Tenable's response to folks upset at AWOL features: A 150-emails-a-minute spam storm Tenable Security has given itself two problems, by releasing a product its users don't like, and then adding them all to a support email group that's sending uncomfortable volumes of messages. The new product is Nessus Professional v7, which Tenable has declared is just fabulous thanks to new licensing, improved reports, and …
Not ALL of us voted for that man, but thank you for lumping us all into the same pot.
In that same fashion, thanks for being an uppity, know it all, fekking smeghead Brit.
To all the folks that are intelligent enough not to lump an entire group of people into the same boat just because a vociferous minority did something stupid, I thank you & offer a pint.
To everyone whom insists on labeling us "'Muricans" & other such idiocy, may you choke on said pint.
Have a nice day...
*Leaves a twenty on the bar to pay for all the drinks*
This post has been deleted by its author
This post has been deleted by its author
It was an absolute bear for the first few years after the fork at least; eventually I gave up on it. The test database wasn't scratching the surface of new vulnerabilities either. I'm also in the market for an alternative now - desperate to get off Qualys but sadly out of touch with the current alternatives. (I guess Retina isn't a thing any more? Has it finally died and had a decent burial?)
This post has been deleted by its author
Well done Tenable for taking a program we pay for and making it completely useless to us.
The only way we use Nessus is via custom software and the API to extract the resulting scan information into a database which makes is useful to us to automate vulnerability fixes and quickly find which devices need the most work.
So, here's the thing.
I won't be buying software from Tenable again.
Yes, I'm annoyed they've removed features I paid for, but who is to say that if I upgrade, they won't remove the features I rely on from that edition too.
I cannot buy from them, if I do not trust them.
A shortsighted move.
Once upon a time, companies were proud to make as good a product and have as good a customer support as possible. Their joy and pride was to exceed customer expectations.
Unfortunately marketing took over: Nowadays it's about scamming customers out of as much money as possible, while spending as little effort and money as possible. Unfortunately these aggressive "new style" companies make much more profit than the quaint old ones, so the writing is on the wall: Everyone will eventually abandon the pretenses of caring about customers and just go directly for the money. Keep in mind that the most profitable business plan is one which offers nothing at all for the customers' money, an age-old principle also known as "robbery"...
We have just cancelled our Tenable order - only for three copies but that is still over $7k - placed last week but will arrive too late for the API cutoff. A pain as we had written a load of Python scripts to manage the scan output. The silly thing is that had we got the Nessus scanners in there was a possibility we would have then moved to something like Security Centre. Now - no chance at all.
I am now looking at OpenVAS - there seem to be a couple of useful APIs in there that can be leveraged - and I suspect if a load of other people move like us and make a few donations the feature set will rapidly increase.
Tenable remind me of Sun Microsystems - some may recall Solaris x86 being canned to help Sun's Cobalt Linux. It did help Linux - RedHat Linux, Suse Linux - but not Cobalt! By the time Sun realised and restarted the Solaris x86 line it was too late - Linux had the market share. Tenable seem to hope killing the API will make everyone rush out and buy their io cloud based product. When they realise it hasn't happened and restart the API it will be too late for them as well - others will have the market share.
Finally, Tenable really have screwed up - not only with the update and the spam but also their brand new support community - currently giving a 404 error and spewing a load of diagnostics. That makes three problems!
Gun - foot - aim - fire!
So what else is out there? Aside from OpenVAS, which I've heard of but not used.
Somebody commented by saying that there are loads of alternatives, but conveniently mentioned precisely none of them.
Don't care if it's paid or free, but it needs to be good and to "just work".
Thank you!
Either you work for Tenable or you don't know about vulnerability scanners. Qualys is a lot bigger than Tenable and it sells an excellent vulnerability scanner (with more features than Nessus and with less false positives than Nessus), Rapid7 also sells an excellent vulnerability scanner, Outpost24 also. Just Google it or maybe you won't even try it because you already knew and are here on "damage control". At least, try to know the industry before you open your mouth.
As he made a polite request for suggestions for alternatives, "don't know about vulnerability scanners", obvious. Dial down the paranoia and maybe try to grasp that not everyone in the world is an expert on the tiny corner of the world you rule as a god-emperor of knowledge, maybe?
When a CEO comes on the company website with a video on how excited they are, it's either a feature cut or a cloud move. I have no confidence in the engineers managing their cloud systems given their lax attention on their email bomb fiasco. Tenable need to reverse their decision in order to remain credible as a security tool. Not only have they pushed their customers to seek alternatives, they've given their competition the features needed to win their customers over!
We were planing to buy new licenses and renew several licenses, thanks to these news we won't do it. Simply put, Tenable cannot be trusted even if they reverse the decision to remove the API and multi-user support. On top of that, we were tired of chasing false-positives with Tenable but we still used it because of the API and multi-user, now that we won't have those features we are done for good with Tenable. To add insult to the injury, Renee's post only makes thing worst because or they don't know how to mask their intentions of they are simply treating the customers as if the customers are naive. Good riddance, Tenable only made the competition a lot stronger and more reliable. An advice to Tenable: Don't even try to reverse your decision, it will make things only worse and you know it.
I have to disagree about the false positives - Nessus is no better and no worse than Qualys. Personally I preferred the Nessus interface - Qualys tries to do everything and ends up as a jack of all trades master of none - leaving users having to hop around between different parts in an inconsistent manner.
Furthermore, Nessus here picked up an error Qualys missed caused by our desktop team having the wrong CAB file in SCCM.
BUT all this is no use if the tool is unmanageable or the vendor cannot be trusted - which is where we now are with Nessus.
Finally, taking the fingers-in-ears approach and shutting down the community server to avoid adverse discussion shows a company that seriously just does not get it.
Very sad. Good product. Crap company.
Employer merged with an equivalently sized peer. I went to kick the tyres of the Nessus install on the other side, as I was looknig forward to ditching the bloated, "quirky", wildly over-complicated Qualys system we have on "our" side.
and couldn't for the life of me figure out why there was no "add new user" button. When support told me I couldn't really believe it, I assumed I was talking to clueless first-line - but no. Srsly?
Maybe they don't realise that accountability for actions via individual named accounts associated with a single natural person has been a mandatory enterprise security requirement for, what,.. 25 years? 30?
Anyway, they've walked away from a deal for 5000 users / 30,000 devices. We'd probably need a couple of dozen scanners, maybe more (it's a sprawling multi-national with dozens of obscure business units and branch offices.)
Walk away, Rene...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
