Try our new research platform with insights from 80,000+ expert users
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Real User
Top 5
Tests against cloud providers, database profiles, several types of telecom devices, and other highly customizable scans
Pros and Cons
  • "Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips at documentation), tests against cloud providers, database profiles, several types of telecom devices, and others highly customizable scans."
  • "Model OS costs (and its segregation schema for individual modules)."

What is our primary use case?

Over 15.000 active assets|inside 10 companies belonging to the group, the biennium recurrent project mapped the real situation, in parallel with photography of IT/Security maturity through three main domains: processes, people, and technology. 5 TOEs: Infrastructure, Databases (SQL and Oracle in deep), AWS Cloud, Connectivity (Routers, Switches, and Firewalls against/based CIS) and Web Application instances (partial tests). Nessus running over a hardened Linux customized with HA (High Availability).

How has it helped my organization?

Nessus has more plugins/add-ons, tests, and templates than previous tools (OpenVas) and it is faster and customizable using CLI/API features. It offers enough resources for an interesting cost-benefit rating (for small and medium companies) and minus false-positive events per type of asset. 

It helped us to quickly produce a QuickWin report that guided the VulnerabilityMgmt actions and plans within the company's during the next 3-5 years using the same tool/investment/team for all companies inside the de group.  

What is most valuable?

Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips in the documentation), tests against cloud providers, database profiles, several types of telecom devices, and other highly customizable scans. You can scale your environment to gradually increase the quality, depth, and quantity of the tests, enabling you to learn and gradually optimize your vulnerability management platform(s)/instance(s). The possibility of integration with other market tools (Kenna, Archer...) is another differential.

What needs improvement?

- Add the possibility to customize attributes that define the assets critical level based on the company's "business sense".

- Improve integration and tests for OT platforms, OT application, OT hardware, and non-Ethernet protocols.

- Improve the exchange of info/insights/attributes with RM (Risk Management) domain.

- Offer a more flexible strategic and high-level dashboards based on previous comments (minus technical and more business-oriented)

- Model OS costs (and its segregation schema for individual modules).

Buyer's Guide
Tenable Nessus
November 2024
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,053 professionals have used our research since 2012.

For how long have I used the solution?

7+ years with Tenable and more than 15y with others.

What do I think about the stability of the solution?

Excellent. No one problem during operation time and deployment.

What do I think about the scalability of the solution?

Enough (faster than OpenVAS engine).

How are customer service and support?

It SLA/support are enough. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

OpenVAS. We reached the previous level/threshold/maturity using OpenVas (more limited tool when compared with Nessus). I/We believe that, the change to a better tool (in this and in others categories) should be carried out when these indicators are reached.

How was the initial setup?

Very simple and fast.

What about the implementation team?

In-house.

What was our ROI?

Good. Nessus Pro combined with other xLAP solutions to offer a presentation/grouping layer is great. Using SC this curve/point of ROI is slower.

What's my experience with pricing, setup cost, and licensing?

Start small, learn about your problems/fixing time and grow up gradually.

Which other solutions did I evaluate?

Several. OpenVas, Rapid7, Qualys, CORE* and Retina.

What other advice do I have?

A cost/benefit interesting tool.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Jairo Willian Pereira - PeerSpot reviewer
Jairo Willian PereiraInformation Security Manager at a retailer with 10,001+ employees
Top 5Real User

Authenticated users are a excellent way for you increase the quality and depth of your scanner. You can add/use cloud providers API-keys during tests, local or AD users/credentials with database, telecom devices and other types of digital assets. Normally, the difference between non/authenticated-scans is widely big.

reviewer1266162 - PeerSpot reviewer
Information Security Manager at a transportation company with 1,001-5,000 employees
Real User
Comes at a great price, does exactly what you expect it to do, and never lets you down from a stability point of view
Pros and Cons
  • "It does exactly what you expect it to do, and its pricing is great. We couldn't really ask for a better deal."
  • "The interface is a little bit clunky, and the reporting is not marvelous. There should be better integration of reporting between instances. Currently, the instance stands alone, and it produces a report. Being able to amalgamate those reports with another instance will be useful."

What is our primary use case?

We are using Nessus Pro. Our operational security team is using it at the moment. It is being used in a couple of ways. In one instance, it is being used purely to scan the internal infrastructure. In the second instance, we're using it to scan the entire network range, including all endpoints. In the third instance, we're using it to do PCI DSS compliance scanning.

What is most valuable?

It does exactly what you expect it to do, and its pricing is great. We couldn't really ask for a better deal.

What needs improvement?

The interface is a little bit clunky, and the reporting is not marvelous. There should be better integration of reporting between instances. Currently, the instance stands alone, and it produces a report. Being able to amalgamate those reports with another instance will be useful.

