Anyone ever switch from Tenable to Qualys
I was just wondering if anyone has ever switch from Tenable to Qualys (or vice versa)? If so, was it the right move?
I've been using Security Center. I don't have Continuous View. I've also never tried their Web Application Scanning product, but am interested.
I've been using Security Center. I don't have Continuous View. I've also never tried their Web Application Scanning product, but am interested.
Comments
-
paul78
Member Posts: 3,016 ■■■■■■■■■■
I'm exploring switching to Nexpose for a client from Tenable. The reason being that I'm not a fan of storing vulnerability information at a third-party.
For me personally, I'm not a fan of using Tenable because they compete with their customers when it comes to penetration testing so that's a bit of a turn-off. That's probably why Qualys has a big market among PCI QSAs.
Sorry - I don't really have any real answers. But I'm looking forward to see what other people say about the differences. -
MitM
Member Posts: 622 ■■■■□□□□□□
I'm exploring switching to Nexpose for a client from Tenable. The reason being that I'm not a fan of storing vulnerability information at a third-party.
For me personally, I'm not a fan of using Tenable because they compete with their customers when it comes to penetration testing so that's a bit of a turn-off. That's probably why Qualys has a big market among PCI QSAs.
.
I'm using Tenable Security Center, it's an on-premise solution, for the most part. What do you mean they compete with their customers? Tenable does pen testing? -
paul78
Member Posts: 3,016 ■■■■■■■■■■
Yeah - when I recently inquired about it, I was pushed to the SaaS based Tenable.io service. It seemed like they were trying to get away from Security Center.I'm using Tenable Security Center, it's an on-premise solution, for the most part.
At one time, I did recall seeing that they offered penetration testing services through their professional services arm. Although, it may have been the koolaid that I drank from the Qualys sales person. I may have been mistaken in my statement since that doesn't seem to be true today.What do you mean they compete with their customers? Tenable does pen testing? -
Danielm7
Member Posts: 2,310 ■■■■■■■■□□
Sounds like sales pressure. Rapid7 does too and they've never pushed it on me and I've been an enterprise customer for years.I did recall seeing that they offered penetration testing services through their professional services arm. Although, it may have been the koolaid that I drank from the Qualys sales person. I may have been mistaken in my statement since that doesn't seem to be true today. -
JoJoCal19
Mod Posts: 2,835 Mod
Take a look at Rapid7's InsightVM (aka Nexpose) for vuln management, and AppSpider Pro for web app scanning.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
MitM
Member Posts: 622 ■■■■□□□□□□
Thanks everyone. I'll check out Rapid7 InsightVM and AppSpider Pro.
Rapid7 pretty much call me every day. They never leave a voicemail, but I see them on the caller id
I should have added that I'm not unhappy with Tenable, was really just curious how they compare -
RoRsChAcH
Member Posts: 31 ■■■□□□□□□□
We just switched from Nessus Manager to InsightVM which was mostly due to implementing InsightIDR. Have only used VM for a couple days now and I have to say it definitely has bigger learning curve than Nessus but its due to the fact that it not only provides vulnerability scans but vulnerability lifecyle management. I liked the simplicity of Nessus but prefer the analysis and priority that VM provides.
