Tenable Nessus Reviews

We have around 500 virtual machines. Therefore, we conduct monthly scans and open tickets for our developers to address identified vulnerabilities. These scans cover the servers, other network equipment, and appliances in our infrastructure. 

One significant drawback we encounter is the tool's tendency to flag patched packages incorrectly. For instance, if a package is patched by Debian maintainers but not updated to a major or minor version, Nessus may still flag it as vulnerable based on its database. This discrepancy leads to false alarms and requires our developers, system admins, and DevOps teams to address them. 

It would be beneficial if it could handle minor additions to versions similar to how Debian manages its patches. This feature would allow it to differentiate between patched and non-patched versions.

I have been using the product for ten years. 

Tenable Nessus is very stable. We encountered some issues with scanning certain network equipment but resolved them by adjusting the parameters. Our main focus is scanning our servers; we haven't experienced any significant problems with that process.

My company has three users. 

We haven't contacted Tenable Nessus for assistance or questions because we haven't encountered any serious issues, and we are generally satisfied with the product.

We chose Tenable Nessus because we primarily rely on open-source products as a publicly funded institution. About ten years ago, we conducted research to determine the best option, and at that time, it stood out as the preferred choice.

Tenable Nessus' deployment is straightforward. 

The product is free. 

I rate the overall product a nine out of ten. 

My company uses Tenable as a vulnerability assessment.

We use it for scanning, for the discovery of vulnerabilities in the components or the software, or on the IT infrastructure of our client.

The solution can conduct a full vulnerability assessment and also suggest mitigation of vulnerabilities and has a lot of other features. 

It creates a classification of the vulnerability and the likelihood and the impact on other features.

The solution is easy to deploy and simple to use.

It's scalable. 

The solution is stable. 

It would be a good idea if they have a simulation of attacks or a use case for finding a new vulnerability or dealing with a zero-day attack.

Right now, it works based on dealing with a vulnerability that is already detected and reported, and it would be great if they have a combination of a vulnerability that existed and another use case to have a more proactive approach to potential new issues. Therefore, doing a simulation of attacks to find a new or zero-day issue or vulnerability would be helpful.

I've been using the solution for more than two years. 

The solution is very stable and reliable. I'd rate it four or five out of five. The performance is good. There are no bugs or glitches, and it doesn't crash or freeze. 

It is very scalable. I'd rate it a four or five out of five in terms of the ease of expansion. 

We would use Nessus to conduct a vulnerability assessment. How many people use the solution depends on the client. Maybe five or six people from the engineering side use it in general.

We have a new client coming on, and we will require more users on the product to conduct vulnerability assessments, so we do have plans to increase usage.

I've never had any interaction with customer support. The solution works very well, and we haven't needed help.

The initial setup is very straightforward. It's not overly difficult, or complex.

I cannot recall how long the deployment process took. 

Our technical team handled the deployment. 

Another department handles the licensing. I can't speak to the exact costs. I do know that we pay a yearly licensing fee. 

We would like to discover other solutions and do a comparison to see the better solution for our clients. We've, for example, tried to look into Cyber XM.

We are just end-users and customers. 

I'm not sure which version of the solution we're using. 

I'd rate the solution eight out of ten.

We use Tenable Nessus for vulnerability assessments.

I have found the vulnerability assessment and the reports to be useful.

The solution could improve by having better integration with different vendors' IPS solutions. The ACLs and IPS policies signatures should be enabled based on the results of Tenable Nessus automatically, we currently have to do it manually which is very time-consuming. It has done a good job integrating with Fortinet but we would like it to be better integrated with other solutions that we have. Additionally, After Tenable Nessus was able to recognize the vulnerability it would be great to have it virtually batch the systems if you are not able to update the different systems.

I have been using Tenable Nessus within the last 12 months.

While doing the scans we have not had any issues, the solution is stable.

Tenable Nessus is scalable.

The technical support was responsive and helpful. We were trying different integrations and needed some assistance.

We used Qualys previously. 

The initial setup is very easy and straightforward. The VM can be done very quickly and the whole process takes approximately 30 minutes. The installation is quicker than others solutions, such as Qualys.

The price of the solution is reasonable.

I rate Tenable Nessus an eight out of ten.

We use the solution for vulnerability management trafficking across an entire group. 

I am impressed with the tool's vulnerability scanning. 

The tool needs to upgrade asset tracking. 

I am using the tool for two years. 

The solution is extremely stable. I would rate the tool's stability a nine out of ten. 

I didn't encounter any issues with scalability and I would rate it a nine out of ten. We have around 3000 user endpoints that are being monitored. My company has around 20 users for the tool.

Our local partner helps with the support. 

I would rate the tool's setup a seven out of ten. It is not an easy setup but with proper support, the process is doable. 

The solution gives us ROI since it offers visibility and helps to tighten controls in our network. 

I would like to see better discounts. 

I would rate the solution a nine out of ten. It is one of the best tools to use if compliance is your priority. 

Our customers are using this solution. They scan their network, and they get a report about vulnerability assessment tools and solutions.

It's deployed on-prem.

