Tenable Nessus is vulnerability management software. We install Nessus scanners on all our workstations and laptops. It runs scans to check for outdated software and vulnerabilities. At the beginning of each month, I send notes out to the admins about what needs to be updated, and I check at the end of the month to make sure it's done.
Information Security Analyst at a retailer with 1,001-5,000 employees
You can customize the tool to scan exactly what you want
Pros and Cons
- "My favorite part about Nessus is that you can customize the tool to scan exactly what you want. Microsoft releases new patches monthly on Patch Tuesday, and a lot of companies track that date. I set up Nessus for the day after Patch Tuesday to see which devices have already pushed those updates from Microsoft, so we can stay updated."
- "You can scale Nessus to the extent that you can afford it. You need to have a license for every device you scan. As long as you can afford the increased costs, you won't have a problem scaling it."
What is our primary use case?
How has it helped my organization?
Nessus helps us keep our software up to date to avoid security vulnerabilities. It's a good tool for auditing our vulnerability management.
What is most valuable?
My favorite part about Nessus is that you can customize the tool to scan exactly what you want. Microsoft releases new patches monthly on Patch Tuesday, and a lot of companies track that date. I set up Nessus for the day after Patch Tuesday to see which devices have already pushed those updates from Microsoft, so we can stay updated.
Tenable stays on top of new IT trends in vulnerability management because there's constant innovation. They keep up with the industry. In the past few years, everything has shifted to cloud-based servers. It's a long-term trend that COVID accelerated. Tenable came out with a tool for that.
What do I think about the stability of the solution?
Nessus is pretty stable if you have a disaster recovery plan in place. We've never had an outage. The stability depends on the servers where it is running.
Buyer's Guide
Tenable Nessus
October 2024
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
What do I think about the scalability of the solution?
You can scale Nessus to the extent that you can afford it. You need to have a license for every device you scan. As long as you can afford the increased costs, you won't have a problem scaling it.
How are customer service and support?
I rate Tenable support 10 out of 10. They're top-of-the-line. It's the best support I've worked with so far.
How would you rate customer service and support?
Positive
What other advice do I have?
I rate Tenable Nessus nine out of 10. I recommend creating a Tenable Community account. Tenable uses that for support, but they also have a massive library of training videos that they call Tenable University. You can also access the Tenable Community forums where experts and general users can share information and ask questions.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager at Clearsale
Does everything that it needs to, provides good value for money, and is very easy to use
Pros and Cons
- "I like this solution because it is complete. It can scan and check many types of vulnerabilities. It can also check for compliance."
- "There should be a possibility to install agents on scanned machines. Tenable IO provides the capability of using local agents to check local problems, but this feature is not there in Tenable Nessus Professional. It would be nice to have something similar in Tenable Nessus Professional. We should have the capability to use local agents installed on the machines to locally check a problem."
What is our primary use case?
I am using it for scanning and checking vulnerabilities. I am using the Azure version of Tenable Nessus.
What is most valuable?
I like this solution because it is complete. It can scan and check many types of vulnerabilities. It can also check for compliance.
It fits very well in my environment. It is very easy to use, and there is a very good cost-benefit of this solution.
What needs improvement?
There should be a possibility to install agents on scanned machines. Tenable IO provides the capability of using local agents to check local problems, but this feature is not there in Tenable Nessus Professional. It would be nice to have something similar in Tenable Nessus Professional. We should have the capability to use local agents installed on the machines to locally check a problem.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
It is, for sure, scalable. We have 10 or 12 people who use this solution.
How are customer service and support?
We never have any kind of problem or lack of response. I would rate them a ten out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
It is very easy. It is pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
It has a fair cost and very good cost-benefit ratio.
What other advice do I have?
I would recommend it to others. It does everything that such a solution needs to do. It can check for vulnerabilities and compliance. It is also very easy to use. It is better than its competitors, such as Rapid7.
