Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Visibility / Asset Coverage

Traditional IT Assets

Tenable actively and passively assesses systems, networks and applications to gain unmatched depth and continuous visibility of weaknesses that threaten your security posture.

Modern assets (containers, web apps)

Tenable offers the first and only solution to provide complete visibility of modern assets by combining web application scanning and container security into a unified, easy-to-use cyber-exposure platform.

Limited

Qualys WAS module required for web application scanning; No solution available for containers

Limited

Retina supports web app scanning but doesn't support containers.

Public cloud (ex. AWS)

Tenable delivers comprehensive cloud security through continuous network monitoring based on active vulnerability and compliance scanning, intelligent connectors with instant asset detection, host data analysis, and agent-based scan capabilities. Specifically, Tenable.io incorporates an advanced asset identification algorithm using an extensive set of attributes to accurately track changes to assets, regardless of how they roam or how long they last.

Rapid7 cloud connectors are an API connection from a required on-premises implementation of Nexpose to a cloud environment (eg: AWS)

Limited

BeyondInsight supports discovery of assets and vuln scanning in AWS.

OT (ICS / SCADA)

Tenable's ability to passively analyze network traffic allows for asset discovery and vulnerability identification on critical infrastructure and embedded systems, such as ICS and SCADA, which require a non-intrusive approach to vulnerability management.

Limited

Limited to active and agent-based scanning; no passive, non-intrusive network monitoring capabilities.

Limited

Limited to active and agent-based scanning; no passive, non-intrusive network monitoring capabilities.

Limited

Limited to active and agent-based scanning; no passive, non-intrusive network monitoring capabilities.

Detection Effectiveness

Active scanning w Scanners and Agents

Tenable on-premises and cloud-based sensors provide active scanning to deliver the broadest coverage of assets and vulnerabilities in the industry. In addition, Tenable provides agent-based scanning to increase scan flexibility (support on- or off-network hosts), reduce network impact, and eliminate the need to manage credentials for vulnerability scanning.

Limited

BeyondTrust Retina agents only support Windows

Passive / Continuous scanning

From IT to OT, Nessus Network Monitor which is included with SecurityCenter Continuous View and with Tenable.io, illuminates blind spots so you can see and protect your entire environment. Tenable provides a safe and non-intrusive way to discover and monitor even the most sensitive systems.

No passive network monitoring capabilities.

No passive network monitoring capabilities.

Limited

No passive network monitoring capabilities.

DevOps code scanning

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

No DevOps capabilities.

Limited

Limited DevOps code scanning in InsightAppSec platform and InsightVM. No integration with CI/CD toolchain workflow.

No DevOps capabilities.

Non-intrusive IoT device monitoring

Tenable provides continuous visibility into the systems running in your environment, including IoT devices, for unmatched asset insight. Pre-built IoT dashboards and reports enable users to quickly assess the assets and risks they pose to their environment.

No IoT device support.

IoT support limited to Metasploit which is intrusive by nature (so problematic for sensitive Operational Technology).

No IoT device support.

Audit/Configuration checks

Tenable provides more than 450 audit and configuration policies for a wide range of assets, including operating systems, databases, applications, network and virtual infrastructure, sensitive content and anti-virus. Tenable's audit policies have been certified by the Center for Internet Security (CIS).

No IoT device support.

Limited

Rapid7 Nexpose has limited support for CIS Benchmarks and USGCB content for config checks. Less breadth of support across OSes and apps compared to Tenable.

No IoT device support.

Threat Intelligence / Research

Tenable maintains a world-class research team that tracks the latest vulnerabilities, Internet threats, and compliance standards to ensure our customers have the best possible detection of security issues and regulatory infractions. The Tenable research team provides frequent updates to vulnerability and threat intelligence, advanced analytics, security/compliance policies, in the form of easy to digest dashboards, reports and Assurance Report Cards.

Limited

Supports threat intelligence feeds but has less feeds and not as robust as Tenable.

Limited

Supports threat intelligence feeds but has less feeds and not as robust as Tenable.

Limited

Supports threat intelligence feeds but has less feeds and not as robust as Tenable.

Automation

Context-driven analysis

Tenable provides real-time network and host activity monitoring, enabling advanced analysis of vulnerability, threat, network activity, and event information to deliver a continuous view of the security exposure within an environment. The data gathered by Nessus Network Monitor and log collection engine help provide that additional context that point-in-time active scanning alone can't provide.

Limited

3 static ways: 1) Manual tagging 2) Threat Intelligence feed 3) Qualys integration with NopSec provides business/environment context. No real-time detection.

Limited

2 ways: 1) Manual tagging 2) Threat Intelligence feed. No real time detection.

Limited

BeyondInsight supports a threat intelligence feed

Exposure prioritization

Tenable users can quickly and easily identify the most at-risk systems on their network through customizable, prioritization dashboards. Assets identified as the most vulnerable, most infected with malware, most policy violations, most out of compliance, etc. can be quickly identified to help administrators make the best prioritized decisions about administration and mitigation efforts.

