Tenable Nessus Reviews

I implement the solution as a vulnerability management tool for client use cases. It can be used for public factors because it sits right where you have tie in and bleeds over or in between other tools as another piece in the EDR puzzle. The solution identifies vulnerabilities, applies patches, and provides some other EDR results. 

I have also used the solution in environments where customers only want to pay for master's licensing and conduct vulnerability scanning for 100 to 12,000 endpoints. It took 23 days to create a security center from that page with data imports and API plugins. 

It really just depends on what you need, where your money lies, and what you want to get from the solution at the endpoints. 

The solution has a single price for unlimited assets. Value wise, the solution is also great for pen testers and consultants. 

The solution is useful for vulnerability and patch management from both the internal and public facing sides. 

Quick assessments, compliance scores, and results are provided without having to do agents. 

It would be nice for the professional module to include some of the reports available in the expert module. 

I have been using the solution for ten years. 

The solution is very stable so stability is rated a ten out of ten. 

The scalability is not an issue for the solution itself because it is a software. Scalability really depends on your hardware. 

I have not needed technical support. A colleague reported that a licensing issue took two weeks to resolve. A bigger client was trying to buy five licenses and it took two months. It seems most issues revolve around purchasing or upgrading licenses.  

The setup is straightforward. 

I implement the solution for customers. 

The solution has a single price for unlimited assets and offers both professional and expert modules. The professional module is agentless. The expert module costs around $2,000 and includes agents. 

Be sure you have an appropriate amount of time available if you are not running an agent-based system. Pulling in results for 15,000 endpoints takes time because the solution can only fetch data for eight to ten endpoints at a time. You have to scan or you will have network traffic load issues. 

I rate the solution a nine out of ten. 

The platform is essential for vulnerability management tasks and integrates with various data management applications.

The product could have unique features similar to Qualys. 

We have been using Tenable Nessus for about a year to a year and a half. We are using the latest version to ensure access to all the latest features.

While Tenable offers a robust solution, the main competitor, Qualys, has some unique features. However, Tenable has a larger market share, indicating that it has undergone extensive testing and development based on customer feedback.

The complexity of deploying Nessus largely depends on the customer's operational environment. If the environment has diverse systems, implementation may be more complex, while a more uniform system allows for easier setup.

The timeline for implementation could range from one week to several months based on these factors.

The product pricing is dynamic and varies based on the specific needs of each project and customer.

Discounts can be offered based on competition and project requirements, making it a relative cost depending on the context.

The solution automates vulnerability checks, which is crucial for our customers who cannot dedicate a team to monitor security issues constantly. It notifies us of vulnerabilities as they arise, allowing us to respond quickly without manual intervention.

It automates the scanning process, allowing us to schedule regular scans, generate reports, and receive notifications about critical vulnerabilities via email. It enhances our ability to monitor the security landscape continuously.

Overall, I rate it a nine out of ten. 

The tool was used mainly to do network and security scans in some designated areas. It was part of maintaining the ISO 27k certification for some countries, like Turkey, Egypt, and India. Another usage was that we had regular and yearly scans planned as part of policies on some other network areas that would do network management in the central region and Internet-shared network.

Security is the key number because it can start to scan with a few clicks compared to Qualys, which is a bit complicated. So simplicity is the first advantage. Then the generated reports are well done and easy to present to management. The quality of the scan is quite good in detecting the severity. The solution has simplicity. Also, it has frequent updates so that is also a valuable feature.

We've got several versions of Tenable, and the one we use is the professional. It's the only one I know because we did not explore others. It was called Nessus Professional, and it should not be confused with Nessus Enterprise, Tenable, or tenable.sc or tenable.io. In Nessus Professional, the main drawback was that we could have a single-user login password. So it could be better in terms of security. Of course, we could have as many users as we wanted, and we got about fifteen users, but we couldn't distinguish the rules in this solution. If you wanted to allow some people to do a scan of some areas and some other areas, we would have to go through an expensive version. So, with the professional edition, the management of users needed to be improved. We could have a new user-defined.

I have been using the solution since 2003.It has been twenty years.

It is a stable solution.

It is a scalable solution. Fifteen users are using the solution.

The technical support team is good. But one drawback is that they must give more attention to small customers. We had only ten licenses in the professional mode, one of the cheapest.

So we found it easy to get attention and always found the solution.

Neutral

The initial setup was easy.

We paid about six thousand dollars per license.

I evaluated Qualys but the pricing scheme was different so did not go with that. Although Tenable was much more limited than Qualys.

People should use it because it is straightforward and simple. I would rate it seven out of ten, for the simplicity of usage and the quality of the security assessment that is done and the reporting.

