Sold by: Tenable, Inc.
Deployed on AWS
Free Trial
AWS Free Tier
Managed in the cloud and powered by Nessus technology, Tenable Vulnerability Management (formerly Tenable.io) is the go-to vulnerability management solution for securing AWS environments. It provides the industry's most comprehensive vulnerability coverage with the ability to predict which security issues to remediate first. As part of the free trial, you can also access Tenable Cloud Security and other components of the Tenable portfolio.
4.5
Overview
Tenable Vulnerability Management delivers the industry's most comprehensive vulnerability coverage and detection accuracy. By leveraging risk-based scoring and timely zero-day disclosures, Tenable enables you to move beyond basic scanning to predict which security issues to remediate first. With built-in compliance profiles, automated reporting, and guided remediation workflows, you can prioritize the exposures that pose the greatest threat to your business. As your AWS environment evolves, Tenable ensures you can detect and respond to security issues rapidly as new vulnerabilities emerge.
Tenable Vulnerability Management is also available through Tenable One, the exposure management platform that unifies vulnerability management, cloud security, identity security, OT/IoT security, and more into a single view of your attack surface. For hybrid environments, Tenable One combines Tenable Vulnerability Management with Tenable Cloud Security to deliver unified vulnerability assessment and cloud security posture management across on-premises and cloud infrastructure. Learn more about Tenable One.
Highlights
- See Everything - Gain comprehensive visibility with coverage spanning over 113,000 vulnerabilities and 296,000 plugins. Continuously assess your environment as new assets are discovered and new vulnerabilities are disclosed. By delivering daily plugin updates and the industry's most comprehensive CVE support, Tenable keeps you ahead of emerging threats.
- Prioritize Critical Exposures: Quickly identify the most exploitable, business-impacting exposures using risk-based threat intelligence and critical asset identification. Maximize ROI - Eliminate duplicate asset counting across multiple instances with Tenable's asset-based elastic licensing model - the industry's first - so you only pay for what you actually protect.
- Drive Decisive Action: Accelerate remediation of high-risk exposures with guided steps and integrate with your existing workflows.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months | Cost savings % |
|---|---|---|---|
100 Assets | 100 Asset Bundle, 5 bundle maximum purchase | $3,500.00 | 0% |
Onboard Bundle | 100 assets + Quickstart (Use "50 Assets" for add'l seats) | $6,500.00 | 0% |
Deploy Bundle | 100 Assets + Training/Quickstart (Use "50 Assets" for add'l seats) | $8,500.00 | 0% |
SERV-NES-EXP-DOM | Nessus Expert Additional Domains & FQDNs | $760.00 | 0% |
Tenable SaaS Product | Tenable Product(s) as configured on the referenced Tenable Quote | $100,000,000.00 | 86% |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Tenable.io Activation: https://static.tenable.com/documentation/Tenable.io_Activation_Help.pdf Tenable.io Tenable.io Documentation: https://docs.tenable.com/TenableIO.htm Tenable Knowledge base: https://community.tenable.com/s/topiccatalog Tenable offers 24x7x365 support for its customers via chat, email, and phone. Customers can login to community.tenable.com with their Support account to create cases and chat with us, or call 1-855-267-7044 with their customer ID number. Documentation can be found at both our community portal and
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Tenable, Inc.
By BYNET
By Rapid7
Top
10
In Industrial IoT, Application Servers
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Vulnerability Detection Coverage
Supports detection of more than 76,000 vulnerabilities and 186,000 plugins with comprehensive CVE and security configuration support
Risk-Based Prioritization
Predicts which security issues to remediate first using risk-based scoring and built-in compliance profiles
Agentless Cloud Assessment
Enables continuous discovery and assessment of EC2 instances for vulnerabilities without requiring agent installation, credential management, or manual scan configuration
Asset-Based Elastic Licensing
Implements asset-based licensing model that eliminates duplicate counting of assets with multiple IP addresses
Vulnerability Data Aggregation
Consolidates and evaluates vulnerability data from multiple Nessus scanners distributed across the enterprise infrastructure.
Risk Assessment and Trend Analysis
Illustrates vulnerability trends over time and assesses risk with actionable context for effective remediation prioritization.
Advanced Analytics and Reporting
Utilizes advanced analytics with customizable dashboards and reports to identify network weaknesses.
Continuous Vulnerability Monitoring
Continuously monitors systems for new vulnerabilities to enable proactive threat detection.
Centralized Security Management
Provides centralized management of security assets from a single console with support for up to 500 IP bands.
Vulnerability Detection and Assessment
Detects over 150 kinds of misconfigurations in AWS environments and assesses physical servers, virtual machines such as EC2 instances, containers, and remote endpoints through scan engines, Rapid7 Insight Agent, and direct API integrations with cloud providers and container repositories.
