Users of Intel Security’s McAfee Vulnerability Manager (MVM) have a choice to make before that product hits end-of-life in early 2018. They can either follow Intel Security to Rapid7’s Nexpose vulnerability monitor, or reassess their needs and choose a new direction all together. Either way, IT operations for those customers should plan on a migration away from MVM within the next two years, which in most cases is enough work to justify at least examining the field of vulnerability management products. Tenable, with their SecurityCenter, has been a major competitor in this field, piggybacking on the success of their industry-standard Nessus vulnerability scanner.
The End of McAfee Vulnerability Management
According to Intel Security’s website,
“[The MVM] EOL process helps ensure we are investing in the right areas to continually innovate and lead the market with the best solutions that address our customers’ security needs. Instead of directly participating in the vulnerability management segment, Intel Security has partnered with Rapid7 to transition our customers over to its market-leading Nexpose solution.”
For IT shops currently using MVM, this means forklifting their entire vulnerability management platform, for which Intel Security says they “apologize for any disruption that this action causes.” McAfee used to be near synonymous with endpoint protection and information security in general and many IT shops defaulted to them years ago because of their market share. But as the face of IT has changed, security approaches have changed as well, and in recent years it seems like McAfee has been reacting to changes, trying to keep up, rather than spearheading them.
Search for "free vulnerability scanner" and you'll see plenty of options. So why are breaches due to known vulnerabilities still so common?
Intel choosing to outsource the vulnerability management portion of the McAfee suite not only calls into question whether companies are still best served using McAfee products, it highlights the need for centralized, integrated security monitoring. While Rapid7’s Nexpose is a much stronger contender against Tenable than McAfee’s earlier offerings, it remains unclear how it will fit into McAfee’s ePolicy central management product (this product brief from Rapid7 merely says “coming soon.”) This means less integration, a more complex environment and a steeper learning curve. Adding to this is McAfee’s long reputation among IT professionals for generating false positives, problematic updates and interrupting necessary services and connectivity, and its one-out-of-five star reputation among home users. Companies using MVM may see its end-of-life as an opportunity, forcing their hand to change platforms.
Tenable
McAfee users aren’t the only ones sniffing out an opportunity. Tenable is offering people moving away from MVM a promotional deal including a free year for 512 IPs on Tenable Security center, 4 hours of professional services and more. This makes sense, considering they have to compete with Intel’s choice of Rapid7, who have exclusive access to a migration toolkit for MVM users. But overall comparisons between Rapid7, Tenable and their competitors show that they offer similar sets of functionality, and any of them would be a step up for traditional McAfee shops.
The Nessus technology at the core of the Tenable products remains one of the best vulnerability scanners available. Whatever other bells and whistles security suites may offer (here one might remember the gradual bloat of McAfee’s endpoint protection product), solid vulnerability scanning and accurate threat detection are still the cornerstone of an effective product. Customers moving from McAfee’s MVM will also be glad to know every Tenable product comes with free online training, meaning IT operations staff will have ready access to answers for the many questions that are sure to come up during a software migration.
Side-By-Side Scoring: Tenable vs. Rapid7
1. Capability Set
Both Tenable’s SecurityCenter and Rapid7’s Nexpose offer similar features for vulnerability scanning and management. Among common features are asset discovery, compliance checking, malware/virus detection, anomalous behavior monitoring and reporting/analytics. While Rapid7 offers integration with Metasploit for vulnerability testing, Nessus scan results can also be exported and used with Metasploit in a similar fashion.
2. Ease of Use
It comes down to personal preference between these two UIs, as they are both slick and intuitive, with a host of data visualizations. But both products need to be thoughtfully configured and regularly assessed to ensure the data in those visualizations stays accurate.
3. Community Support
If you like reading blogs and forums, you’re in luck, because both Rapid7 and Tenable have decent community/knowledge bases. Tenable also has a feed for Nessus plugins, which can save a lot of time for people looking to keep up with the latest technologies.
4. Release Rate
The latest edition of Tenable’s SecurityCenter, 5.2, was released 12/16/15 and Rapid7’s Nexpose was just updated to 6.1.13 on 3/2/16. Nexpose has a much more regular update interval of minor versions, as well as release notes on every update.
5. Pricing and Support
For customers leaving McAfee, there may be special pricing offers or deals, but licensing generally runs between $15,000-$25,000 for an initial setup of either product. Both have scalable licenses by number of IPs scanned.
6. API and Extensibility
Both products have a widely used and documented API, with Tenable having a slight edge from years of Nessus extensibility.
7. 3rd Party Integrations
Tenable has a long list of 3rd party integration features for most major platforms and applications. Rapid7’s list is slightly longer, but with less information about how it integrates. Chances are either both will integrate with your environment or neither will.
8. Companies That Use It
Tenable is near ubiquitous, with even the Department of Defense using their Nessus software, while Rapid7’s customer list is lengthy and has some impressive names.
9. Learning Curve
As previously mentioned, Tenable offers free online training for all of their products, and both companies have significant knowledge bases and user communities to draw answers from.
Scoreboard and Summary
Tenable has a slight overall advantage based on these criteria, but it will be interesting to see how many former McAfee customers follow Intel’s push to Rapid7 and how many explore other options. Vulnerability management is just a small part of an overall digital resiliency strategy. Configuration management and visibility compliments a robust vulnerability scanner by proactively ensuring environments stay uniform and monitored. Check ours out for free on up to 10 nodes.