Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable versus Microsoft

“Good enough” VM from Microsoft is not good enough

In March 2022, Tenable Research discovered two vulnerabilities (one critical) in the Microsoft Azure platform and both were exploitable. Microsoft downplayed the risk and it took the company 89 days to privately acknowledge the severity of the issue.

Image of the number of days (89) it took Microsoft to report critical vulnerabilities in Azure

Why customers choose Tenable over Microsoft

Prioritize risk

Tenable Exposure View combines Tenable’s vulnerability priority rating (VPR) with an asset criticality rating (ACR) to objectively measure the risk of an asset, a business unit, or the whole organization.


Microsoft Defender Vulnerability Management scores do not consider context like the criticality of an asset on a network, internal and peer benchmarking, assessment and remediation maturity.

Microsoft’s recommendations method leads to serious gaps with the potential of hundreds if not thousands of suggestions.

Screenshot showing how to prioritize risk inside Tenable's Exposure View

Security beyond the endpoint

Tenable has complete visibility and assessment of the entire attack surface.

Reducing cyber risk and ensuring compliance requires understanding across traditional IT to the cloud to operational technology.

Tenable’s ability to log on to network devices and check for configuration and setting significantly reduces the rate of false-positives.


Microsoft Defender Vulnerability Management coverage is limited to those endpoints that have an agent, and its network scanning capability is SNMP-based.

Simple icon graphic visualizing security beyond the endpoint

Coverage and accuracy

As of August 2024, Tenable Research has published over 219,000 plugins covering over 89,000 CVEs, and we continue to update and publish our vulnerability coverage and CVE count at tenable.com/plugins.

  • #1 in CVE coverage
  • #1 in zero-day research 1
  • #1 in vulnerability management

94K K

Vulnerabilities assessed
with 227,000+ plugins

726

Vulnerabilities disclosed
by Tenable Research

< 24 hrs

Median time for coverage
of high profile issues

Microsoft does not publish its CVE count.

1 - Tenable blog link

Communicate risk

Tenable enables communication by providing an extensive library of dashboards and reports to help facilitate communication with stakeholders such as, senior leadership, IT and security colleagues, auditors, and the board.


Microsoft Defender has a lack of dashboards and reports. Period.

Screenshot showing how to communicate risk inside Tenable's Exposure View

Compare Tenable to Microsoft

Vulnerability and coverage accuracy

89K CVEs the industry’s broadest coverage

Not published

Prioritization

Exposure view combines Tenable’s vulnerability priority rating with an asset criticality score

Does not consider important business context

Scope of coverage

Wide variety of assets - endpoints, network devices, operational technology (OT), cloud workloads, web apps

Limited to the endpoints with an agent and basic SNMP-based capability

Dashboarding and reporting

Extensive library of dashboards and reports

Lack of dashboards and reports

Vulnerability management tool ecosystem

Integration and support for the 3rd party remediation tools, remediation workflow

Minimal integration with remediation tools like BigFix

Scanning technologies

Agent-based and agentless

Agent-based with limited support for network scanning

See Tenable in action

Want to see how Tenable can help your team expose and close the priority cyber weaknesses that put your business at risk?

Complete this form for more information.