Tenable Nessus Reviews

We use Tenable Nessus as a vulnerability management tool. It helps identify vulnerabilities in our system, how to address them, and what mitigation steps are required. We can assign high, medium, or low priority levels and schedule scans to run at specific times. The tool generates vulnerability assessment reports, valuable in our organization's environment for continuous security assessment.

We can onboard our organization's access and run scans as needed. We can also share the scan results every year and perform many other tasks with Tenable.

It’s a strong vulnerability assessment tool for management and serviceability. It is a reliable product that helps us identify vulnerabilities in our system effectively. I use it to scan our environment with SSM and generate vulnerability assessment reports.

The dashboard could be improved.

I have been using Tenable Nessus for two years.

Our team has 10-15 people using this solution. It’s a good tool for vulnerability assessment, and we can identify vulnerabilities in our organization. At this time, we can effectively use it within our organization.

I rate the solution’s scalability a nine out of ten.

It is expensive.

I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.

Overall, I rate the solution a seven out of ten.

Our company uses the solution for vulnerability scanning. 

The solution is easy to understand for users because instructions are included on the platform. 

Scanning capabilities are vast with built-in configurations that are pre-coded for various types of servers. 

There are very few false positives reported. 

It is easy to access and share reports. For example, consultants can extract reports, remove columns if needed, and share final copies with clients. 

Vulnerability recommendations are outdated and not in line with industry standards. 

The reporting tool should allow fancier customizations such as pivot or formula-based options. 

Cloud reviews should be a focus because AWS is taking over the market. 

I have been using the solution for three years. 

The solution is very, very stable and is considered the leader in stability. 

The solution is very scalable and we have it on every server in our organization with no issues. We only provide user-level access to our security teams. 

Technical support is very good and responsive. 

A few months back, we utilized their assistance for configurations on a custom EMI. They were very helpful and indicated the next upgrade would include a checklist and benchmarking documents for manual completion. 

The setup is very straightforward. 

The implementation was handled by Tenable. There was a one-time installation cost of $500-$1,000 which was nominal for our large organization. 

Tenable either connects virtually or comes onsite to deploy the solution across your entire network.  

Routine maintenance is performed on a local machine with no server needs. This occurs about three times a year by our in-house team. 

Our organization is huge so our license costs $30,000. We are one of the biggest financial sector groups in India, so are charged appropriately. 

Pricing is rated a seven out of ten because it is reasonable but always could be cheaper.

We use both the solution and Qualys which are leading tools in the industry.

Qualys is a complicated tool for users because it does not include easy-to-access instructions. It also reports more false positives. 

The solution is easier to use and includes instructions for running scans. 

Overall, the solution is a better tool than Qualys. 

The solution is a great tool for automation and reducing your team's efforts. If you have the budget and knowledgeable staff, then I recommend you use it. 

I rate the solution an eight out of ten. 

I use this solution for OS auditing, database auditing, virtualization, and following how closely it follows our CI or TISA benchmarks. We also use it for malware and ransomware risk and for carrying out assessments. We purchased this product from a local partner that has a premium partnership with Tenable. I'm a cybersecurity and compliance lead engineer.

The solution makes ransomware checking and OS auditing and implementation relatively easy. It covers most of the requirements for benchmarks for all sorts of widely available required configuration settings in the technology industry. It's also very user-friendly, easy on the eye, and saves a lot of time. It provides us with reports that perfectly satisfy compliance requirements, whatever the device or configuration settings. 

There is very little to improve but cloud security tests would be something helpful to have. Tenable could also offer some penetration testing-related services, which would be beneficial.

I've been using Nessus for three years. 

It's a very stable solution. 

The solution is scalable. I use it for around 4,000 servers on a daily basis.

The technical support is good. They offer expensive professional support, but I generally use the website documentation to fix things. Compared with other companies, they provide very good support. 

Positive

I previously used Qualys and had a bad experience. It's not very user-friendly, licensing was difficult and deployment painful. I also used Rapid7, and I think Nessus is more user-friendly than both of those products. 

The initial setup was very easy and took just a few hours. It's important to plan wisely before implementing. Know how many servers you have and try to project your future requirements so that you can estimate the total number of IPs you require. If the forecast is accurate, the solution is cost-efficient. We used consultants from Singapore and they installed some agents in our on-premise servers. Maintenance is very easy.

The global situation is very unstable and the dollar price has already increased significantly in our country in the last three or four months so everything has become expensive. Licensing is very competitive in our local markets and there's a lot of haggling that goes on. The option of a three-year license would be most beneficial for us because of the huge variations in the dollar. 