Risk Prioritization and Scoring
Utilizes proprietary real-risk scoring algorithm to help teams prioritize threats and identify the biggest security risks within the IT environment.
Automated Remediation and Ticketing
Automatically creates tickets in JIRA or ServiceNow based on findings and includes automation capabilities with integrations to SCCM and BigFix for streamlined remediation workflows.
Attack Surface Monitoring
Monitors attack surface to uncover known and unknown external-facing assets and maintains real-time data synchronization through direct integrations with AWS and other cloud providers.
Compliance and Policy Evaluation
Evaluates compliance with industry frameworks and custom policies, and provides goal and SLA reporting, remediation projects, and customizable dashboards for tracking progress and sharing results across the organization.
Standard contract
No
No
No
Customer reviews
TarunKumar2
Quarterly automated scans have strengthened our global security posture and guided faster remediation
Reviewed on Jan 13, 2026
Review from a verified AWS customer
What is our primary use case?
I think we use Tenable Vulnerability Management primarily for our internal use. We are not a reseller; we are a customer.
We have a set of IPs across the globe, and we conduct this scan once a quarter of all the IPs combined. This scanner has updated information with respect to vulnerabilities that exist in the open. We perform vulnerability scans of all the IPs in order to ensure that no vulnerability exists in our environment, infrastructure, or network. We run vulnerability scans which are automated in nature and scheduled over the weekend to make sure that all the IPs are up to date. Once in a quarter, all IPs are scanned and a vulnerability report is generated. This report tells us whether there are low, medium, or high critical vulnerabilities that exist. We have a remediation plan for the high, medium, and low vulnerabilities in terms of the amount of time that we should be taking in order to patch these vulnerabilities. This tool keeps our information security posture high. We also carry out aging analysis because there are some vulnerabilities that cannot be patched due to dependencies. We actively carry out aging analysis in order to see if there are some vulnerabilities that are still in the system for more than one month or two months, and what the reason is. We actively work with all of the business teams and the IT setup within our system is quite regimented in order to run the scans once in a quarter for all the IPs.
What is most valuable?
I think their automated vulnerability scan and the scanning engine of Tenable Vulnerability Management are valuable. There are agents that you can deploy, and you can run the scans on those IPs on an automated basis. The automated scanning feature is probably the most important. They also have a good remediation workflow which can be integrated with your own internal workflow. You can do automated tracking of closure of the vulnerabilities. The ease of use, the automated scanning facility, and their good support mechanism are all valuable. If you were to get stuck somewhere, they can readily make their customer service or technical teams available to take care of our needs. Automated vulnerability scanning is the feature which makes life a little easier.
What needs improvement?
I don't think that there is any very specific area where enhancements need to happen in Tenable Vulnerability Management's feature sets. The only area which possibly is not a part of the feature, but Tenable can look at, is to make their pricing more competitive.
For how long have I used the solution?
I have been using Tenable Vulnerability Management for more than five years.
What do I think about the stability of the solution?
I would give Tenable Vulnerability Management a nine out of ten for stability because the downtime has been next to minimal. We have not faced any kind of outages in terms of services. Reliability is absolutely high.
How would you rate stability?
Positive
What do I think about the scalability of the solution?
I think the scalability level of Tenable Vulnerability Management is fairly good. I don't think we have really found that wanting. I would give that an eight out of ten. We have not faced any problems so far.
With the growing needs of our company, Tenable Vulnerability Management is able to safely adapt.
How would you rate scalability?
Positive
How are customer service and support?
We had used Tenable's expert support services in order to make sure that we run Tenable Vulnerability Management on a continuous basis and are able to utilize their services. At the time of the implementation, we had taken the help of Tenable's expert support to be able to help us use this feature at the outset.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have used QualysGuard before using Tenable Vulnerability Management.
We decided to switch from QualysGuard to something else because these were two different companies. This was the previous company where I had exposure to QualysGuard. We have never made any change from Tenable in the current company.
How was the initial setup?
When I started working at my current company, Tenable Vulnerability Management was already there.
What about the implementation team?
I was involved in the decision, but we have chosen Tenable and we continue using Tenable Vulnerability Management in the current company. I was a part of the purchase process.
What's my experience with pricing, setup cost, and licensing?
I would not say very expensive for Tenable Vulnerability Management; it is not prohibitive, but at the same time, there are some other tools in the marketplace which are offering the same kind of services that Tenable offers, the same kind of features that Tenable has offered at a lesser cost.
What other advice do I have?
I use Tenable Vulnerability Management, and that is the tool that I have primary experience with.