What do I think about the stability of the solution?

It has never let us down from a stability point of view.

What do I think about the scalability of the solution?

It is really scalable. It is great.

We have six people who are actually interacting with the tool itself, but obviously, it has been deployed against thousands of endpoints. There are three different roles of those six users.

How are customer service and support?

They are very good. Their formal support and the wider community support are excellent.

Which solution did I use previously and why did I switch?

We've used Rapid7 in the past. We switched because of the value for money and the fact that it feeds into the Tenable.io platform, which is where we ultimately want to be.

How was the initial setup?

It was straightforward and fast. It literally took a morning.

What about the implementation team?

It was done in-house. For its deployment and maintenance, there is just one person. He is an information security analyst.

What's my experience with pricing, setup cost, and licensing?

Its pricing is great and can't be improved. It is very cheap. It is less than 2,000 pounds a license, and you can't really ask for more.

It has unlimited IPs and unlimited scans. There are no particular pricing constraints. The only additional cost is the inherent cost of the people to actually review the actual scans.

What other advice do I have?

My advice to people who are looking into implementing this product would be to just go ahead and do it. Don't be frightened about it. It is great. It does exactly what you'd expect it to do. You can use it as a stepping stone to the other Tenable products.

I would rate it a nine out of 10. It is a lovely product. It just does what you need it to do, and lets you get on with your day.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Tenable Nessus
November 2024
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,053 professionals have used our research since 2012.
reviewer1541385 - PeerSpot reviewer
Cybersecurity Manager at a manufacturing company with 10,001+ employees
Real User
Excellent at identifying vulnerabilities and accessing information related to that
Pros and Cons
  • "Ease of reviewing scores, identifying vulnerabilities, and getting information on them."
  • "Scans aren't done properly and some devices aren't pinged."

What is most valuable?

The valuable feature for me is being able to ping the computers to do the automated scan and to come back and be able to see everything. That's definitely a huge plus, but then there's also the ease of reviewing the scores, identifying vulnerabilities, and getting the information on the vulnerabilities; the ability to review all that within one tool has been phenomenal. When we're reviewing those Nessus scores, the solution works well.

What needs improvement?

I think there's still some things that need to be ironed out to ensure that we can have a one-stop shop to do both ACAS, SCAP automated assessments in. We've been trying to do that and they say you can, the capability is integrated into the system. But in most instances, especially when you're dealing with some systems that are standalone or a network that we built ourselves, we find that some devices aren't pinged and the scans aren't done properly. That also comes down to the hardening of the systems where the password or the privileges weren't taken, so therefore it didn't do the scan properly. 

For how long have I used the solution?

I've been using this solution for the past six or seven years. 

What do I think about the stability of the solution?

The solution is stable. We haven't run into any issues other than some passwords that don't take, but that's the way we set up the system. If it's set up properly and configured appropriately, there won't be any issues.

What do I think about the scalability of the solution?

We could definitely make the adjustment to scale it left, right, up and down, depending on what we're using it for and we haven't run into any issues on that. It's pretty flexible.

How was the initial setup?

The setup itself is pretty straightforward. Because these are standalone systems, there are some additional steps that the IT team needs to do, but they pretty much have it down to where they could install the tools pretty easily and have it running reasonably quickly. 

What other advice do I have?

I would recommend making sure that the solution meets your needs for automated scans and the SCAP. If you're looking for a one-stop shop, I think it's a great tool for that. I would recommend some form of training if you don't have experience with this kind of solution. There's a bit of a learning curve involved in terms of configuring and using Nessus. 

I rate this solution an eight out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Tharaka Shameera - PeerSpot reviewer
Intent Manager at SLIIT
Real User
Top 5
Identifies and addresses vulnerabilities but the dashboard needs improvement

What is our primary use case?

We use Tenable Nessus as a vulnerability management tool. It helps identify vulnerabilities in our system, how to address them, and what mitigation steps are required. We can assign high, medium, or low priority levels and schedule scans to run at specific times. The tool generates vulnerability assessment reports, valuable in our organization's environment for continuous security assessment.

How has it helped my organization?

We can onboard our organization's access and run scans as needed. We can also share the scan results every year and perform many other tasks with Tenable.

What is most valuable?

It’s a strong vulnerability assessment tool for management and serviceability. It is a reliable product that helps us identify vulnerabilities in our system effectively. I use it to scan our environment with SSM and generate vulnerability assessment reports.

What needs improvement?

The dashboard could be improved.

For how long have I used the solution?

I have been using Tenable Nessus for two years.

What do I think about the scalability of the solution?

Our team has 10-15 people using this solution. It’s a good tool for vulnerability assessment, and we can identify vulnerabilities in our organization. At this time, we can effectively use it within our organization.

