Tenable Nessus Reviews

We use the solution for vulnerability management trafficking across an entire group. 

I am impressed with the tool's vulnerability scanning. 

The tool needs to upgrade asset tracking. 

I am using the tool for two years. 

The solution is extremely stable. I would rate the tool's stability a nine out of ten. 

I didn't encounter any issues with scalability and I would rate it a nine out of ten. We have around 3000 user endpoints that are being monitored. My company has around 20 users for the tool.

Our local partner helps with the support. 

I would rate the tool's setup a seven out of ten. It is not an easy setup but with proper support, the process is doable. 

The solution gives us ROI since it offers visibility and helps to tighten controls in our network. 

I would like to see better discounts. 

I would rate the solution a nine out of ten. It is one of the best tools to use if compliance is your priority. 

We use Tenable to scan all the workstations in our government environment for vulnerabilities and outdated software. The Tenable agents installed on the PCs enable us to detect any potential security risks or applications that are not up-to-date, malicious, or suspicious. This helps us ensure that all the PCs are secure and are in good posture.

The most valuable feature is the installation of Tenable which is incredibly easy. Even those without extensive technical knowledge can do it. All we need is the license and a few clicks through the installation process which is simple. Once the program is installed on all PCs and servers, we're good to go!

The solution can be annoyingly slow.

The pricing is a bit high. 

We would like to see the inclusion of penetration testing capabilities if possible.

Tenable has been mostly used in the on-premise environment, so it would be great if they could improve the transition to the cloud.

The accuracy of the vulnerability assessment needs improvement as false alarms and false positives occur often. Applications are often flagged as critical when they are actually benign. To improve user experience, there needs to be an upgrade in the accuracy of the results and a more user-friendly interface.

Sometimes it can be difficult to adjust the policies. When the solution has been previously installed. Making changes to policies requires navigating multiple steps. This process can be time-consuming and potentially confusing. Expert knowledge may be necessary in certain cases.

I have been using the solution for four years.

There has been an improvement over the years and the solution is now extremely stable.

We can easily scale up our license to support more devices. By increasing our license, we can add more workstations.

The technical support is outstanding. We encountered some difficulties during our initial deployment, yet they persisted in helping us all day long. Their support team is very competent.

Positive

The initial setup is straightforward. 

The deployment took us two days to install the SoC on all 100 of our workstations.

The solution is expensive. We lost bids to competing companies due to the pricing; there are cheaper alternatives to Tenable such as Rapid7 InsightVM.

I give the solution an eight out of ten.

We have 100 workstations that all use the solution.

Tenable is for scanning the vulnerabilities on the endpoint. That's the prime use case. It can also be extended for scanning web publications, et cetera. 

Nessus is a very stable product. And it has been a pioneer and has been around for a long time. Their vulnerability dashboards are very good to use.

It is easy to set up.

The solution can scale well. 

The pricing is reasonable. 

While the pricing is quite good, any client would, of course, like it to be a bit less. 

We'd like to see the solution embrace more user-friendliness. That said, currently, we are happy with the product.

I've used the solution for a while. it's been a couple of years. 

It is a stable, reliable product. The performance is good. There are no bugs or glitches. It doesn't crash or freeze. 

I have found the product to be scalable. 

We generally don't have a lot of requirements for tech support with Tenable. We have been using it for so long, we have received quite a good amount of training from them at this point. Therefore, we don't look for a lot of tech support.

The setup is quite straightforward and simple. I wouldn't describe the process as overly complex. 

The deployment time depends on how the endpoints are distributed. If it is a single one within one country and one region, it is very fast. We can do it in less than three months.

We are consultants. We can assist users with the setup process. 

It's not an overly expensive solution. It's pretty affordable. 

Users pay an annual licensing fee. 

I'm a consultant. 

We can deploy the solution either on-premises or on the cloud. 

I'd advise potential new users to look at what the landscape is. And based on the landscape, they should be able to fit the product. You need to first consider your strategy and build towards that. We would recommend this solution to others if it seems to fit their needs. 

I'd rate the solution nine out of ten.

Our company uses the solution for vulnerability scanning. 

The solution is easy to understand for users because instructions are included on the platform. 

Scanning capabilities are vast with built-in configurations that are pre-coded for various types of servers. 

There are very few false positives reported. 

It is easy to access and share reports. For example, consultants can extract reports, remove columns if needed, and share final copies with clients. 

Vulnerability recommendations are outdated and not in line with industry standards. 

The reporting tool should allow fancier customizations such as pivot or formula-based options. 

