discover and monitor even the most sensitive systems.

No passive network monitoring capabilities.

No passive network monitoring capabilities.

DevOps code scanning

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

No DevOps capabilities.

Limited

Limited DevOps code scanning in InsightAppSec platform and InsightVM. No integration with CI/CD toolchain workflow.

Non-intrusive IoT device monitoring

Tenable provides continuous visibility into the systems running in your environment, including IoT devices, for unmatched asset insight. Pre-built IoT dashboards and reports enable users to quickly assess the assets and risks they pose to their environment.

No IoT device support.

IoT support limited to Metasploit which is intrusive by nature (so problematic for sensitive Operational Technology).

Audit/Configuration checks

Tenable provides more than 450 audit and configuration policies for a wide range of assets, including operating systems, databases, applications, network and virtual infrastructure, sensitive content and anti-virus. Tenable's audit policies have been certified by the Center for Internet Security (CIS).

No IoT device support.

Limited

Rapid7 Nexpose has limited support for CIS Benchmarks and USGCB content for config checks. Less breadth of support across OSes and apps compared to Tenable.

Threat Intelligence / Research

Tenable maintains a world-class research team that tracks the latest vulnerabilities, Internet threats, and compliance standards to ensure our customers have the best possible detection of security issues and regulatory infractions. The Tenable research team provides frequent updates to vulnerability and threat intelligence, advanced analytics, security/compliance policies, in the form of easy to digest dashboards, reports and Assurance Report Cards.

Limited

Supports threat intelligence feeds but has less feeds and not as robust as Tenable.

Limited

Supports threat intelligence feeds but has less feeds and not as robust as Tenable.

Leverage the power of Nessus to accurately detect vulnerabilities and misconfigurations Try Now

Automation

Context-driven analysis

Tenable provides real-time network and host activity monitoring, enabling advanced analysis of vulnerability, threat, network activity, and event information to deliver a continuous view of the security exposure within an environment. The data gathered by Nessus Network Monitor and log collection engine help provide that additional context that point-in-time active scanning alone can't provide.

Limited

3 static ways: 1) Manual tagging 2) Threat Intelligence feed 3) Qualys integration with NopSec provides business/environment context. No real-time detection.

Limited

2 ways: 1) Manual tagging 2) Threat Intelligence feed. No real time detection.

Exposure prioritization

Tenable users can quickly and easily identify the most at-risk systems on their network through customizable, prioritization dashboards. Assets identified as the most vulnerable, most infected with malware, most policy violations, most out of compliance, etc. can be quickly identified to help administrators make the best prioritized decisions about administration and mitigation efforts.

Limited

Requires additional purchase of ThreatProtect module.

2 ways: 1) Manual tagging 2) Threat Intelligence feed. No real time detection.

Remediation actions

Tenable provides users with actionable remediation steps, where available, for identified vulnerabilities.

Requires additional purchase of ThreatProtect module.

2 ways: 1) Manual tagging 2) Threat Intelligence feed. No real time detection.

Ecosystem integration

Tenable provides customers access to rich vulnerability data for better visibility into their risk posture through the Assure partner ecosystem. Tenable delivers a fully documented and easy-to-use application programming interface (API) and software development kit (SDK) to help customers and partners simplify the export and import of vulnerability, asset, threat and other data. In addition, Tenable works closely with technology partners to deliver a wide range of pre-built integrations.

Limited

Less 3rd party integrations than Tenable.

Limited

Less 3rd party integrations than Tenable.

Rich dashboards, prioritization, and integrations help you work more efficiently Try Now

Management and Reporting

Elastic Asset-based licensing model

Tenable's unique asset-based licensing is more flexible than traditional IP-based licensing - it easily accounts for dynamic assets such as containers, and eliminates the double counting that more rigid models impose.

Limited

Qualys asset-based licensing is strictly limited to Qualys' Cloud Agents

Limited

Rapid7's asset-based licensing is strictly limited to Rapid7's Insight Agents.

Implementation models (cloud, on-prem)

Tenable's portfolio includes both cloud and on-premise solutions enabling live discovery of all assets, continuous visibility into the security and exposure of those assets, context to any exposure to prioritize remediation, and strategic insight to create a metrics-driven program where Cyber Exposure is quantified and measured alongside every other business exposure.

Qualys asset-based licensing is strictly limited to Qualys' Cloud Agents

Limited

Rapid7 Nexpose is on-prem only. InsightVM is a hybrid architecture of a cloud-hosted platform which requires an on-prem deployment of Nexpose.

Central, scalable management console

Tenable provides the first and only solution to include management of active and passive sensors, web application scanning, and container security all in an easy-to use, unified management console.

Limited

Qualys has a centralized dashboard with their ThreatProtect module, but it doesn't display web app scanning results. It is sold at an additional cost over their VM module.

Limited

With the introduction of InsightVM, Rapid7 now has a centralized console but since it augments the Nexpose console, it can't be used as a standalone solution.

Customizable dashboards/reports

Tenable offers hundreds of pre-built, highly customizable HTML5-based dashboards and reports to quickly give the visibility and context needed to take decisive action to reduce exposure and risk.

Pre-built dashboards & reporting against compliance frameworks

Tenable automates the assessment of technical controls from ISO/IEC 27001/27002, NIST Cybersecurity Framework, NIST SP 800-171 and CIS Critical Security Controls. Fully-customizable dashboards and reports enables user to measure, visualize, and effectively communicate adherence to these security controls.

Limited

Some compliance frameworks are supported but not as many as Tenable.

Limited

Some compliance frameworks are supported but not as many as in SCCV.

Executive risk reporting (visualization)

Tenable provides numerous executive dashboards, reports, and Assurance Report Cards (ARCs) enabling management to quickly assess the risk to their environment. Tenable executive reporting includes vulnerability information summarized by type, severity, asset, exploitability, and recently remediated to give management a comprehensive risk overview.

Limited

Qualys has exec reports but risk is limited to asset groups and vulnerability severity (CVSS scores)

Services, Training and Support

Tenable offers a number of training and support services, including no-cost, on-demand training, instructor-led and customized training, enterprise (24/7/365) and personalized, premium technical support options, and a wide range of Professional Services from advisory workshops and quick deployment options to periodic health checks and custom services.

Limited

Qualys offers no pro services; provides only no-cost training.

Limited

Rapid7 offers implementation pro services, managed services and 24/7 advanced support but leverages consultants (non-R7 employees) for much of the work

Run anywhere, with the insight you need Try Now

Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.