I rate the solution’s scalability a nine out of ten.

What's my experience with pricing, setup cost, and licensing?

It is expensive.

I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.

What other advice do I have?

Overall, I rate the solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Wessam Altoumi - PeerSpot reviewer
Chief Commercial Officer at Yamamah Information Technology & Communication Systems LLC
Real User
Good reporting, good support, and easy to deploy and use
Pros and Cons
  • "It is easy to deploy and easy to use. Its reporting is good. From this reporting, you can see the pain point in your network, which makes it easy to fix them. It is easy to understand the reports and export them."
  • "Technically, it is an excellent and the best solution available in Libya. My only concern is related to its pricing. They are an emerging company in Libya, and they need to put in some effort to provide us with very good prices so that customers can go with the best solution. Chinese companies are getting into the market here, and they're providing very cheap solutions."

What is our primary use case?

Two of our customers use it for vulnerability assessment and penetration testing, and they are getting very good results.

What is most valuable?

It is easy to deploy and easy to use. Its reporting is good. From this reporting, you can see the pain point in your network, which makes it easy to fix them. It is easy to understand the reports and export them.

What needs improvement?

Technically, it is an excellent and the best solution available in Libya. My only concern is related to its pricing. They are an emerging company in Libya, and they need to put in some effort to provide us with very good prices so that customers can go with the best solution. Chinese companies are getting into the market here, and they're providing very cheap solutions.

For how long have I used the solution?

We have been providing network and solution integration services since 2012.

What do I think about the stability of the solution?

It is a stable solution. It is the best one in the world. I am not considering any other solutions.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

Their technical support is very good. The feedback that I have received from the customers for the tickets that they opened is that they are satisfied with the service.

How was the initial setup?

It is easy to deploy. It can be implemented in less than 10 days, but complex projects with ISO2007 and 001 compliance requirements can take more than a year.

What about the implementation team?

From our side, there are only two engineers. One is the main engineer and the other one is the backup engineer. 

It is being used by only three users. Two are from the cyber information security team and one is from the network security team.

What's my experience with pricing, setup cost, and licensing?

Its price is high for Libya. The companies here in Libya don't have the awareness of and a good budget for cybersecurity services. If you want them to go for a product, you need to provide something different. This differentiation is related to the price. They should give about 40% to 45% discount per person on the current cost. From our side, we provide the demo and show it as a very good and valuable solution, but when it comes to the price, some companies don't want to own the tool. They prefer to go for it as a service. There are a few companies that are providing it as a service where they own the tool, but they provide it as a service, which is cheaper than a customer owning the product. We strongly recommended that customers own the product and use it. 

I strongly recommend to customers to go for a three-year license to use it, benefit from it, and be comfortable with it. In Libya, we are facing a problem related to the timelines and delays of projects. If they go for just a one-year license and the project gets delayed by six months, they will have only six months to use it.

What other advice do I have?

It is a very good and useful tool. I would rate it a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
CLAUDIO SANTOS - PeerSpot reviewer
Operation Director at GLOBALIP
Reseller
Top 5Leaderboard
Automates scanning process, enhancing the ability to monitor the security landscape continuously
Pros and Cons
  • "It notifies us of vulnerabilities as they arise, allowing us to respond quickly without manual intervention."
  • "The product could have unique features similar to one of its competitors."

How has it helped my organization?

The platform is essential for vulnerability management tasks and integrates with various data management applications.

What needs improvement?

The product could have unique features similar to Qualys. 

For how long have I used the solution?

We have been using Tenable Nessus for about a year to a year and a half. We are using the latest version to ensure access to all the latest features.

Which solution did I use previously and why did I switch?

While Tenable offers a robust solution, the main competitor, Qualys, has some unique features. However, Tenable has a larger market share, indicating that it has undergone extensive testing and development based on customer feedback.

How was the initial setup?

The complexity of deploying Nessus largely depends on the customer's operational environment. If the environment has diverse systems, implementation may be more complex, while a more uniform system allows for easier setup.

The timeline for implementation could range from one week to several months based on these factors.

What's my experience with pricing, setup cost, and licensing?

The product pricing is dynamic and varies based on the specific needs of each project and customer.

Discounts can be offered based on competition and project requirements, making it a relative cost depending on the context.

What other advice do I have?

The solution automates vulnerability checks, which is crucial for our customers who cannot dedicate a team to monitor security issues constantly. It notifies us of vulnerabilities as they arise, allowing us to respond quickly without manual intervention.

It automates the scanning process, allowing us to schedule regular scans, generate reports, and receive notifications about critical vulnerabilities via email. It enhances our ability to monitor the security landscape continuously.

