Anyone ever switch from Tenable to Qualys

MitMMitM Member Posts: 622 ■■■■□□□□□□
I was just wondering if anyone has ever switch from Tenable to Qualys (or vice versa)? If so, was it the right move?

I've been using Security Center. I don't have Continuous View. I've also never tried their Web Application Scanning product, but am interested.

Comments

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    I'm exploring switching to Nexpose for a client from Tenable. The reason being that I'm not a fan of storing vulnerability information at a third-party.

    For me personally, I'm not a fan of using Tenable because they compete with their customers when it comes to penetration testing so that's a bit of a turn-off. That's probably why Qualys has a big market among PCI QSAs.

    Sorry - I don't really have any real answers. But I'm looking forward to see what other people say about the differences.
  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    paul78 wrote: »
    I'm exploring switching to Nexpose for a client from Tenable. The reason being that I'm not a fan of storing vulnerability information at a third-party.

    For me personally, I'm not a fan of using Tenable because they compete with their customers when it comes to penetration testing so that's a bit of a turn-off. That's probably why Qualys has a big market among PCI QSAs.
    .

    I'm using Tenable Security Center, it's an on-premise solution, for the most part. What do you mean they compete with their customers? Tenable does pen testing?
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    MitM wrote: »
    I'm using Tenable Security Center, it's an on-premise solution, for the most part.
    Yeah - when I recently inquired about it, I was pushed to the SaaS based Tenable.io service. It seemed like they were trying to get away from Security Center.
    MitM wrote: »
    What do you mean they compete with their customers? Tenable does pen testing?
    At one time, I did recall seeing that they offered penetration testing services through their professional services arm. Although, it may have been the koolaid that I drank from the Qualys sales person. I may have been mistaken in my statement since that doesn't seem to be true today.
  • Danielm7Danielm7 Member Posts: 2,304 ■■■■■■■■□□
    paul78 wrote: »
    I did recall seeing that they offered penetration testing services through their professional services arm. Although, it may have been the koolaid that I drank from the Qualys sales person. I may have been mistaken in my statement since that doesn't seem to be true today.
    Sounds like sales pressure. Rapid7 does too and they've never pushed it on me and I've been an enterprise customer for years.
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,829 Mod
    Take a look at Rapid7's InsightVM (aka Nexpose) for vuln management, and AppSpider Pro for web app scanning.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    Thanks everyone. I'll check out Rapid7 InsightVM and AppSpider Pro.

    Rapid7 pretty much call me every day. They never leave a voicemail, but I see them on the caller id :)

    I should have added that I'm not unhappy with Tenable, was really just curious how they compare
  • RoRsChAcHRoRsChAcH Member Posts: 31 ■■■□□□□□□□
    We just switched from Nessus Manager to InsightVM which was mostly due to implementing InsightIDR. Have only used VM for a couple days now and I have to say it definitely has bigger learning curve than Nessus but its due to the fact that it not only provides vulnerability scans but vulnerability lifecyle management. I liked the simplicity of Nessus but prefer the analysis and priority that VM provides.
Sign In or Register to comment.