Tenable Nessus Reviews

We do infrastructure audits in the state, and we have a lot of organizations and customers for which we do security assessments.

Nessus assists you to complete the job in a shorter period of time. It discovers all the assets and identifies existing vulnerabilities in the environment. 

You can then direct your team to create a report on the discovered vulnerabilities. Basically, you can use Tenable to shorten the activity and get faster results.

Tenable Nessus could include a broader range of IT assets. Nowadays, IT is not limited to laptops and desktops. It can be any environment in the organization, such as iOS or Android mobile phones. 

Apart from that, organizations use APIs and specific tools. We would like Tenable to cover every aspect of IT infrastructure, not just generic systems like laptops, desktops, switches, or servers. It should include every kind of device, like Raspberry Pi. This small chunk of devices acts as sensors in several organizations. 

We would like to be able to scan every device in the network, and the solution should present vulnerabilities within their system.

I've been working with it for ten years.

Tenable is a stable solution. I would rate the stability a ten out of ten. 

Tenable's scalability is good. I would rate the scalability a seven out of ten. 

We have no issues with support.

Positive

We had used some open-source solutions previously.

We made a switch to Tenable Nessus because of the vulnerability coverage. It has a huge scope.

Nessus is quite easy. It is quite easy to deploy, quite easy for my team to use this software for vulnerability scanning. So it is very easy. 

I would rate my experience with the initial setup a nine out of ten, with ten being easy. 

It took one to two hours.

We do this in-house. We, ourselves, deployed this solution. 

Sometimes we take assistance from the OEM or the reseller, but generally, we make it an in-house activity.

There is a ROI in terms of cost savings, time savings and more. 

We have one user license at present. The price is okay. I would give it a seven out of ten, where one is cheap and ten is expensive.

I would recommend it to others. It's a good solution. Overall, I would rate it an eight out of ten. In every aspect, it is good. 

I implement the solution as a vulnerability management tool for client use cases. It can be used for public factors because it sits right where you have tie in and bleeds over or in between other tools as another piece in the EDR puzzle. The solution identifies vulnerabilities, applies patches, and provides some other EDR results. 

I have also used the solution in environments where customers only want to pay for master's licensing and conduct vulnerability scanning for 100 to 12,000 endpoints. It took 23 days to create a security center from that page with data imports and API plugins. 

It really just depends on what you need, where your money lies, and what you want to get from the solution at the endpoints. 

The solution has a single price for unlimited assets. Value wise, the solution is also great for pen testers and consultants. 

The solution is useful for vulnerability and patch management from both the internal and public facing sides. 

Quick assessments, compliance scores, and results are provided without having to do agents. 

It would be nice for the professional module to include some of the reports available in the expert module. 

I have been using the solution for ten years. 

The solution is very stable so stability is rated a ten out of ten. 

The scalability is not an issue for the solution itself because it is a software. Scalability really depends on your hardware. 

I have not needed technical support. A colleague reported that a licensing issue took two weeks to resolve. A bigger client was trying to buy five licenses and it took two months. It seems most issues revolve around purchasing or upgrading licenses.  

The setup is straightforward. 

I implement the solution for customers. 

The solution has a single price for unlimited assets and offers both professional and expert modules. The professional module is agentless. The expert module costs around $2,000 and includes agents. 

Be sure you have an appropriate amount of time available if you are not running an agent-based system. Pulling in results for 15,000 endpoints takes time because the solution can only fetch data for eight to ten endpoints at a time. You have to scan or you will have network traffic load issues. 

I rate the solution a nine out of ten. 

We have around 500 virtual machines. Therefore, we conduct monthly scans and open tickets for our developers to address identified vulnerabilities. These scans cover the servers, other network equipment, and appliances in our infrastructure. 

One significant drawback we encounter is the tool's tendency to flag patched packages incorrectly. For instance, if a package is patched by Debian maintainers but not updated to a major or minor version, Nessus may still flag it as vulnerable based on its database. This discrepancy leads to false alarms and requires our developers, system admins, and DevOps teams to address them. 

It would be beneficial if it could handle minor additions to versions similar to how Debian manages its patches. This feature would allow it to differentiate between patched and non-patched versions.

I have been using the product for ten years. 

Tenable Nessus is very stable. We encountered some issues with scanning certain network equipment but resolved them by adjusting the parameters. Our main focus is scanning our servers; we haven't experienced any significant problems with that process.

My company has three users. 

We haven't contacted Tenable Nessus for assistance or questions because we haven't encountered any serious issues, and we are generally satisfied with the product.

We chose Tenable Nessus because we primarily rely on open-source products as a publicly funded institution. About ten years ago, we conducted research to determine the best option, and at that time, it stood out as the preferred choice.

Tenable Nessus' deployment is straightforward. 

The product is free. 

I rate the overall product a nine out of ten. 

The tool was used mainly to do network and security scans in some designated areas. It was part of maintaining the ISO 27k certification for some countries, like Turkey, Egypt, and India. Another usage was that we had regular and yearly scans planned as part of policies on some other network areas that would do network management in the central region and Internet-shared network.

Security is the key number because it can start to scan with a few clicks compared to Qualys, which is a bit complicated. So simplicity is the first advantage. Then the generated reports are well done and easy to present to management. The quality of the scan is quite good in detecting the severity. The solution has simplicity. Also, it has frequent updates so that is also a valuable feature.

We've got several versions of Tenable, and the one we use is the professional. It's the only one I know because we did not explore others. It was called Nessus Professional, and it should not be confused with Nessus Enterprise, Tenable, or tenable.sc or tenable.io. In Nessus Professional, the main drawback was that we could have a single-user login password. So it could be better in terms of security. Of course, we could have as many users as we wanted, and we got about fifteen users, but we couldn't distinguish the rules in this solution. If you wanted to allow some people to do a scan of some areas and some other areas, we would have to go through an expensive version. So, with the professional edition, the management of users needed to be improved. We could have a new user-defined.