I trust Tenable solutions. I have worked with Tenable IO a few years ago, and with Tenable Nessus, I had the same feeling that I had with Tenable IO. It is a very good solution. It is more expensive than Tenable IO, but it is a complete solution.
I would rate it a nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Tenable Nessus
October 2024
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Security Infrastructure Engineer at NP Secure Co.,Ltd
A vulnerability assessment tool with patch management capabilities that offers ease of deployment
Pros and Cons
- "The initial setup of Tenable Nessus is very easy."
- "The problems I faced with Tenable Nessus were related to its dashboard's customization capabilities and its ability to provide data to third-party sources."
What is our primary use case?
I use Tenable Nessus for vulnerability assessment so that you can scan for CVEs and existing CVEs. Tenable Nessus will show you the latest update on those vulnerabilities and where it needs patches, so it goes hand in hand with patch management. As soon as you scan, you can see whether it needs patching, and if needed, you can go ahead and deploy patch management to address the current issue.
What is most valuable?
The most valuable features of the solution are the policy and the active scan. The features are different for Tenable Security Center since it is more on an on-premises model. The solution also has features like Tenable.io and Tenable Web App Scanning.
What needs improvement?
I wouldn't want to change anything about Tenable Nessus since I haven't found or run into any issues in Tenable Nessus.
I like Tenable since I find everything related to the solution simplified and easy to use. You can approach the online community of Tenable when you run into a problem, and there is a bunch of information available there that you can gather and use for troubleshooting purposes.
I faced some problems with Tenable Nessus when dealing with some of our company's customers in China. The problems I faced with Tenable Nessus were related to its dashboard's customization capabilities and its ability to provide data to third-party sources. The solution should offer simplified data-sharing capabilities. Though we have the dashboards and can customize them, the options for customization are available in the templates provided by Tenable Nessus. It might not be possible with Tenable Nessus to add every component a person wants to a single dashboard since they can only choose whatever is available on the templates provided by Tenable Nessus. The aforementioned areas can be considered for improvement in the solution.
For how long have I used the solution?
I have been using Tenable Nessus for two months. My company operates as a reseller of the product while also having a partnership with the solution.
What do I think about the stability of the solution?
Stability-wise, I rate the solution an eight out of ten.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution an eight out of ten.
Around 90 percent of our company's customers work with Tenable Nessus.
How are customer service and support?
For the solution's technical support, our company directly seeks help from the solution's vendor in Vietnam or Singapore, who are very responsive. I rate the technical support an eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of Tenable Nessus is very easy. You can get the application's installation file and implement it faster than ManageEngine, making it a simple process. I rate the initial setup of Tenable Nessus a nine out of ten.
The solution is deployed on an on-premises model.
With Tenable Nessus, you have a file, and you just need to install it. In the on-premises model of the solution, you have a dashboard or console that you go to, which is like an internal website that you have set up so that you can get access to the on-premises version of the product.
What's my experience with pricing, setup cost, and licensing?
I rate the product's price seven or eight on a scale of one to ten, where one is low price and ten is high price.
What other advice do I have?
Tenable Nessus is a great tool. I believe everyone should be using Tenable Nessus since it is a tool that can be used for vulnerability assessment when companies face some vulnerabilities to find security holes or threats.
I rate the overall solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Principal Security Architect at a tech vendor with 10,001+ employees
Is easy to use and configure, and has a lot of plugins
Pros and Cons
- "The ease of use is the primary valuable feature. This specific version is very straightforward. I like the ability to modify it and configure it based on the different policies."
- "Multiple user access would be an area for improvement from a user-access perspective. A role-based access control feature would be great because at present, there is a limitation with only one account. If that account gets compromised or gets locked, then we will encounter problems."
What is our primary use case?
We use it predominantly for vulnerability scanning and compliance scanning as part of the vulnerability and compliance protocols in one of our programs.
What is most valuable?
The ease of use is the primary valuable feature. This specific version is very straightforward. I like the ability to modify it and configure it based on the different policies.
I also like the number of plugins. It has quite a lot of plugins that keep it up to date with the different vulnerabilities coming out.
