Tenable Nessus Reviews

The solution is used to check vulnerabilities.

The product has good features. It gives us a view of the vulnerabilities like open ports and different issues with software. It is a mature tool.

The product must be more comprehensive. It must catch all the issues.

I have been using the solution for a few years.

I rate the tool’s stability a nine out of ten. The stability could be improved.

The tool is scalable. We have three users. We need a team to maintain the product.

The deployment can be done in-house.

I recommend the solution to others. I rate the solution a nine out of ten.

I use Tenable Nessus for vulnerability assessment so that you can scan for CVEs and existing CVEs. Tenable Nessus will show you the latest update on those vulnerabilities and where it needs patches, so it goes hand in hand with patch management. As soon as you scan, you can see whether it needs patching, and if needed, you can go ahead and deploy patch management to address the current issue.

The most valuable features of the solution are the policy and the active scan. The features are different for Tenable Security Center since it is more on an on-premises model. The solution also has features like Tenable.io and Tenable Web App Scanning.

I wouldn't want to change anything about Tenable Nessus since I haven't found or run into any issues in Tenable Nessus.

I like Tenable since I find everything related to the solution simplified and easy to use. You can approach the online community of Tenable when you run into a problem, and there is a bunch of information available there that you can gather and use for troubleshooting purposes.

I faced some problems with Tenable Nessus when dealing with some of our company's customers in China. The problems I faced with Tenable Nessus were related to its dashboard's customization capabilities and its ability to provide data to third-party sources. The solution should offer simplified data-sharing capabilities. Though we have the dashboards and can customize them, the options for customization are available in the templates provided by Tenable Nessus. It might not be possible with Tenable Nessus to add every component a person wants to a single dashboard since they can only choose whatever is available on the templates provided by Tenable Nessus. The aforementioned areas can be considered for improvement in the solution.

I have been using Tenable Nessus for two months. My company operates as a reseller of the product while also having a partnership with the solution.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight out of ten.

Around 90 percent of our company's customers work with Tenable Nessus.

For the solution's technical support, our company directly seeks help from the solution's vendor in Vietnam or Singapore, who are very responsive. I rate the technical support an eight out of ten.

Positive

The initial setup of Tenable Nessus is very easy. You can get the application's installation file and implement it faster than ManageEngine, making it a simple process. I rate the initial setup of Tenable Nessus a nine out of ten.

The solution is deployed on an on-premises model.

With Tenable Nessus, you have a file, and you just need to install it. In the on-premises model of the solution, you have a dashboard or console that you go to, which is like an internal website that you have set up so that you can get access to the on-premises version of the product.

I rate the product's price seven or eight on a scale of one to ten, where one is low price and ten is high price.

Tenable Nessus is a great tool. I believe everyone should be using Tenable Nessus since it is a tool that can be used for vulnerability assessment when companies face some vulnerabilities to find security holes or threats.

I rate the overall solution a nine out of ten.

We use the solution for vulnerability management trafficking across an entire group. 

I am impressed with the tool's vulnerability scanning. 

The tool needs to upgrade asset tracking. 

I am using the tool for two years. 

The solution is extremely stable. I would rate the tool's stability a nine out of ten. 

I didn't encounter any issues with scalability and I would rate it a nine out of ten. We have around 3000 user endpoints that are being monitored. My company has around 20 users for the tool.

Our local partner helps with the support. 

I would rate the tool's setup a seven out of ten. It is not an easy setup but with proper support, the process is doable. 

The solution gives us ROI since it offers visibility and helps to tighten controls in our network. 

I would like to see better discounts. 

I would rate the solution a nine out of ten. It is one of the best tools to use if compliance is your priority. 

We use Tenable to scan all the workstations in our government environment for vulnerabilities and outdated software. The Tenable agents installed on the PCs enable us to detect any potential security risks or applications that are not up-to-date, malicious, or suspicious. This helps us ensure that all the PCs are secure and are in good posture.

The most valuable feature is the installation of Tenable which is incredibly easy. Even those without extensive technical knowledge can do it. All we need is the license and a few clicks through the installation process which is simple. Once the program is installed on all PCs and servers, we're good to go!

The solution can be annoyingly slow.