Cloud reviews should be a focus because AWS is taking over the market. 

I have been using the solution for three years. 

The solution is very, very stable and is considered the leader in stability. 

The solution is very scalable and we have it on every server in our organization with no issues. We only provide user-level access to our security teams. 

Technical support is very good and responsive. 

A few months back, we utilized their assistance for configurations on a custom EMI. They were very helpful and indicated the next upgrade would include a checklist and benchmarking documents for manual completion. 

The setup is very straightforward. 

The implementation was handled by Tenable. There was a one-time installation cost of $500-$1,000 which was nominal for our large organization. 

Tenable either connects virtually or comes onsite to deploy the solution across your entire network.  

Routine maintenance is performed on a local machine with no server needs. This occurs about three times a year by our in-house team. 

Our organization is huge so our license costs $30,000. We are one of the biggest financial sector groups in India, so are charged appropriately. 

Pricing is rated a seven out of ten because it is reasonable but always could be cheaper.

We use both the solution and Qualys which are leading tools in the industry.

Qualys is a complicated tool for users because it does not include easy-to-access instructions. It also reports more false positives. 

The solution is easier to use and includes instructions for running scans. 

Overall, the solution is a better tool than Qualys. 

The solution is a great tool for automation and reducing your team's efforts. If you have the budget and knowledgeable staff, then I recommend you use it. 

I rate the solution an eight out of ten. 

We use it predominantly for vulnerability scanning and compliance scanning as part of the vulnerability and compliance protocols in one of our programs.

The ease of use is the primary valuable feature. This specific version is very straightforward. I like the ability to modify it and configure it based on the different policies.

I also like the number of plugins. It has quite a lot of plugins that keep it up to date with the different vulnerabilities coming out.

Multiple user access would be an area for improvement from a user-access perspective. A role-based access control feature would be great because at present, there is a limitation with only one account. If that account gets compromised or gets locked, then we will encounter problems.

It would be good to have a way to store filters from searches so that you don't have to recreate them from scratch every time. To be able to have them saved as a list of filters would be really useful.

It would be really useful to have a way to assess the risk of a specific vulnerability based on a number of factors which could be tailored. It could be a tailored set of factors you introduce to see a potential risk score or a different view of the CVSS score.

A lot of organizations do this manually, and some of them have some other ways of identifying or assessing the risk of vulnerabilities. It would be really useful to have a framework which allows you to create a way to assess the risk of vulnerabilities on the platform and potentially prioritize them or provide information as a report to management or to other teams for resolution.

It would be really nice to have a way to visualize the different results from the scans. For example, if you scan a Windows 2016 Server and you have a number of vulnerabilities, it would be nice to somehow show the vulnerabilities in a graphical format and potentially combine some of the outcomes into a graphical representation showing trending. Trending is quite important, especially when I speak to my senior management stakeholders and try to show the security posture and status. It would help to provide a long and wide view of where the vulnerabilities are and what kind of aging is present.

I've used it for three and a half years.

Nessus Manager is very stable; I haven't had any problems. I'd give the stability of the product a five out of five.

The product itself is not scalable by design. It is a single-user product, so it doesn't allow you to have multiple users at the same time. You have only one account. The type of product that we're using is not really meant for huge enterprises, and it's a bit more limited in terms of usage.

At present, I use the personal version for the account I'm looking after, but we probably have less than five people using this platform.

The initial setup was easy.

We implemented it ourselves. The deployment was done by one engineer, and it did not take too long.

The project in which I have been using it, it has been great because we satisfy a very crucial requirement. We have brought around vulnerability management, so it's really good ROI for what we have.

Nessus Manager is not an expensive product. It has its limitations, but the pricing reflects that.

We have a yearly subscription.

I would recommend Nessus Manager and rate it at eight on a scale from one to ten.

We use this solution for network and device scanning. Massive scanners have been integrated with the security center. We scan devices and pull the report from the security center. We publish the report to respective stakeholders, and we maintain the reports for our records. The reports show vulnerabilities, plugin text, and plugin outputs. We analyze the report and try to close the vulnerabilities identified in the scan.

The solution is deployed on-premises.

There are about 10 people using this solution in my organization. They were part of the security team and were doing the scanning and remediation. I led the team and dealt with any challenges.

My organization is a service provider. We provide security services to clients.

The vulnerability scanner is the most valuable feature. It's an important feature for us. We use the plugin output for that. It shows us the exact version of Nessus and what is needed for remediation. Based on that, we decide what should be remediated first to get the best result for security.