What needs improvement?
Multiple user access would be an area for improvement from a user-access perspective. A role-based access control feature would be great because at present, there is a limitation with only one account. If that account gets compromised or gets locked, then we will encounter problems.
It would be good to have a way to store filters from searches so that you don't have to recreate them from scratch every time. To be able to have them saved as a list of filters would be really useful.
It would be really useful to have a way to assess the risk of a specific vulnerability based on a number of factors which could be tailored. It could be a tailored set of factors you introduce to see a potential risk score or a different view of the CVSS score.
A lot of organizations do this manually, and some of them have some other ways of identifying or assessing the risk of vulnerabilities. It would be really useful to have a framework which allows you to create a way to assess the risk of vulnerabilities on the platform and potentially prioritize them or provide information as a report to management or to other teams for resolution.
It would be really nice to have a way to visualize the different results from the scans. For example, if you scan a Windows 2016 Server and you have a number of vulnerabilities, it would be nice to somehow show the vulnerabilities in a graphical format and potentially combine some of the outcomes into a graphical representation showing trending. Trending is quite important, especially when I speak to my senior management stakeholders and try to show the security posture and status. It would help to provide a long and wide view of where the vulnerabilities are and what kind of aging is present.
For how long have I used the solution?
I've used it for three and a half years.
What do I think about the stability of the solution?
Nessus Manager is very stable; I haven't had any problems. I'd give the stability of the product a five out of five.
What do I think about the scalability of the solution?
The product itself is not scalable by design. It is a single-user product, so it doesn't allow you to have multiple users at the same time. You have only one account. The type of product that we're using is not really meant for huge enterprises, and it's a bit more limited in terms of usage.
At present, I use the personal version for the account I'm looking after, but we probably have less than five people using this platform.
How was the initial setup?
The initial setup was easy.
What about the implementation team?
We implemented it ourselves. The deployment was done by one engineer, and it did not take too long.
What was our ROI?
The project in which I have been using it, it has been great because we satisfy a very crucial requirement. We have brought around vulnerability management, so it's really good ROI for what we have.
What's my experience with pricing, setup cost, and licensing?
Nessus Manager is not an expensive product. It has its limitations, but the pricing reflects that.
We have a yearly subscription.
What other advice do I have?
I would recommend Nessus Manager and rate it at eight on a scale from one to ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Chartered Engineer at Banglalink
Very easy to carry out ransomware checking, OS auditing and implementation
Pros and Cons
- "Makes ransomware checking and OS auditing and implementation relatively easy."
- "Lacks some penetration testing-related services."
What is our primary use case?
I use this solution for OS auditing, database auditing, virtualization, and following how closely it follows our CI or TISA benchmarks. We also use it for malware and ransomware risk and for carrying out assessments. We purchased this product from a local partner that has a premium partnership with Tenable. I'm a cybersecurity and compliance lead engineer.
What is most valuable?
The solution makes ransomware checking and OS auditing and implementation relatively easy. It covers most of the requirements for benchmarks for all sorts of widely available required configuration settings in the technology industry. It's also very user-friendly, easy on the eye, and saves a lot of time. It provides us with reports that perfectly satisfy compliance requirements, whatever the device or configuration settings.
What needs improvement?
There is very little to improve but cloud security tests would be something helpful to have. Tenable could also offer some penetration testing-related services, which would be beneficial.
For how long have I used the solution?
I've been using Nessus for three years.
What do I think about the stability of the solution?
It's a very stable solution.
What do I think about the scalability of the solution?
The solution is scalable. I use it for around 4,000 servers on a daily basis.
How are customer service and support?
The technical support is good. They offer expensive professional support, but I generally use the website documentation to fix things. Compared with other companies, they provide very good support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used Qualys and had a bad experience. It's not very user-friendly, licensing was difficult and deployment painful. I also used Rapid7, and I think Nessus is more user-friendly than both of those products.
How was the initial setup?
