Try our new research platform with insights from 80,000+ expert users

Tenable Nessus vs Tenable Vulnerability Management comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 12, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Tenable Nessus
Ranking in Vulnerability Management
3rd
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
81
Ranking in other categories
No ranking in other categories
Tenable Vulnerability Manag...
Ranking in Vulnerability Management
5th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
42
Ranking in other categories
Risk-Based Vulnerability Management (3rd)
 

Q&A Highlights

NC
Nov 24, 2021
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
HarshBhardiya - PeerSpot reviewer
Provided increased visibility across the organization's servers
The user interface of Tenable Nessus feels outdated and could be more user-friendly. Additionally, the documentation is not well-organized, which can be confusing when searching for solutions or specific information related to Tenable Nessus Professional. The reporting feature could be improved by allowing users to create their own templates instead of relying on predefined ones.
Mani Bommisetty - PeerSpot reviewer
Streamlines vulnerability management with excellent reporting and potential AI integration
Tenable is user-friendly and excels in reporting. It allows me to easily fetch and schedule reports. The software's discovery feature aids in strengthening our security posture. The single-sensor installation process on various operating systems is smooth, unlike Rapid7, which requires different versions for separate systems. Furthermore, Tenable enables vulnerability management through potential AI integration that consolidates efforts and resolves multiple vulnerabilities simultaneously.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Nessus gives me a good preview of vulnerabilities and good suggestions for remediation. It's easy to find a description of a given vulnerability and solutions for it."
"We have done code scanning for a long period because as a company, we do DevOps as part of our development life cycle."
"I like this solution because it is complete. It can scan and check many types of vulnerabilities. It can also check for compliance."
"The most valuable feature of Tenable Nessus is the dashboard. They are convenient to use."
"It gives a holistic view of your entire environment."
"The solution can scale well."
"The most valuable feature is the breadth of vulnerabilities that it finds. It's able to find across a lot of different platforms and operating systems. It's also able to combine local testing with network-based testing."
"It's scalable."
"The solution is very simple to use."
"The initial setup is pretty straightforward."
"The initial setup is mostly straightforward."
"Tenable.io Vulnerability Management is an easy-to-use product. I"
"The vulnerability scanning is the most important aspect of the solution for us."
"It is a stable solution. Stability-wise, I rate the solution a ten out of ten."
"One of the most valuable features of Tenable.io Vulnerability Management is its exportability, which allows us to conduct risk assessments efficiently."
"The stability is commendable, and I would rate Tenable ten out of ten."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The reporting feature needs to be improved."
"I would like to see an improvement in the ranking of high, medium and low vulnerability."
"The problems I faced with Tenable Nessus were related to its dashboard's customization capabilities and its ability to provide data to third-party sources."
"The scalability of Tenable Nessus is good. However, it could be more flexible."
"The price could be more reasonable. I used the free Nessus version in my lab with which you can only scan 16 IP addresses. If I wanted to put it in the lab in my network at work, and I'm doing a test project that has over 30 nodes in it, I can't use the free version of Nessus to scan it because there are only 16 IP addresses. I can't get an accurate scan. The biggest thing with all the cybersecurity tools out there nowadays, especially in 2020, is that there's a rush to get a lot of skilled cybersecurity analysts out there. Some of these companies need to realize that a lot of us are working from home and doing proof of concepts, and some of them don't even offer trials, or you get a trial and it is only 16 IP addresses. I can't really do anything with it past 16. I'm either guessing or I'm doing double work to do my scans. Let's say there was a license for 50 users or 50 IP addresses. I would spend about 200 bucks for that license to accomplish my job. This is the biggest complaint I have as of right now with