Why Choose Tenable over Qualys?

September 5, 2013 6:00pm EDT

Are you a current Qualys customer who’s having second thoughts about your deployment?

  • Do you find it difficult to get detailed dashboards and custom reports?
  • Do you spend time manually tracking assets and correlating vulnerabilities across separate modules – Vulnerability Management (VM), Policy Compliance (PC), Web Application Scanning (WAS), Malware Detection Service (MDS), PCI?
  • Are you worried about security and compliance gaps introduced by mobile devices and virtual systems?

Tenable Network Security hosted a webcast highlighting the key capabilities of our vulnerability management platform and the benefits it provides over Qualys. View it to find out why customers choose Tenable over Qualys.

Frequently Asked Questions (FAQs)

PVS

What is the different between PVS and IDS or IPS?

PVS looks for vulnerabilities not attack signatures.

Does PVS use snort to "find" things?

No.

Log Correlation

Does the log correlation engine have any alert capabilities?

Yes, full alerting is available in the SC console against vulnerabilities and events.

Or can it alert on an intrusion attempt directly correlated with a vulnerable host?

LCE provides IDS correlation on known vulnerabilities.

Auditing/Compliance

Can you do a DISA STIG audit on a Cisco NX-OS device?

We can audit Cisco, but we are not aware of a NX-OS STIG.

What types of compliance checks do you have for PCI?

We have PCI specific audit templates, as well as numerous benchmarks that PCI reference, to include CIS benchmarks.

Integration

Reporting

If I have a SIEM and EGRC what value add does tenable security center reporting bring?

Since SIEMs and GRCs are broad in scope, SC provides reporting on vulnerability and compliance data with much more granularity and insight.

Outside of the reports, how hard is it to pull the raw data out of Tenable?

.nessus and CSV exports are available in SecurityCenter. There is also a full XML-based API.

How easy is it to customize reports?

All reporting is fully customizable through the GUI with simple drag and drop actions.

Security

Can you explain why you should be careful of prioritizing by exploitability?

Exploit frameworks are capable of exploiting only a very small subset of vulnerabilities. Since advanced threats go well beyond what is available in exploit frameworks, they should not be blindly used for prioritization.

You said you trend exploitable vulnerabilities. Are you really just trending on vulnerabilities that have exploits associated, or is actually exploitable vulnerabilities in the specific environment you are scanning (i.e. what if there is a firewall or IDS in my environment that prevents a vulnerability from being exploited).

Both. Exploitable vulnerabilities could be combined with attack path analysis for the latter.

How do you account for DHCP?

Scans can be setup for DHCP tracking, which looks beyond IP address to associate targets.

How do you determine exploitability?

Tenable research tracks several sources for exploit information, which is included in the feed.

Upgrades/Version

How much time does it take to upgrade to a new version?

Upgrades are minimal, usually in under 30 minutes.

What version of SecurityCenter is that?

Some screenshots showed SecurityCenter 4.7, which shipped early this month.

One thing cool that I think qualys does, is upgrade the scanner centrally. Like plugins, seamlessly upgrade not only plugins but upgrade the scanner to newer releases. This was a problem with Nessus, accessing local system and copying over install files to then upgrade to newer versions. Is this in the roadmap?

All plugins are updated centrally. Nessus upgrades are command-line driven, but there are several 3rd party solutions available to assist if this is a problem.

Deployment

Training

Speakers: 
Jack Daniel, Product Manager, Tenable Network Security
Paul Crutchfield, Director of Sales Engineering, Tenable Network Security

Download Webcast