No more typing reviews! Try our Samantha, our new voice AI agent.

Salt Security vs Tenable Nessus comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Salt Security
Average Rating
8.6
Reviews Sentiment
8.5
Number of Reviews
3
Ranking in other categories
API Security (5th), AI Security (21st)
Tenable Nessus
Average Rating
8.4
Reviews Sentiment
6.0
Number of Reviews
88
Ranking in other categories
Vulnerability Management (3rd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Salt Security is designed for API Security and holds a mindshare of 6.9%, down 12.2% compared to last year.
Tenable Nessus, on the other hand, focuses on Vulnerability Management, holds 3.7% mindshare, down 8.5% since last year.
API Security Mindshare Distribution
ProductMindshare (%)
Salt Security6.9%
Imperva Application Security Platform9.2%
Checkmarx One6.7%
Other77.2%
API Security
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Tenable Nessus3.7%
Wiz4.4%
Qualys VMDR3.9%
Other88.0%
Vulnerability Management
 

Featured Reviews

Tbaker Baker - PeerSpot reviewer
Risk Advisory Senior Manager at a marketing services firm with 1,001-5,000 employees
Behavioral AI has protected critical applications and now blocks complex external attacks
I think Salt Security could improve their implementations. The one that I saw was very complex and took quite a bit of time, and if the environment is unique at all, it takes quite a bit of time to figure out how to properly ensure that it will be implemented. A lot of times there is a steep learning curve for someone that hasn't been in it to figure out the APIs and really dig deep into it, but once you get used to it, it is easy. However, that ramp-up period could be tough. I think Salt Security could use a more enterprise focus. Some of the smaller companies that I have referred them to think it is a little bit too complex for them, so if they could come up with a different version or something a little bit easier to simplify their platform, they may be able to find more customers that way.
MohammedJaffir - PeerSpot reviewer
Founder at Cipheroot
Has enabled me to reduce false positives and perform deep credential auditing with seamless integrations
I mostly use the configuration audit feature for the audit configuration as a scan policy, and I will use it for credential audit, which helps me scan credentials access such as local administrator or root access, performing a deeper and more accurate check of local configuration settings and file systems, making it a highly recommended feature. Regarding integration capabilities, we can integrate Tenable Nessus with SIM tools such as Splunk, IBM QRadar, and Azure Sentinel, as well as with ticketing systems such as ServiceNow, Jira, and Slack. There is no complexity as it is very easy to integrate everything. In terms of the reporting feature, while vulnerability scanning can throw some false positives, Tenable Nessus has very few, achieving a reduction of 75% to 80% false positives with manual analysis needed. We can generate standard Nessus reports that typically include host summaries and vulnerabilities by host and plugin, alongside solutions and remediation recommendations. The main benefits I get from Tenable Nessus are complete asset inventory and comprehensive attack surface management, allowing us to prioritize vulnerabilities based on risk, focusing on true risk and threat path analysis.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's really great. I would rate the stability a nine out of ten. I haven't encountered any instability issues."
"Salt Security gave me much better visibility into API risk, helping me identify exposed endpoints, misconfigured APIs, and sensitive data flowing through APIs that required additional controls, and it has become an important part of my API security program."
"Salt Security gives you visibility of all your APIs, identifies API security issues, and immediately alerts you of attacks."
"Salt Security has positively impacted my organization and my client's organization by being able to stop cyberattacks and ensure that they have proper security over all their applications, giving them a sense of peace of mind that they have security over something that could ultimately take down the whole company if not mitigated properly."
"The interface is excellent; it makes it very user friendly and easy to navigate for the most part, and the product is pretty problem-free so we don't have any real issues with it."
"Tenable Nessus is a very scalable solution."
"Once you get past the initial implementation, the solution is very stable."
"It notifies us of vulnerabilities as they arise, allowing us to respond quickly without manual intervention."
"The results are not that bad, but the key selling point is that it is an affordable tool set."
"To me, that was a better selling point because it was real: it wasn't demo data, it was our own network showing, "Hey, we're vulnerable because of this, and here's the tool that did it," which got us the buy-in we needed from upper management."
"I would definitely recommend this solution; it's the best that I've used so far."
"Tenable Nessus has provided increased visibility across the organization's servers."
 