I rate this solution nine out of 10. 

Two of our customers use it for vulnerability assessment and penetration testing, and they are getting very good results.

It is easy to deploy and easy to use. Its reporting is good. From this reporting, you can see the pain point in your network, which makes it easy to fix them. It is easy to understand the reports and export them.

Technically, it is an excellent and the best solution available in Libya. My only concern is related to its pricing. They are an emerging company in Libya, and they need to put in some effort to provide us with very good prices so that customers can go with the best solution. Chinese companies are getting into the market here, and they're providing very cheap solutions.

We have been providing network and solution integration services since 2012.

It is a stable solution. It is the best one in the world. I am not considering any other solutions.

It is scalable.

Their technical support is very good. The feedback that I have received from the customers for the tickets that they opened is that they are satisfied with the service.

It is easy to deploy. It can be implemented in less than 10 days, but complex projects with ISO2007 and 001 compliance requirements can take more than a year.

From our side, there are only two engineers. One is the main engineer and the other one is the backup engineer. 

It is being used by only three users. Two are from the cyber information security team and one is from the network security team.

Its price is high for Libya. The companies here in Libya don't have the awareness of and a good budget for cybersecurity services. If you want them to go for a product, you need to provide something different. This differentiation is related to the price. They should give about 40% to 45% discount per person on the current cost. From our side, we provide the demo and show it as a very good and valuable solution, but when it comes to the price, some companies don't want to own the tool. They prefer to go for it as a service. There are a few companies that are providing it as a service where they own the tool, but they provide it as a service, which is cheaper than a customer owning the product. We strongly recommended that customers own the product and use it. 

I strongly recommend to customers to go for a three-year license to use it, benefit from it, and be comfortable with it. In Libya, we are facing a problem related to the timelines and delays of projects. If they go for just a one-year license and the project gets delayed by six months, they will have only six months to use it.

It is a very good and useful tool. I would rate it a nine out of ten.

Over 15.000 active assets|inside 10 companies belonging to the group, the biennium recurrent project mapped the real situation, in parallel with photography of IT/Security maturity through three main domains: processes, people, and technology. 5 TOEs: Infrastructure, Databases (SQL and Oracle in deep), AWS Cloud, Connectivity (Routers, Switches, and Firewalls against/based CIS) and Web Application instances (partial tests). Nessus running over a hardened Linux customized with HA (High Availability).

Nessus has more plugins/add-ons, tests, and templates than previous tools (OpenVas) and it is faster and customizable using CLI/API features. It offers enough resources for an interesting cost-benefit rating (for small and medium companies) and minus false-positive events per type of asset. 

It helped us to quickly produce a QuickWin report that guided the VulnerabilityMgmt actions and plans within the company's during the next 3-5 years using the same tool/investment/team for all companies inside the de group.  

Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips in the documentation), tests against cloud providers, database profiles, several types of telecom devices, and other highly customizable scans. You can scale your environment to gradually increase the quality, depth, and quantity of the tests, enabling you to learn and gradually optimize your vulnerability management platform(s)/instance(s). The possibility of integration with other market tools (Kenna, Archer...) is another differential.

- Add the possibility to customize attributes that define the assets critical level based on the company's "business sense".

- Improve integration and tests for OT platforms, OT application, OT hardware, and non-Ethernet protocols.

- Improve the exchange of info/insights/attributes with RM (Risk Management) domain.

- Offer a more flexible strategic and high-level dashboards based on previous comments (minus technical and more business-oriented)

- Model OS costs (and its segregation schema for individual modules).

7+ years with Tenable and more than 15y with others.

Excellent. No one problem during operation time and deployment.

Enough (faster than OpenVAS engine).

It SLA/support are enough. 

Neutral

OpenVAS. We reached the previous level/threshold/maturity using OpenVas (more limited tool when compared with Nessus). I/We believe that, the change to a better tool (in this and in others categories) should be carried out when these indicators are reached.

Very simple and fast.

In-house.

Good. Nessus Pro combined with other xLAP solutions to offer a presentation/grouping layer is great. Using SC this curve/point of ROI is slower.

Start small, learn about your problems/fixing time and grow up gradually.

Several. OpenVas, Rapid7, Qualys, CORE* and Retina.

A cost/benefit interesting tool.

We use Tenable Nessus to schedule test scans and work with the finding.

We have integrated Tenable Nessus with Splunk.

The most valuable feature of Tenable Nessus is the GUI and user-friendliness. Additionally, the environment is easy to work with.

I have been using Tenable Nessus for approximately one year.