It gives you an unlimited IP scan. It's a cheap solution compared to Rapid7 or Qualys. It's very user-friendly. Customers can easily scan their network.

I would like to have a management option after the network scanning.

The difference between Nessus and Rapid7 is price. Nessus is a very cheap solution compared to Rapid7 and has unlimited IP scanning facilities, but Rapid7 doesn't have this option. It has IP limitations. Rapid7 has some models based on how many IPs the customer wants to scan, and the costs depends on that amount.

The cost is around $4,300 per year. Use is unlimited. You don't pay more if you want to use it for another IP.

I would rate this solution 8 out of 10.

We primarily use the solution for vulnerability management. We also use it during our IP scans.

The VPR scores are the solution's most valuable aspects.

The plug-in text information is quite useful.

The solution can scale well.

We've found the solution to be quite stable.

It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear.

We find that the solution causes several issues due to the fact that it runs even before it calculates, the asset in prevention. 

I can't think of any features that are lacking.

I've been using the solution for one to two years at this point.

It's stable. I don't have any major complaints. It doesn't have bugs. It isn't affected by glitches. It doesn't crash or freeze on us. It's reliable.

We have about 100 direct users who are logging onto the solution on a daily basis.

We don't plan on increasing usage at this time.

We have been able to scale it in the past, however, and a company that needs to expand it should not face too many issues doing so.

We've worked with technical support in the past, and we've found them to be quite efficient. They are knowledgable and responsive.

We previously used McAfee and switched over completely at the end of May.

We had some help with the initial setup. We were able to use our vendor's expertise and have them walk us through any issues we had.

However, we completely handle the maintenance now that is it up and running. We have admins who deal with any upkeep.

The vendor assisted us in the initial implementation.

I don't have any information when it comes to the cost of the solution. It's not part of my job to deal with billing or payments, so I don't have any visibility on the cost structure.

We are simply customers. We don't have a business relationship with Tenable.

We're using the latest version of the solution.

I would definitely recommend this solution. It's the best that I've used so far.

On a scale from one to ten, I'd rate it at an eight overall.

While Nessus produces good software, I would like it to allow me to better utilize my homepage. The report structures should be more gradual and effective. Also, other components, such as certain vulnerabilities and Malware detection, should better reflect on the console or dashboard. Nessus does not make this available as there is no centralized dashboard. So too, I require a cloud-based Tenable product, not the one available, which is on-premises.

We have already entered an agreement with Nessus for Tenable.io., following contact I established with South Boston.

Once a person takes part in the demo offered by Tenable.io, we are talking about, more or less, VAS software. The VAS feature is absolutely nice. We have already addressed the coming roadmap with Nessus and it will not include these features. Consequently, perhaps Tenable.io will be the next step. Users such as ourselves will definitely be looking at a different application.

I have been using the solution for the past four years. 

Tenable Nessus is an absolutely stable and fantastic product. As a customer I would give it a 90 percent out of 100 rating.  This is because we have been really satisfied with its use over the past four years. The company and market standards are growing and the margin standard is going up.

Tenable Nessus is competitively slower than Tenable.io.

We are currently trying to procure Tenable.io from Nessus.

I would definitely recommend Tenable Nessus to those who are operating in small environments, with like-sized infrastructure.

When it comes to a big company we should look towards OpenView. Tenable Nessus is not feasible for a large company. For a team comprising 1,000 people, it would be too unstable. Instead, Tenable.io. would be the appropriate choice since it contains a completely different infra.

I rate Tenable Nessus as an eight out of ten. 

I have been using Tenable Nessus for my personal use. It works well.

I am using this solution for testing.

The most valuable features are that it's fast, it's easy to use, and it provides good reports.

The only thing that I don't like is KBs information. For example, if we scan our workstation and you go to the results report that Nessus provides, we are going to see a lot of KBs as remediation. But in most cases, the KBs are always superseded.

Also, we are not able to apply those because Microsoft has already released a new TB. 

Nessus is not doing a good job in updating its remediation section of the reports.

Remediation needs improvement. They are providing a lot of superseded KBs as remediation.

For example, when you share that with several team members or with one individual, and you ask them to work on this, they reply with Microsoft already has something new.

I have been using Tenable Nessus for approximately two years.

This solution is stable. I have not experienced any issues. It worked fine.

It's a scalable solution. I have not had any problems.

I am the only person using this solution.

Technical support is good. They provided information that is needed.

Previously, I was not using another solution. I use Nessus through a course that I was taking in the security field.

The initial setup was straightforward.

We did not use a vendor or vendor team to implement this solution.

I have evaluated one other solution, but because of my company policies. I can't share that information.

Tenable has Tenable.io, and I believe that they have the remediation updated, but Tenable Nessus Professional does not. I don't think that they will continue to keep it available in the market. They should probably decommission it.

Remediation is better in other tools than with Nessus.

For anyone who is interested in this solution, they should test the scan timing to see if it consumes a lot of time or not.

Research the remediation information to see if it is okay, or trust proof or not.

The reporting works well and it allows you to share. Also, support is important.

I would rate Tenable Nesuss an eight out of ten.