Overall, I rate it a nine out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Assistant Director for Computing and Network infrastructure at SRCE
Real User
Top 20
Helps to conduct monthly scans and open tickets for developers to address identified vulnerabilities
Pros and Cons
  • "We have around 500 virtual machines. Therefore, we conduct monthly scans and open tickets for our developers to address identified vulnerabilities. These scans cover the servers, other network equipment, and appliances in our infrastructure."
  • "One significant drawback we encounter is the tool's tendency to flag patched packages incorrectly. For instance, if a package is patched by Debian maintainers but not updated to a major or minor version, Nessus may still flag it as vulnerable based on its database. This discrepancy leads to false alarms and requires our developers, system admins, and DevOps teams to address them."

What is our primary use case?

We have around 500 virtual machines. Therefore, we conduct monthly scans and open tickets for our developers to address identified vulnerabilities. These scans cover the servers, other network equipment, and appliances in our infrastructure. 

What needs improvement?

One significant drawback we encounter is the tool's tendency to flag patched packages incorrectly. For instance, if a package is patched by Debian maintainers but not updated to a major or minor version, Nessus may still flag it as vulnerable based on its database. This discrepancy leads to false alarms and requires our developers, system admins, and DevOps teams to address them. 

It would be beneficial if it could handle minor additions to versions similar to how Debian manages its patches. This feature would allow it to differentiate between patched and non-patched versions.

For how long have I used the solution?

I have been using the product for ten years. 

What do I think about the stability of the solution?

Tenable Nessus is very stable. We encountered some issues with scanning certain network equipment but resolved them by adjusting the parameters. Our main focus is scanning our servers; we haven't experienced any significant problems with that process.

What do I think about the scalability of the solution?

My company has three users. 

How are customer service and support?

We haven't contacted Tenable Nessus for assistance or questions because we haven't encountered any serious issues, and we are generally satisfied with the product.

Which solution did I use previously and why did I switch?

We chose Tenable Nessus because we primarily rely on open-source products as a publicly funded institution. About ten years ago, we conducted research to determine the best option, and at that time, it stood out as the preferred choice.

How was the initial setup?

Tenable Nessus' deployment is straightforward. 

What's my experience with pricing, setup cost, and licensing?

The product is free. 

What other advice do I have?

I rate the overall product a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2154231 - PeerSpot reviewer
Information Security Analyst at a retailer with 1,001-5,000 employees
Real User
You can customize the tool to scan exactly what you want
Pros and Cons
  • "My favorite part about Nessus is that you can customize the tool to scan exactly what you want. Microsoft releases new patches monthly on Patch Tuesday, and a lot of companies track that date. I set up Nessus for the day after Patch Tuesday to see which devices have already pushed those updates from Microsoft, so we can stay updated."
  • "You can scale Nessus to the extent that you can afford it. You need to have a license for every device you scan. As long as you can afford the increased costs, you won't have a problem scaling it."

What is our primary use case?

Tenable Nessus is vulnerability management software. We install Nessus scanners on all our workstations and laptops. It runs scans to check for outdated software and vulnerabilities. At the beginning of each month, I send notes out to the admins about what needs to be updated, and I check at the end of the month to make sure it's done. 

How has it helped my organization?

Nessus helps us keep our software up to date to avoid security vulnerabilities. It's a good tool for auditing our vulnerability management. 

What is most valuable?

My favorite part about Nessus is that you can customize the tool to scan exactly what you want. Microsoft releases new patches monthly on Patch Tuesday, and a lot of companies track that date. I set up Nessus for the day after Patch Tuesday to see which devices have already pushed those updates from Microsoft, so we can stay updated. 

Tenable stays on top of new IT trends in vulnerability management because there's constant innovation. They keep up with the industry. In the past few years, everything has shifted to cloud-based servers. It's a long-term trend that COVID accelerated. Tenable came out with a tool for that. 

What do I think about the stability of the solution?

Nessus  is pretty stable if you have a disaster recovery plan in place. We've never had an outage. The stability depends on the servers where it is running. 

What do I think about the scalability of the solution?

You can scale Nessus to the extent that you can afford it. You need to have a license for every device you scan. As long as you can afford the increased costs, you won't have a problem scaling it.

How are customer service and support?

I rate Tenable support 10 out of 10. They're top-of-the-line.  It's the best support I've worked with so far. 

How would you rate customer service and support?

Positive

What other advice do I have?

I rate Tenable Nessus nine out of 10. I recommend creating a Tenable Community account. Tenable uses that for support, but they also have a massive library of training videos that they call Tenable University. You can also access the Tenable Community forums where experts and general users can share information and ask questions. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Tenable Nessus Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Product Categories
Vulnerability Management
Buyer's Guide
Download our free Tenable Nessus Report and get advice and tips from experienced pros sharing their opinions.