The pricing is a bit high. 

We would like to see the inclusion of penetration testing capabilities if possible.

Tenable has been mostly used in the on-premise environment, so it would be great if they could improve the transition to the cloud.

The accuracy of the vulnerability assessment needs improvement as false alarms and false positives occur often. Applications are often flagged as critical when they are actually benign. To improve user experience, there needs to be an upgrade in the accuracy of the results and a more user-friendly interface.

Sometimes it can be difficult to adjust the policies. When the solution has been previously installed. Making changes to policies requires navigating multiple steps. This process can be time-consuming and potentially confusing. Expert knowledge may be necessary in certain cases.

I have been using the solution for four years.

There has been an improvement over the years and the solution is now extremely stable.

We can easily scale up our license to support more devices. By increasing our license, we can add more workstations.

The technical support is outstanding. We encountered some difficulties during our initial deployment, yet they persisted in helping us all day long. Their support team is very competent.

Positive

The initial setup is straightforward. 

The deployment took us two days to install the SoC on all 100 of our workstations.

The solution is expensive. We lost bids to competing companies due to the pricing; there are cheaper alternatives to Tenable such as Rapid7 InsightVM.

I give the solution an eight out of ten.

We have 100 workstations that all use the solution.

Every month, I had this Windows Gold image scan. I would obtain some IP addresses, create some rules, and then run them. 

Then there were the automatic automated jobs that I and my colleagues would arrange to execute. 

They would run at night so they wouldn't interrupt the systems. 

Enter some IP addresses for workstations and servers. Some were in a highly secure zone, while others were in a separate subnet, we enter those IP addresses in and run them, scheduling them to run biweekly or weekly.

The most valuable aspect of this solution is that you receive the entire report, which details the breakdown, especially in terms of critical, high, low, and mediums. It also informs you exactly what was wrong with it. Then I believe it copies the CVS's score as well.

To be honest, I haven't used it much to tell you that these are the things that should be improved. But I believe the UI should be enhanced somewhat.

For example, there are two ways to find a report, and people are frequently confused as to which is the correct method for locating a full report. Sometimes they go in the opposite direction, so this is an area that may be improved.

I have been using Tenable Nessus for quite some time.

Tenable Nessus is pretty stable.

Tenable Nessus is a scalable product.

I did not deal with technical support at all.

I used Nessus from JSON for a Gold image and vulnerability scans in my previous role.

I'm also seeking the same type of tenant for internal vulnerability scans like Qualys. 

We now use Qualys, but we haven't fully utilized its features, but I'm searching for something specialized for our internal vulnerability scan program.

I did not set it up myself, to begin with.

It is a good tool. It's not difficult to understand. It shouldn't be an issue as long as you know what you're doing.

I would rate Tenable Nessus a seven out of ten.

My company uses Tenable as a vulnerability assessment.

We use it for scanning, for the discovery of vulnerabilities in the components or the software, or on the IT infrastructure of our client.

The solution can conduct a full vulnerability assessment and also suggest mitigation of vulnerabilities and has a lot of other features. 

It creates a classification of the vulnerability and the likelihood and the impact on other features.

The solution is easy to deploy and simple to use.

It's scalable. 

The solution is stable. 

It would be a good idea if they have a simulation of attacks or a use case for finding a new vulnerability or dealing with a zero-day attack.

Right now, it works based on dealing with a vulnerability that is already detected and reported, and it would be great if they have a combination of a vulnerability that existed and another use case to have a more proactive approach to potential new issues. Therefore, doing a simulation of attacks to find a new or zero-day issue or vulnerability would be helpful.

I've been using the solution for more than two years. 

The solution is very stable and reliable. I'd rate it four or five out of five. The performance is good. There are no bugs or glitches, and it doesn't crash or freeze. 

It is very scalable. I'd rate it a four or five out of five in terms of the ease of expansion. 

We would use Nessus to conduct a vulnerability assessment. How many people use the solution depends on the client. Maybe five or six people from the engineering side use it in general.

We have a new client coming on, and we will require more users on the product to conduct vulnerability assessments, so we do have plans to increase usage.

I've never had any interaction with customer support. The solution works very well, and we haven't needed help.