Tenable is for scanning the vulnerabilities on the endpoint. That's the prime use case. It can also be extended for scanning web publications, et cetera. 

Nessus is a very stable product. And it has been a pioneer and has been around for a long time. Their vulnerability dashboards are very good to use.

It is easy to set up.

The solution can scale well. 

The pricing is reasonable. 

While the pricing is quite good, any client would, of course, like it to be a bit less. 

We'd like to see the solution embrace more user-friendliness. That said, currently, we are happy with the product.

I've used the solution for a while. it's been a couple of years. 

It is a stable, reliable product. The performance is good. There are no bugs or glitches. It doesn't crash or freeze. 

I have found the product to be scalable. 

We generally don't have a lot of requirements for tech support with Tenable. We have been using it for so long, we have received quite a good amount of training from them at this point. Therefore, we don't look for a lot of tech support.

The setup is quite straightforward and simple. I wouldn't describe the process as overly complex. 

The deployment time depends on how the endpoints are distributed. If it is a single one within one country and one region, it is very fast. We can do it in less than three months.

We are consultants. We can assist users with the setup process. 

It's not an overly expensive solution. It's pretty affordable. 

Users pay an annual licensing fee. 

I'm a consultant. 

We can deploy the solution either on-premises or on the cloud. 

I'd advise potential new users to look at what the landscape is. And based on the landscape, they should be able to fit the product. You need to first consider your strategy and build towards that. We would recommend this solution to others if it seems to fit their needs. 

I'd rate the solution nine out of ten.

Our company uses the solution for vulnerability scanning. 

The solution is easy to understand for users because instructions are included on the platform. 

Scanning capabilities are vast with built-in configurations that are pre-coded for various types of servers. 

There are very few false positives reported. 

It is easy to access and share reports. For example, consultants can extract reports, remove columns if needed, and share final copies with clients. 

Vulnerability recommendations are outdated and not in line with industry standards. 

The reporting tool should allow fancier customizations such as pivot or formula-based options. 

Cloud reviews should be a focus because AWS is taking over the market. 

I have been using the solution for three years. 

The solution is very, very stable and is considered the leader in stability. 

The solution is very scalable and we have it on every server in our organization with no issues. We only provide user-level access to our security teams. 

Technical support is very good and responsive. 

A few months back, we utilized their assistance for configurations on a custom EMI. They were very helpful and indicated the next upgrade would include a checklist and benchmarking documents for manual completion. 

The setup is very straightforward. 

The implementation was handled by Tenable. There was a one-time installation cost of $500-$1,000 which was nominal for our large organization. 

Tenable either connects virtually or comes onsite to deploy the solution across your entire network.  

Routine maintenance is performed on a local machine with no server needs. This occurs about three times a year by our in-house team. 

Our organization is huge so our license costs $30,000. We are one of the biggest financial sector groups in India, so are charged appropriately. 

Pricing is rated a seven out of ten because it is reasonable but always could be cheaper.

We use both the solution and Qualys which are leading tools in the industry.

Qualys is a complicated tool for users because it does not include easy-to-access instructions. It also reports more false positives. 

The solution is easier to use and includes instructions for running scans. 

Overall, the solution is a better tool than Qualys. 

The solution is a great tool for automation and reducing your team's efforts. If you have the budget and knowledgeable staff, then I recommend you use it. 

I rate the solution an eight out of ten. 

We use Tenable Nessus to schedule test scans and work with the finding.

We have integrated Tenable Nessus with Splunk.

The most valuable feature of Tenable Nessus is the GUI and user-friendliness. Additionally, the environment is easy to work with.

I have been using Tenable Nessus for approximately one year.

Tenable Nessus is a stable solution.

I rate the stability of Tenable Nessus a ten out of ten.

The scalability of Tenable Nessus is good. However, it could be more flexible.

We have over 400 people using the solution. We plan to increase our usage, but it depends on the progress of the business.

I rate the scalability of Tenable Nessus an eight out of ten.

The support we have for Tenable Nessus is internal. The IT teams for Tenable Nessus are in the Czech Republic for us.

I have previously used Tenable IO.

The price of Tenable Nessus is too expensive for each service center.

I recommend Tenable Nessus because it's a good solution, works properly, is not complicated to administrate, is simple to manage, and is stable.

I rate Tenable Nessus a nine out of ten.

I primarily use the solution for network scanning. I can use it when I want to see network scanning involved with the network devices and servers. 

I love everything about Nessus. I may be biased in my rating, biased in the sense that I love using Nessus.

The usability is okay. The pricing is okay. The costs are reasonable.