Tenable Nessus is a stable solution.

I rate the stability of Tenable Nessus a ten out of ten.

The scalability of Tenable Nessus is good. However, it could be more flexible.

We have over 400 people using the solution. We plan to increase our usage, but it depends on the progress of the business.

I rate the scalability of Tenable Nessus an eight out of ten.

The support we have for Tenable Nessus is internal. The IT teams for Tenable Nessus are in the Czech Republic for us.

I have previously used Tenable IO.

The price of Tenable Nessus is too expensive for each service center.

I recommend Tenable Nessus because it's a good solution, works properly, is not complicated to administrate, is simple to manage, and is stable.

I rate Tenable Nessus a nine out of ten.

We use this solution for network and device scanning. Massive scanners have been integrated with the security center. We scan devices and pull the report from the security center. We publish the report to respective stakeholders, and we maintain the reports for our records. The reports show vulnerabilities, plugin text, and plugin outputs. We analyze the report and try to close the vulnerabilities identified in the scan.

The solution is deployed on-premises.

There are about 10 people using this solution in my organization. They were part of the security team and were doing the scanning and remediation. I led the team and dealt with any challenges.

My organization is a service provider. We provide security services to clients.

The vulnerability scanner is the most valuable feature. It's an important feature for us. We use the plugin output for that. It shows us the exact version of Nessus and what is needed for remediation. Based on that, we decide what should be remediated first to get the best result for security.

The agent scanner is a valuable feature. We also do credential scans, which gives the equivalent report. In the log project situation, we receive very good support from Nessus. They have built one policy for the log project itself. With the help of that policy and the plugins specified for the log project, the scans were faster for that project.

If we run a scan, it will usually check all of the plugins, which is a time-consuming process. We received help, and we had one plugin for the log project. That was for checking the log project only because we were already done with the complete scan.

I would like to see more on the automation side. There should be proper tools and support for automation in Tenable itself.

I have used this solution for more than four years.

It's a stable solution, but we noticed that the agent wasn't being updated. This means we have to update it manually and run a few commands to get the service running. If the solution isn't updated with the latest version, it will go offline.

We receive very good technical support from the team in India. We're very happy with them. I'm also in touch with some people from Tenable India. They helped me understand the requirements and the solution's latest features.

I would rate technical support as four out of five because they could always improve.

Initial setup was easy. That's why I proposed the solution to my current organization. 

The deployment process completely depends on approvals and how we're getting the procurement of hardware and the licenses. It depends on the organization.

The solution is worth the cost. It's a good investment. 

I have also evaluated Qualys. There were some missing features, so we weren't able to detect vulnerabilities related to specific software, like Adobe and Java.

I have also used Tenable.sc.

I would rate this solution as eight out of ten. 

For those who want to use this solution, my advice is to go to Tenable's website and read about the solution so you can properly understand its features. There are demo videos too. That will help you make a decision about whether you want to use the tool or not.

I would definitely recommend this solution to others who want to use it.

We use Tenable Nessus internally for our vulnerability scan and dynamic vulnerability assessments.

Tenable Nessus has helped us with better visibility of the current security posture of our infrastructure and helped us be proactive about remediating those findings.

The most valuable feature of Tenable Nessus is the support it provides for any new vulnerabilities quickly.

Tenable Nessus application device assessment is one of the top tools. However, in the application security assessment, there are other tools that provide better, and more accurate findings.

In a future release, I would like to see all SC reporting features included in the Professional version.

I have been using Tenable Nessus for approximately five years.

Tenable Nessus is stable.

The stability of Tenable Nessus is good.

We don't have a very big security team. It's four or five people who are using it.

We have used the support from Tenable Nessus. The support was relatively good.

The initial setup of Tenable Nessus was straightforward, we did not have any issues.

The deployment of Tenable Nessus was done in-house.

The solution is not difficult to maintain at the scale we are working on it.

We have seen a return on investment by using Tenable Nessus.

The newer tools are quite pricey. There is a case of some fine tuning that can be done in terms of licensing. The IP based licensing that is offered makes the tool very expensive. If they want the IT industry to adopt it, the price should be looked at.

For the professional the cost is reasonable. However, if you go to an HC or IO platform, then the price is high. Even though the scan engine is the same, the additional features for dashboarding and reporting should not cost more than the solution itself or the intelligence of the tool to identify those findings.

There are not any fees

In terms of the identification of vulnerabilities, this is a good tool. The engine it uses is accurate. However, it depends on which tool out of the stack you would use, and the scale of the infrastructure.

I rate Tenable Nessus a seven out of ten.