I have been using the solution since 2003.It has been twenty years.

It is a stable solution.

It is a scalable solution. Fifteen users are using the solution.

The technical support team is good. But one drawback is that they must give more attention to small customers. We had only ten licenses in the professional mode, one of the cheapest.

So we found it easy to get attention and always found the solution.

Neutral

The initial setup was easy.

We paid about six thousand dollars per license.

I evaluated Qualys but the pricing scheme was different so did not go with that. Although Tenable was much more limited than Qualys.

People should use it because it is straightforward and simple. I would rate it seven out of ten, for the simplicity of usage and the quality of the security assessment that is done and the reporting.

We use Tenable Nessus as a vulnerability management tool. It helps identify vulnerabilities in our system, how to address them, and what mitigation steps are required. We can assign high, medium, or low priority levels and schedule scans to run at specific times. The tool generates vulnerability assessment reports, valuable in our organization's environment for continuous security assessment.

We can onboard our organization's access and run scans as needed. We can also share the scan results every year and perform many other tasks with Tenable.

It’s a strong vulnerability assessment tool for management and serviceability. It is a reliable product that helps us identify vulnerabilities in our system effectively. I use it to scan our environment with SSM and generate vulnerability assessment reports.

The dashboard could be improved.

I have been using Tenable Nessus for two years.

Our team has 10-15 people using this solution. It’s a good tool for vulnerability assessment, and we can identify vulnerabilities in our organization. At this time, we can effectively use it within our organization.

I rate the solution’s scalability a nine out of ten.

It is expensive.

I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.

Overall, I rate the solution a seven out of ten.

Tenable Nessus is vulnerability management software. We install Nessus scanners on all our workstations and laptops. It runs scans to check for outdated software and vulnerabilities. At the beginning of each month, I send notes out to the admins about what needs to be updated, and I check at the end of the month to make sure it's done. 

Nessus helps us keep our software up to date to avoid security vulnerabilities. It's a good tool for auditing our vulnerability management. 

My favorite part about Nessus is that you can customize the tool to scan exactly what you want. Microsoft releases new patches monthly on Patch Tuesday, and a lot of companies track that date. I set up Nessus for the day after Patch Tuesday to see which devices have already pushed those updates from Microsoft, so we can stay updated. 

Tenable stays on top of new IT trends in vulnerability management because there's constant innovation. They keep up with the industry. In the past few years, everything has shifted to cloud-based servers. It's a long-term trend that COVID accelerated. Tenable came out with a tool for that. 

Nessus  is pretty stable if you have a disaster recovery plan in place. We've never had an outage. The stability depends on the servers where it is running. 

You can scale Nessus to the extent that you can afford it. You need to have a license for every device you scan. As long as you can afford the increased costs, you won't have a problem scaling it.

I rate Tenable support 10 out of 10. They're top-of-the-line.  It's the best support I've worked with so far. 

Positive

I rate Tenable Nessus nine out of 10. I recommend creating a Tenable Community account. Tenable uses that for support, but they also have a massive library of training videos that they call Tenable University. You can also access the Tenable Community forums where experts and general users can share information and ask questions. 

I am using it for scanning and checking vulnerabilities. I am using the Azure version of Tenable Nessus.

I like this solution because it is complete. It can scan and check many types of vulnerabilities. It can also check for compliance.

It fits very well in my environment. It is very easy to use, and there is a very good cost-benefit of this solution. 

There should be a possibility to install agents on scanned machines. Tenable IO provides the capability of using local agents to check local problems, but this feature is not there in Tenable Nessus Professional. It would be nice to have something similar in Tenable Nessus Professional. We should have the capability to use local agents installed on the machines to locally check a problem.

It is stable.

It is, for sure, scalable. We have 10 or 12 people who use this solution.

We never have any kind of problem or lack of response. I would rate them a ten out of ten.

Positive

It is very easy. It is pretty straightforward.

It has a fair cost and very good cost-benefit ratio.

I would recommend it to others. It does everything that such a solution needs to do. It can check for vulnerabilities and compliance. It is also very easy to use. It is better than its competitors, such as Rapid7.

I trust Tenable solutions. I have worked with Tenable IO a few years ago, and with Tenable Nessus, I had the same feeling that I had with Tenable IO. It is a very good solution. It is more expensive than Tenable IO, but it is a complete solution. 

I would rate it a nine out of ten.

The platform is essential for vulnerability management tasks and integrates with various data management applications.

The product could have unique features similar to Qualys. 

We have been using Tenable Nessus for about a year to a year and a half. We are using the latest version to ensure access to all the latest features.

While Tenable offers a robust solution, the main competitor, Qualys, has some unique features. However, Tenable has a larger market share, indicating that it has undergone extensive testing and development based on customer feedback.

The complexity of deploying Nessus largely depends on the customer's operational environment. If the environment has diverse systems, implementation may be more complex, while a more uniform system allows for easier setup.

The timeline for implementation could range from one week to several months based on these factors.

The product pricing is dynamic and varies based on the specific needs of each project and customer.

Discounts can be offered based on competition and project requirements, making it a relative cost depending on the context.

The solution automates vulnerability checks, which is crucial for our customers who cannot dedicate a team to monitor security issues constantly. It notifies us of vulnerabilities as they arise, allowing us to respond quickly without manual intervention.

It automates the scanning process, allowing us to schedule regular scans, generate reports, and receive notifications about critical vulnerabilities via email. It enhances our ability to monitor the security landscape continuously.

Overall, I rate it a nine out of ten.