Anyone ever switch from Tenable to Qualys

I was just wondering if anyone has ever switch from Tenable to Qualys (or vice versa)? If so, was it the right move?

I've been using Security Center. I don't have Continuous View. I've also never tried their Web Application Scanning product, but am interested.

Find more posts tagged with

Comments

paul78

I'm exploring switching to Nexpose for a client from Tenable. The reason being that I'm not a fan of storing vulnerability information at a third-party.

For me personally, I'm not a fan of using Tenable because they compete with their customers when it comes to penetration testing so that's a bit of a turn-off. That's probably why Qualys has a big market among PCI QSAs.

Sorry - I don't really have any real answers. But I'm looking forward to see what other people say about the differences.

MitM

paul78 wrote: »

I'm exploring switching to Nexpose for a client from Tenable. The reason being that I'm not a fan of storing vulnerability information at a third-party.

For me personally, I'm not a fan of using Tenable because they compete with their customers when it comes to penetration testing so that's a bit of a turn-off. That's probably why Qualys has a big market among PCI QSAs.
.

I'm using Tenable Security Center, it's an on-premise solution, for the most part. What do you mean they compete with their customers? Tenable does pen testing?

paul78

MitM wrote: »

I'm using Tenable Security Center, it's an on-premise solution, for the most part.

Yeah - when I recently inquired about it, I was pushed to the SaaS based Tenable.io service. It seemed like they were trying to get away from Security Center.

MitM wrote: »

What do you mean they compete with their customers? Tenable does pen testing?

At one time, I did recall seeing that they offered penetration testing services through their professional services arm. Although, it may have been the koolaid that I drank from the Qualys sales person. I may have been mistaken in my statement since that doesn't seem to be true today.

Danielm7

paul78 wrote: »

I did recall seeing that they offered penetration testing services through their professional services arm. Although, it may have been the koolaid that I drank from the Qualys sales person. I may have been mistaken in my statement since that doesn't seem to be true today.

Sounds like sales pressure. Rapid7 does too and they've never pushed it on me and I've been an enterprise customer for years.

JoJoCal19

Take a look at Rapid7's InsightVM (aka Nexpose) for vuln management, and AppSpider Pro for web app scanning.

MitM

Thanks everyone. I'll check out Rapid7 InsightVM and AppSpider Pro.

Rapid7 pretty much call me every day. They never leave a voicemail, but I see them on the caller id

I should have added that I'm not unhappy with Tenable, was really just curious how they compare

RoRsChAcH

We just switched from Nessus Manager to InsightVM which was mostly due to implementing InsightIDR. Have only used VM for a couple days now and I have to say it definitely has bigger learning curve than Nessus but its due to the fact that it not only provides vulnerability scans but vulnerability lifecyle management. I liked the simplicity of Nessus but prefer the analysis and priority that VM provides.