Limited

Requires additional purchase of ThreatProtect module.

2 ways: 1) Manual tagging 2) Threat Intelligence feed. No real time detection.

Limited

BeyondInsight supports some compliance frameworks that display vulns found against those frameworks for prioritization.

Remediation actions

Tenable provides users with actionable remediation steps, where available, for identified vulnerabilities.

Requires additional purchase of ThreatProtect module.

2 ways: 1) Manual tagging 2) Threat Intelligence feed. No real time detection.

BeyondInsight supports some compliance frameworks that display vulns found against those frameworks for prioritization.

Ecosystem integration

Tenable provides customers access to rich vulnerability data for better visibility into their risk posture through the Assure partner ecosystem. Tenable delivers a fully documented and easy-to-use application programming interface (API) and software development kit (SDK) to help customers and partners simplify the export and import of vulnerability, asset, threat and other data. In addition, Tenable works closely with technology partners to deliver a wide range of pre-built integrations.

Limited

Less 3rd party integrations than Tenable.

Limited

Less 3rd party integrations than Tenable.

Limited

Less 3rd party integrations than Tenable.

Management and Reporting

Elastic Asset-based licensing model

Tenable's unique asset-based licensing is more flexible than traditional IP-based licensing - it easily accounts for dynamic assets such as containers, and eliminates the double counting that more rigid models impose.

Limited

Qualys asset-based licensing is strictly limited to Qualys' Cloud Agents

Limited

Rapid7's asset-based licensing is strictly limited to Rapid7's Insight Agents.

BeyondTrust does not support asset-based licensing in Retina CS.

Implementation models (cloud, on-prem)

Tenable's portfolio includes both cloud and on-premise solutions enabling live discovery of all assets, continuous visibility into the security and exposure of those assets, context to any exposure to prioritize remediation, and strategic insight to create a metrics-driven program where Cyber Exposure is quantified and measured alongside every other business exposure.

Qualys asset-based licensing is strictly limited to Qualys' Cloud Agents

Limited

Rapid7 Nexpose is on-prem only. InsightVM is a hybrid architecture of a cloud-hosted platform which requires an on-prem deployment of Nexpose.

Limited

BeyondInsight is BT's cloud-hosted analytics and reporting platform. It's a hybrid deployment that requires an on-prem install of Retina so it is not 100% cloud or 100% on-prem.

Central, scalable management console

Tenable provides the first and only solution to include management of active and passive sensors, web application scanning, and container security all in an easy-to use, unified management console.

Limited

Qualys has a centralized dashboard with their ThreatProtect module, but it doesn't display web app scanning results. It is sold at an additional cost over their VM module.

Limited

With the introduction of InsightVM, Rapid7 now has a centralized console but since it augments the Nexpose console, it can't be used as a standalone solution.

Limited

BeyondInsight is BT's centralized console but since it augments the Retina console, it can't be used as a standalone solution.

Customizable dashboards/reports

Tenable offers hundreds of pre-built, highly customizable HTML5-based dashboards and reports to quickly give the visibility and context needed to take decisive action to reduce exposure and risk.

Limited

BeyondInsight dashboards are not customizable but reporting is. Retina reporting is customizable but is very limited.

Pre-built dashboards & reporting against compliance frameworks

Tenable automates the assessment of technical controls from ISO/IEC 27001/27002, NIST Cybersecurity Framework, NIST SP 800-171 and CIS Critical Security Controls. Fully-customizable dashboards and reports enables user to measure, visualize, and effectively communicate adherence to these security controls.

Limited

Some compliance frameworks are supported but not as many as Tenable.

Limited

Some compliance frameworks are supported but not as many as in SCCV.

Limited

Some compliance frameworks are supported but not as many as in SCCV.

Pre-built dashboards & reporting against compliance frameworks

Tenable provides numerous executive dashboards, reports, and Assurance Report Cards (ARCs) enabling management to quickly assess the risk to their environment. Tenable executive reporting includes vulnerability information summarized by type, severity, asset, exploitability, and recently remediated to give management a comprehensive risk overview.

Limited

Some compliance frameworks are supported but not as many as Tenable.

Limited

BeyondTrust has exec reports but risk is limited to vulnerability severity (CVSS scores)

Services, Training and Support

Tenable offers a number of training and support services, including no-cost, on-demand training, instructor-led and customized training, enterprise (24/7/365) and personalized, premium technical support options, and a wide range of Professional Services from advisory workshops and quick deployment options to periodic health checks and custom services.

Limited

Qualys offers no pro services; provides only no-cost training.

Limited

Rapid7 offers implementation pro services, managed services and 24/7 advanced support but leverages consultants (non-R7 employees) for much of the work

BeyondTrust has exec reports but risk is limited to vulnerability severity (CVSS scores)

Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.