Cons

"Regarding scalability, for users in smaller environments, it is not exactly the best."
"The setup cost was acceptable, but adding additional APIs was actually quite expensive."
"The integration part could be a bit extended."
"Sometimes, the categorization for clients was tricky at first, however, they eventually got used to it."
"It would be a good idea if they have a simulation of attacks or a use case for finding a new vulnerability or dealing with a zero-day attack."
"They could make their reporting a little better."
"We would like to have the option of using the solution for the cloud as well as on-premises with the same license at the same time. That would be very helpful."
"The solution could improve by having better integration with different vendors' IPS solutions. The ACLs and IPS policies signatures should be enabled based on the results of Tenable Nessus automatically, we currently have to do it manually which is very time-consuming. It has done a good job integrating with Fortinet but we would like it to be better integrated with other solutions that we have."
"It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear."
"Lacks some penetration testing-related services."
"I would like to see an improvement in the ranking of high, medium and low vulnerability."
 

Pricing and Cost Advice

Information not available
"It has a fair cost and very good cost-benefit ratio."
"Nessus is affordable, but its licensing model could be improved with more flexibility for adding assets."
"While Tenable Nessus is a good enterprise solution, the high price would likely make it prohibitive to smaller organizations."
"We have a subscription, the licensing fees are paid yearly, and I am using the latest version."
"In general, it is extremely expensive."
"The price of Tenable Nessus is much more competitive versus other solutions on the market."
"Nowadays, your vulnerability applications are going to be kind of pricey because lots of them, including Rapid7, are based upon a base price, but then they add in the nodes. That's where they get you. If you're a big network, obviously, you need to scan everything. Therefore, it's going to be costly. The risk and insurance money associated with having ransomware on my networks is going to cost me more money, time, and marketing than the price of the tool. That's why I'm speaking only as an information security officer to security operations. This is the tool that is there in my toolbox to say whether we vulnerable or not. At this point, I don't care about how much it costs my company to have it because if I wasn't able to report it and we got ransomware, then who cares? I'm probably going to be out of business because it happened. That's why I don't care about the price. I have it, and I could use it effectively and do my report. At the end of the day, even if we get ransomware, as long as I reported it, followed my protocol, and put in the change, irrespective of whether it was ignored or denied, I did my job."
"The price is okay. I would give it a seven out of ten, where one is cheap and ten is expensive."
report
Use our free recommendation engine to learn which API Security solutions are best for your needs.
902,588 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Manufacturing Company
16%
Construction Company
8%
Comms Service Provider
6%
Manufacturing Company
10%
Financial Services Firm
10%
Government
9%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business40
Midsize Enterprise19
Large Enterprise35
 

Questions from the Community

What is your experience regarding pricing and costs for Salt Security?
The setup cost was acceptable, but adding additional APIs was actually quite expensive.
What needs improvement with Salt Security?
Alert tuning can require some time depending on API volume. Some findings need internal validation before actioning. The collaboration flows between security and engineering teams could be expanded...
What is your primary use case for Salt Security?
I use Salt Security primarily for API discovery, mainly regarding data-sensitive information across the company. Before using Salt Security for API discovery and sensitive information, I didn't hav...
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of the program is such that if a company should desire to handle the installation t...
What is your experience regarding pricing and costs for Tenable Nessus?
Based on my experience, the pricing for Tenable Nessus is somewhat higher, but customers still want to pay for it, so it remains acceptable. The annual price increase of six to seven percent could ...
 

Also Known As

Salt Security API Protection Platform
No data available
 

Overview

 

Sample Customers

Appsflyer, Armis, City National Bank, Coralogix, Finastra, Gett, Honeybook, Payoneer
Bitbrains, Tesla, Just Eat, Crosskey Banking Solutions, Covenant Health, Youngstown State University
Find out what your peers are saying about Imperva, Akamai, Orca Security and others in API Security. Updated: June 2026.
902,588 professionals have used our research since 2012.