all cybersecurity tools, including Rapid7, out there, especially if I'm in a company that is trying to build its cybersecurity program. How am I going to tell my boss, who has no real budget of what he needs to build his cybersecurity program, to go spend over $100,000 for a tool he has never seen, whereas, it would pack the punch if I could say, "Let me spend 200 bucks for a 50 user IP address license of this product, do a proof of concept to scan 50 nodes, and provide the reason for why we need it." I've been a director, and now I'm an ISO. When I was a director, I had a budget for an IT department, so I know how budgets work. As an ISO, the only thing that's missing from my C-level is I don't have to deal with employees and budgets, but I have everything else. It's hard for me to build the program and say, "Hey, I need these tools." If I can't get a trial, I would scratch that off the list and find something else. I'm trying to set up Tenable.io to do external PCI scans. The documentation says to put in your IP addresses or your external IP addresses. However, if the IP address is not routable, then it says that you have to use an internal agent to scan. This means that you set up a Nessus agent internally and scan, which makes sense. However, it doesn't work because when you use the plugin and tell it that it is a PCI external, it says, "You cannot use an internal agent to scan external." The documentation needs to be a little bit more clear about that. It needs to say if you're using the PCI external plugin, all IP addresses must be external and routable. It should tell the person who's setting it up, "Wait a minute. If you have an MPLS network and you're in a multi-tenant environment and the people who hold the network schema only provide you with the IP addresses just for your tenant, then you are not going to know what the actual true IP address that Tenable needs to do a PCI scan." I've been working on Tenable.io to set up PCI scans for the last ten days. I have been going back and forth to the network thinking I need this or that only to find out that I'm teaching their team, "Hey, you know what, guys? I need you to look past your MPLS network. I need you to go to the edge's edge. Here's who you need to ask to give me the whitelist to allow here." I had the blurb that says the plugin for external PCI must be reachable, and you cannot use an internal agent. I could have cut a few days because I thought I had it, but then when I ran it, it said that you can't run it this way. I wasted a few hours in a day. In terms of new features, it doesn't require new features. It is a tool that has been out there for years. It is used in the cybersecurity community. It has got the CV database in it, and there are other plugins that you could pass through. It has got APIs you can attach to it. They can just improve the database and continue adding to the database and the plugins to make sure those don't have false positives. If you're a restaurant and you focus on fried chicken, you have no business doing hamburgers."
"I have found it is sometimes difficult to control the Zoom meeting sessions. For example, it is difficult to know who is talking and when trying to mute everyone but the speaker you end up muting everyone. When using multiple screens it is laborious to find the control buttons, such as to start a session. Additionally, when a recording is done I have found it difficult to find them, there should be an easier way to retrieve them."
"Scans aren't done properly and some devices aren't pinged."
"Multiple user access would be an area for improvement from a user-access perspective. A role-based access control feature would be great because at present, there is a limitation with only one account. If that account gets compromised or gets locked, then we will encounter problems."
"The reporting was never great in Tenable Vulnerability Management, so, in my company, we imported all the data into Ivanti RiskSense to start using it for reporting."
"The stability has room for improvement."
"The product is a bit expensive."
"They need to have more dependable and faster support."
"The user interface could be improved by being able to change the user interface to fit your position or your job. The graphs are set in stone and you can only print reports."
"It's not a user-friendly tool since it has a complicated interface."
"Another area of improvement is customer service and support. Tenable needs to include support in the pricing/license. Currently, they push clients to get support from partners or channel distributors, who often charge a lot."
"The solution seems to focus too much on enterprises, and they really need a product that works for SMBs."
 