The initial setup was very easy and took just a few hours. It's important to plan wisely before implementing. Know how many servers you have and try to project your future requirements so that you can estimate the total number of IPs you require. If the forecast is accurate, the solution is cost-efficient. We used consultants from Singapore and they installed some agents in our on-premise servers. Maintenance is very easy.
What's my experience with pricing, setup cost, and licensing?
The global situation is very unstable and the dollar price has already increased significantly in our country in the last three or four months so everything has become expensive. Licensing is very competitive in our local markets and there's a lot of haggling that goes on. The option of a three-year license would be most beneficial for us because of the huge variations in the dollar.
What other advice do I have?
I rate this solution nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Expert at Birlasoft IndiaLtd.
Provides network and device scanning and allows us to pull reports that identify vulnerabilities
Pros and Cons
- "The vulnerability scanner is the most valuable feature."
- "I would like to see more on the automation side."
What is our primary use case?
We use this solution for network and device scanning. Massive scanners have been integrated with the security center. We scan devices and pull the report from the security center. We publish the report to respective stakeholders, and we maintain the reports for our records. The reports show vulnerabilities, plugin text, and plugin outputs. We analyze the report and try to close the vulnerabilities identified in the scan.
The solution is deployed on-premises.
There are about 10 people using this solution in my organization. They were part of the security team and were doing the scanning and remediation. I led the team and dealt with any challenges.
My organization is a service provider. We provide security services to clients.
What is most valuable?
The vulnerability scanner is the most valuable feature. It's an important feature for us. We use the plugin output for that. It shows us the exact version of Nessus and what is needed for remediation. Based on that, we decide what should be remediated first to get the best result for security.
The agent scanner is a valuable feature. We also do credential scans, which gives the equivalent report. In the log project situation, we receive very good support from Nessus. They have built one policy for the log project itself. With the help of that policy and the plugins specified for the log project, the scans were faster for that project.
If we run a scan, it will usually check all of the plugins, which is a time-consuming process. We received help, and we had one plugin for the log project. That was for checking the log project only because we were already done with the complete scan.
What needs improvement?
I would like to see more on the automation side. There should be proper tools and support for automation in Tenable itself.
For how long have I used the solution?
I have used this solution for more than four years.
What do I think about the stability of the solution?
It's a stable solution, but we noticed that the agent wasn't being updated. This means we have to update it manually and run a few commands to get the service running. If the solution isn't updated with the latest version, it will go offline.
How are customer service and support?
We receive very good technical support from the team in India. We're very happy with them. I'm also in touch with some people from Tenable India. They helped me understand the requirements and the solution's latest features.
I would rate technical support as four out of five because they could always improve.
How was the initial setup?
Initial setup was easy. That's why I proposed the solution to my current organization.
The deployment process completely depends on approvals and how we're getting the procurement of hardware and the licenses. It depends on the organization.
What's my experience with pricing, setup cost, and licensing?
The solution is worth the cost. It's a good investment.
Which other solutions did I evaluate?
I have also evaluated Qualys. There were some missing features, so we weren't able to detect vulnerabilities related to specific software, like Adobe and Java.
I have also used Tenable.sc.
What other advice do I have?
I would rate this solution as eight out of ten.
For those who want to use this solution, my advice is to go to Tenable's website and read about the solution so you can properly understand its features. There are demo videos too. That will help you make a decision about whether you want to use the tool or not.
I would definitely recommend this solution to others who want to use it.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager - SRE at Zenoti
Reliable, easy to set up, and helps with compliance
Pros and Cons
- "Once you get past the initial implementation, the solution is very stable."
- "They could make their reporting a little better."
What is our primary use case?
We are using the product for CIS benchmarking on our systems.
Our primary use case is basically understanding whether our systems are compliant with the CIS benchmarks in terms of system hardening. What Tenable Nessus does is it can run a scan on the systems and it gives us a report in terms of what properties or settings on the systems are in compliance and what are not in compliance. Then we can review that and go back and improve the systems in terms of those settings.