The agent scanner is a valuable feature. We also do credential scans, which gives the equivalent report. In the log project situation, we receive very good support from Nessus. They have built one policy for the log project itself. With the help of that policy and the plugins specified for the log project, the scans were faster for that project.

If we run a scan, it will usually check all of the plugins, which is a time-consuming process. We received help, and we had one plugin for the log project. That was for checking the log project only because we were already done with the complete scan.

I would like to see more on the automation side. There should be proper tools and support for automation in Tenable itself.

I have used this solution for more than four years.

It's a stable solution, but we noticed that the agent wasn't being updated. This means we have to update it manually and run a few commands to get the service running. If the solution isn't updated with the latest version, it will go offline.

We receive very good technical support from the team in India. We're very happy with them. I'm also in touch with some people from Tenable India. They helped me understand the requirements and the solution's latest features.

I would rate technical support as four out of five because they could always improve.

Initial setup was easy. That's why I proposed the solution to my current organization. 

The deployment process completely depends on approvals and how we're getting the procurement of hardware and the licenses. It depends on the organization.

The solution is worth the cost. It's a good investment. 

I have also evaluated Qualys. There were some missing features, so we weren't able to detect vulnerabilities related to specific software, like Adobe and Java.

I have also used Tenable.sc.

I would rate this solution as eight out of ten. 

For those who want to use this solution, my advice is to go to Tenable's website and read about the solution so you can properly understand its features. There are demo videos too. That will help you make a decision about whether you want to use the tool or not.

I would definitely recommend this solution to others who want to use it.

I use this solution for OS auditing, database auditing, virtualization, and following how closely it follows our CI or TISA benchmarks. We also use it for malware and ransomware risk and for carrying out assessments. We purchased this product from a local partner that has a premium partnership with Tenable. I'm a cybersecurity and compliance lead engineer.

The solution makes ransomware checking and OS auditing and implementation relatively easy. It covers most of the requirements for benchmarks for all sorts of widely available required configuration settings in the technology industry. It's also very user-friendly, easy on the eye, and saves a lot of time. It provides us with reports that perfectly satisfy compliance requirements, whatever the device or configuration settings. 

There is very little to improve but cloud security tests would be something helpful to have. Tenable could also offer some penetration testing-related services, which would be beneficial.

I've been using Nessus for three years. 

It's a very stable solution. 

The solution is scalable. I use it for around 4,000 servers on a daily basis.

The technical support is good. They offer expensive professional support, but I generally use the website documentation to fix things. Compared with other companies, they provide very good support. 

Positive

I previously used Qualys and had a bad experience. It's not very user-friendly, licensing was difficult and deployment painful. I also used Rapid7, and I think Nessus is more user-friendly than both of those products. 

The initial setup was very easy and took just a few hours. It's important to plan wisely before implementing. Know how many servers you have and try to project your future requirements so that you can estimate the total number of IPs you require. If the forecast is accurate, the solution is cost-efficient. We used consultants from Singapore and they installed some agents in our on-premise servers. Maintenance is very easy.

The global situation is very unstable and the dollar price has already increased significantly in our country in the last three or four months so everything has become expensive. Licensing is very competitive in our local markets and there's a lot of haggling that goes on. The option of a three-year license would be most beneficial for us because of the huge variations in the dollar. 

I rate this solution nine out of 10. 

I am using it for scanning and checking vulnerabilities. I am using the Azure version of Tenable Nessus.

I like this solution because it is complete. It can scan and check many types of vulnerabilities. It can also check for compliance.

It fits very well in my environment. It is very easy to use, and there is a very good cost-benefit of this solution. 

There should be a possibility to install agents on scanned machines. Tenable IO provides the capability of using local agents to check local problems, but this feature is not there in Tenable Nessus Professional. It would be nice to have something similar in Tenable Nessus Professional. We should have the capability to use local agents installed on the machines to locally check a problem.

It is stable.

It is, for sure, scalable. We have 10 or 12 people who use this solution.

We never have any kind of problem or lack of response. I would rate them a ten out of ten.

Positive

It is very easy. It is pretty straightforward.

It has a fair cost and very good cost-benefit ratio.

I would recommend it to others. It does everything that such a solution needs to do. It can check for vulnerabilities and compliance. It is also very easy to use. It is better than its competitors, such as Rapid7.

I trust Tenable solutions. I have worked with Tenable IO a few years ago, and with Tenable Nessus, I had the same feeling that I had with Tenable IO. It is a very good solution. It is more expensive than Tenable IO, but it is a complete solution. 

I would rate it a nine out of ten.