Apart from zero-day vulnerability, which obviously none of the tools would know about, I think the scanning engine of Nessus, part of Tenable Vulnerability Management, is quite up-to-date. It provides details on how the remediation should take place and provides detailed steps on how the remediation can be undertaken, which is quite helpful for the various application teams in order to understand. Their platform is something which is quite up-to-date. It appears that in the back-end they have the right set of threat intelligence feeds that come in from all different sources. I would assume that their AI engine and also their database is quite updated. From the perspective of being up to date, we feel very comfortable because we do rely on and trust their AI engine which their scanning facility is powered with.
The importance of real-time risk prioritization for our organization's security strategy is very high. These are the times where you cannot really go loose at all. Remediation becomes prioritized for all organizations. It is extremely important that at least the highly critical vulnerabilities are patched within 24 to 48 hours because they are high targets and valuable targets for adversaries. Therefore, risk prioritization is probably extremely important for organizations to keep these in the highest priority of any activity.
We have not yet integrated Tenable Vulnerability Management as much. We are using Tenable on a standalone basis. We have not yet done an integration with any GRC tool or any other tool. As of now, we are using Tenable as an independent tool.
Tenable Vulnerability Management is deployed on-cloud in our organization, and we are using Amazon Web Services as our cloud provider.
I would give Tenable Vulnerability Management a nine out of ten rating. This is not a matter of concern because, apart from the costing part, which was pretty much okay when we signed up, over a period of time they have been increasing their license fee. That is the only point which I believe that they could possibly look at working upon. Otherwise, it is a nine out of ten for sure. My overall review rating for Tenable Vulnerability Management is eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Jorge G.
Versatility and Ease: Complete and Intuitive Tool
Reviewed on Nov 27, 2025
Review provided by G2
What do you like best about the product?
I like the versatility of the tool, the ease of use, the dashboards are very intuitive. The tool incorporates the best scanning, visibility, reporting, and other excellent features. Customer support is immediate, the implementation is very simple and intuitive, in just 1 day we were able to carry out the implementation and the necessary integrations very easily.
What do you dislike about the product?
I use the tool daily and, particularly, I haven't seen anything I didn't like yet.
What problems is the product solving and how is that benefiting you?
One of the problems solved was the lack of visibility we had in the environment. With Tenable, we managed to mitigate this lack and now we have a macro view regarding the vulnerabilities of our environment.
CRISTIAN ANDRES R.
the best software
Reviewed on Nov 03, 2025
Review provided by G2
What do you like best about the product?
Ease of Use. Frequency of Use, interface
What do you dislike about the product?
nothing, tenable is the best solutions to manage vulnerabilities
What problems is the product solving and how is that benefiting you?
management process of vulnerabilities to compliance PCI DSS
Hospital & Health Care
Great Scanning Capabilities, But User Account Setup Is Frustrating
Reviewed on Oct 22, 2025
Review provided by G2
What do you like best about the product?
I like the ability to scan internal and external resources as well as web applications. The app has great filtering capabilities as well as tagging, allowing you to compartmentalize sites and services into containers that you can scan and report on separately.
What do you dislike about the product?
It's annoying to create user accounts where they do not share the same domain as you. We take care of a lot of different sites and want to allow users to login to view their vulnerabilities but this limitation makes it difficult. I have to put in a ticket every time I want to add a new user's domain. The cost of web application scanning is much higher than normal licensing.
What problems is the product solving and how is that benefiting you?
Tenable vulnerability management allows us to scan internal and external assets every day/week/month on demand or on schedule. The findings and vulnerabilities are stored for months and allows you to see the history of vulnerability for a particular asset, which is very helpful. It helps prioritize remediation effort by using the AES scoring matrix to determine where to put your time.
Joseph R.
Outstanding TVM Features and Support, Needs Better Asset Licensing Controls
Reviewed on Oct 22, 2025
Review provided by G2
What do you like best about the product?
SentinelOne’s Threat and Vulnerability Management (TVM) product is a strong solution with a rich set of features and excellent overall performance. The platform provides deep visibility, clear remediation guidance, and a very user-friendly interface that makes it easy to prioritize and act on vulnerabilities.
Support from SentinelOne has also been outstanding — responsive, knowledgeable, and proactive in addressing questions or issues.
Also, deployment is a snap.
Support from SentinelOne has also been outstanding — responsive, knowledgeable, and proactive in addressing questions or issues.
Also, deployment is a snap.
What do you dislike about the product?
The only drawback I've encountered is around asset licensing management. It would be helpful to have more granular controls for excluding non-relevant or "ghost" assets, such as IoT or VOIP devices, from consuming licenses. Enhancing this capability would make an already excellent product even better.
I'd also like to see better reporting around the management of vulnerabilities over 90-plus days old in the environment and agents.
I'd also like to see better reporting around the management of vulnerabilities over 90-plus days old in the environment and agents.
What problems is the product solving and how is that benefiting you?
It addresses my Visibility Gap and threat graph, allowing me to understand better where my risks are and prioritize them in an automated way that is easy for my stakeholders to understand and act on.