The level they give you is good. It depends on the kind of scan that you want to do. There are different options there. If I want to do a PCI scan, that is available. If I want to do a scan that involves checking to see if the system patching is up to date, that is available. If I want to scan against trending vulnerabilities, I can do that, too. They have so many different options. You can streamline it to what you want, and you do your scan. 

Nessus is flexible. It gives a holistic view of your entire environment. I would go for a Nessus any day, anytime.

They have a good reporting system. I love the reporting system. The references they made in terms of recommendations are great. They can give a recommendation on how to get a particular issue fixed. 

The setup is straightforward. 

It is stable and reliable.

We can scale the product. 

They should try to create an all-in-one solution. When I say all in one, I mean something that would be cheap, where I can scan a lot in terms of web applications. Right now, this is available. However, it's a bit expensive. If users want to start scanning applications, networking devices, et cetera, they should also try and work on the pricing for those and have everything together. The web application module should be included in Tenable itself.

I've used the solution over the past 13 years. I've worked with it for a long time.

The stability is fine. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution can scale as needed. 

I've not escalated anything to technical support. 

I'm aware of other solutions. 

What makes Nessus outstanding is the different options. There are so many scanning options. They give you the room to be flexible. You can scan your server how you want. Other options may just allow for a general scan of my system. With Nessus, I can streamline and customize my scan. 

It is an easy solution to set up. The deployment is not lengthy. Within two hours, I had it up and running. 

There is no crazy maintenance needed. Sometimes when there are new updates, it just alerts you the moment you log into your appliance. It just alerts you and gives you room to do the updates. Sometimes it may just set automatically, and it picks the updates. When you log in, it asks for you to reinitialize your system, and you're good to go.

The price is not bad. We are comfortable with the cost of the solution right now and with what we are paying for what we get in return. 

We just pay for the license and do not deal with any other additional fees. 

We're using the latest version of the solution. 

When you are doing a spot check, and something rescues you a lot from disaster, you really appreciate that service. The product has really worked for me.

I highly recommend the solution.

I'd suggest new users run a POC and exhaust all the functionality and test other solutions as well. At the end of the day, compare them. Don't forget to consider budgets. Ensure that it matches what your company needs and the budget that they have for that particular solution. 

Make sure that functionality is taken into account. Some people only look at the budget and go for something cheaper and then do not have the functionality they require. 

I'd rate the solution nine out of ten. 

We use this solution for network and device scanning. Massive scanners have been integrated with the security center. We scan devices and pull the report from the security center. We publish the report to respective stakeholders, and we maintain the reports for our records. The reports show vulnerabilities, plugin text, and plugin outputs. We analyze the report and try to close the vulnerabilities identified in the scan.

The solution is deployed on-premises.

There are about 10 people using this solution in my organization. They were part of the security team and were doing the scanning and remediation. I led the team and dealt with any challenges.

My organization is a service provider. We provide security services to clients.

The vulnerability scanner is the most valuable feature. It's an important feature for us. We use the plugin output for that. It shows us the exact version of Nessus and what is needed for remediation. Based on that, we decide what should be remediated first to get the best result for security.

The agent scanner is a valuable feature. We also do credential scans, which gives the equivalent report. In the log project situation, we receive very good support from Nessus. They have built one policy for the log project itself. With the help of that policy and the plugins specified for the log project, the scans were faster for that project.

If we run a scan, it will usually check all of the plugins, which is a time-consuming process. We received help, and we had one plugin for the log project. That was for checking the log project only because we were already done with the complete scan.

I would like to see more on the automation side. There should be proper tools and support for automation in Tenable itself.

I have used this solution for more than four years.

It's a stable solution, but we noticed that the agent wasn't being updated. This means we have to update it manually and run a few commands to get the service running. If the solution isn't updated with the latest version, it will go offline.

We receive very good technical support from the team in India. We're very happy with them. I'm also in touch with some people from Tenable India. They helped me understand the requirements and the solution's latest features.

I would rate technical support as four out of five because they could always improve.

Initial setup was easy. That's why I proposed the solution to my current organization. 

The deployment process completely depends on approvals and how we're getting the procurement of hardware and the licenses. It depends on the organization.

The solution is worth the cost. It's a good investment. 

I have also evaluated Qualys. There were some missing features, so we weren't able to detect vulnerabilities related to specific software, like Adobe and Java.

I have also used Tenable.sc.

I would rate this solution as eight out of ten. 

For those who want to use this solution, my advice is to go to Tenable's website and read about the solution so you can properly understand its features. There are demo videos too. That will help you make a decision about whether you want to use the tool or not.

I would definitely recommend this solution to others who want to use it.