Pricing and Cost Advice

Information not available
"Our organization is huge so our license costs $30,000."
"One problem with Tenable is its pricing policy. Optimal results can be achieved with Greenbone Solutions which has much more friendly pricing policies."
"The price is okay. I would give it a seven out of ten, where one is cheap and ten is expensive."
"The product pricing is dynamic and varies based on the specific needs of each project and customer."
"The pricing is much more manageable versus other products."
"The price of the solution is reasonable."
"The solution has free options."
"I rate the product's price seven or eight on a scale of one to ten, where one is low price and ten is high price."
"I would rate the pricing a five out of ten. It is in the middle."
"The product costs us around $137,000 annually for 4000 to 5000 assets."
"Tenable.io is not known for being a cheap product."
"On a scale of one to ten, where one is low, and ten is high price, I rate the pricing an eight. So, it is a pretty expensive solution."
"The cost is determined by the number of endpoints, which is approximately one dollar per endpoint."
"Compared to other VM solutions, Tenable.io Vulnerability Management is expensive."
"The tool is reasonably priced."
"A yearly payment has to be made toward the solution's licensing costs."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Answers from the Community

NC
Nov 24, 2021
Nov 24, 2021
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of the program is such that if a company should desire to handle the installation themselves, they would be able to do so. The updates that the program requires to keep up-to-date take up a large portion of the setup time. Tenable Nessus can be deployed in under an hour. The speed o...
See 2 answers
DG
Nov 7, 2021
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of the program is such that if a company should desire to handle the installation themselves, they would be able to do so. The updates that the program requires to keep up-to-date take up a large portion of the setup time. Tenable Nessus can be deployed in under an hour. The speed of an organization’s internet can impact how quickly the deployment will go. Furthermore, once it has been set up, only a small management team is necessary for maintenance. Tenable Nessus is an incredibly important program that provides businesses and organizations with robust protection. This ease of deployment and management gives it an edge over the competition. Tenable.io Vulnerability Management is basically comparable to Tenable Nessus in regards to setup and management. It is relatively straightforward to set up. A single person could deploy it in a non-business setting in a matter of hours. The setup can be handled without requiring a business to rely on the help of outside consultants. As with Tenable Nessus, a small team of two or three people is all that is necessary to manage the solution. Organizations can save a great deal of time and resources by choosing to utilize this solution. Tenable Nessus is a solution with good scalability. This can be accomplished with relative ease. However, the load that it can handle makes it a poor fit for larger organizations. At a certain point, the farther up you scale it, the more the solution quality diminishes. Tenable.io Vulnerability Management is able to offer a much higher level of scalability. It is typically used without trouble by organizations with many thousands of users. As with Tenable Nessus, the process is relatively simple. Conclusion: The actual difference in time and ease as far as deploying Tenable Nessus versus Tenable.io Vulnerability Management is negligible and cannot truly set one apart from the other. Ease of management is another area where these two solutions are very similar. A major difference between them is their scalability. While both can be scaled relatively easily, Tenable.io Vulnerability Management is able to handle a higher level of scalability, with the diminishment of quality being a far lesser concern than is the case with Tenable Nessus.
Jairo Willian Pereira - PeerSpot reviewer
Nov 24, 2021
Both, but I prefer Nessus Pro (costs and you can define out-of-band your better presentation/xLAP platform). Tenable.io has its facilities and extra plugins/views/analytics, but nothing that can't be externally performed by another ETL/presentation tool (for a fraction of cost, sometimes using free toolings like Pentaho, OpenRefine, OBIEE and others).
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
6%
Retailer
6%
Educational Organization
40%
Computer Software Company
9%
Financial Services Firm
7%
Government
6%
Educational Organization
29%
Computer Software Company
11%
Financial Services Firm
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. Yo...
What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of ...
What do you like most about Tenable Nessus?
We have around 500 virtual machines. Therefore, we conduct monthly scans and open tickets for our developers to addre...
What needs improvement with Tenable.io Vulnerability Management?
I would suggest HP WebInspect as a better option than Tenable.io. My current client doesn't have access to it. Howeve...
What advice do you have for others considering Tenable.io Vulnerability Management?
I would rate it four out of ten. For startups, freelancers, or companies between startup and midsize, Tenable is reco...
 

Also Known As

No data available
No data available
Tenable.io
 

Overview

 

Sample Customers

Information Not Available
Bitbrains, Tesla, Just Eat, Crosskey Banking Solutions, Covenant Health, Youngstown State University
Global Payments AU/NZ
Find out what your peers are saying about Tenable Nessus vs. Tenable Vulnerability Management and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.