The initial setup is very straightforward. It's not overly difficult, or complex.

I cannot recall how long the deployment process took. 

Our technical team handled the deployment. 

Another department handles the licensing. I can't speak to the exact costs. I do know that we pay a yearly licensing fee. 

We would like to discover other solutions and do a comparison to see the better solution for our clients. We've, for example, tried to look into Cyber XM.

We are just end-users and customers. 

I'm not sure which version of the solution we're using. 

I'd rate the solution eight out of ten.

I use this solution for OS auditing, database auditing, virtualization, and following how closely it follows our CI or TISA benchmarks. We also use it for malware and ransomware risk and for carrying out assessments. We purchased this product from a local partner that has a premium partnership with Tenable. I'm a cybersecurity and compliance lead engineer.

The solution makes ransomware checking and OS auditing and implementation relatively easy. It covers most of the requirements for benchmarks for all sorts of widely available required configuration settings in the technology industry. It's also very user-friendly, easy on the eye, and saves a lot of time. It provides us with reports that perfectly satisfy compliance requirements, whatever the device or configuration settings. 

There is very little to improve but cloud security tests would be something helpful to have. Tenable could also offer some penetration testing-related services, which would be beneficial.

I've been using Nessus for three years. 

It's a very stable solution. 

The solution is scalable. I use it for around 4,000 servers on a daily basis.

The technical support is good. They offer expensive professional support, but I generally use the website documentation to fix things. Compared with other companies, they provide very good support. 

Positive

I previously used Qualys and had a bad experience. It's not very user-friendly, licensing was difficult and deployment painful. I also used Rapid7, and I think Nessus is more user-friendly than both of those products. 

The initial setup was very easy and took just a few hours. It's important to plan wisely before implementing. Know how many servers you have and try to project your future requirements so that you can estimate the total number of IPs you require. If the forecast is accurate, the solution is cost-efficient. We used consultants from Singapore and they installed some agents in our on-premise servers. Maintenance is very easy.

The global situation is very unstable and the dollar price has already increased significantly in our country in the last three or four months so everything has become expensive. Licensing is very competitive in our local markets and there's a lot of haggling that goes on. The option of a three-year license would be most beneficial for us because of the huge variations in the dollar. 

I rate this solution nine out of 10. 

Two of our customers use it for vulnerability assessment and penetration testing, and they are getting very good results.

It is easy to deploy and easy to use. Its reporting is good. From this reporting, you can see the pain point in your network, which makes it easy to fix them. It is easy to understand the reports and export them.

Technically, it is an excellent and the best solution available in Libya. My only concern is related to its pricing. They are an emerging company in Libya, and they need to put in some effort to provide us with very good prices so that customers can go with the best solution. Chinese companies are getting into the market here, and they're providing very cheap solutions.

We have been providing network and solution integration services since 2012.

It is a stable solution. It is the best one in the world. I am not considering any other solutions.

It is scalable.

Their technical support is very good. The feedback that I have received from the customers for the tickets that they opened is that they are satisfied with the service.

It is easy to deploy. It can be implemented in less than 10 days, but complex projects with ISO2007 and 001 compliance requirements can take more than a year.

From our side, there are only two engineers. One is the main engineer and the other one is the backup engineer. 

It is being used by only three users. Two are from the cyber information security team and one is from the network security team.

Its price is high for Libya. The companies here in Libya don't have the awareness of and a good budget for cybersecurity services. If you want them to go for a product, you need to provide something different. This differentiation is related to the price. They should give about 40% to 45% discount per person on the current cost. From our side, we provide the demo and show it as a very good and valuable solution, but when it comes to the price, some companies don't want to own the tool. They prefer to go for it as a service. There are a few companies that are providing it as a service where they own the tool, but they provide it as a service, which is cheaper than a customer owning the product. We strongly recommended that customers own the product and use it. 

I strongly recommend to customers to go for a three-year license to use it, benefit from it, and be comfortable with it. In Libya, we are facing a problem related to the timelines and delays of projects. If they go for just a one-year license and the project gets delayed by six months, they will have only six months to use it.

It is a very good and useful tool. I would rate it a nine out of ten.