What is most valuable?
What I like about it is the fact that it can figure out what changes we need to make on our systems to ensure that they're hardened properly.
The initial setup is not difficult.
Once you get past the initial implementation, the solution is very stable.
It's scalable.
What needs improvement?
So far, it has been fulfilling the requirements. From that perspective, there is not a lot that I would want to improve in the features that we are using it.
They could make their reporting a little better. Maybe they could do some more integrations with certain other tools to extend it or make the reporting better in the sense that it could probably generate some alerts or something of that sort. It could do some real-time reporting. If there are any policies that are changing or getting violated, they could probably generate some alerts, which could involve the on-call on my side so that I could take immediate action. That could probably be one thing that they could introduce.
For how long have I used the solution?
We've used the solution for about a year now. It hasn't been that long.
What do I think about the stability of the solution?
Initially, we had some issues. Initially, we were not very confident about how to configure certain things. Once we had integrated and deployed the product, we needed a few support calls to fix the system properly in our environment and since then it has been smooth, I would say. The stability is now good.
What do I think about the scalability of the solution?
The solution can scale.
We have very few users. It's basically based on the number of systems that we need to install it on in terms of scaling. That's something that probably is more than the number of users who actually access the system. It's largely used by the security team.
We do have plans to increase the usage of Tenable Nessus organically. As the number of systems that we use is dynamic in nature, it likely will keep going up and down over time.
How are customer service and support?
We've dealt with technical support on and off I would say. We keep talking to the technical support at times to get some insights on any new features that are coming in or in terms of how to use a certain feature that we are probably trying to introduce or something of that sort.
Which solution did I use previously and why did I switch?
We were not using any other products before this.
How was the initial setup?
For the initial setup, I need to deploy an agent on my systems. It's pretty straightforward. It's not very difficult.
I'm not really sure about how long it took, however, my understanding is it didn't take too long for our system. It was maybe a few minutes per system or maybe half an hour per system. Not more than that.
What about the implementation team?
We did not use a consultant or any integrator for the deployment. We did it in-house.
There were a couple of people on my team who were able to set it up for us.
What's my experience with pricing, setup cost, and licensing?
I'm not aware of the licensing cost.
What other advice do I have?
I'd recommend the product to others. If a company wants to use it for system analysis as part of the benchmarking of the systems or if a company wants to do security benchmarking, they can use this. They should be able to use the tool.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Analyst at PJM Interconnection
Useful vulnerability detection, highly scalable, and good support
Pros and Cons
- "The most valuable feature of Tenable Nessus is vulnerability detection."
- "Tenable Nessus could improve reporting and information sharing. It would be helpful if we could share the reports and have a little bit better flexibility in the reporting of the data."
What is our primary use case?
Tenable Nessus can be deployed on-premise and in the cloud.
Tenable Nessus is a vulnerability scanner to find vulnerabilities. The solution finds the vulnerabilities in our environment and then we send those vulnerabilities that are found out to the SMEs to be fixed.
How has it helped my organization?
Tenable Nessus allows us to keep up on fixing the vulnerabilities that are either being exploited in the wild or the ones that we find most critical.
What is most valuable?
The most valuable feature of Tenable Nessus is vulnerability detection.
What needs improvement?
Tenable Nessus could improve reporting and information sharing. It would be helpful if we could share the reports and have a little bit better flexibility in the reporting of the data.
In the next release, they should add some more integration with other security solutions that would be helpful.
For how long have I used the solution?
I have used Tenable Nessus for approximately 10 years.
What do I think about the stability of the solution?
The stability of Tenable Nessus is very good.
What do I think about the scalability of the solution?
Tenable Nessus is highly scalable.
We have a couple of administrators and vulnerability analysts who run scans, and read-only accounts for the SMEs who fix vulnerabilities, and an executive role for management to view the data.
We use Tenable Nessus extensively, we have scheduled jobs running all the time. We do scans on all the systems on our network, and we are always making tweaks.
How are customer service and support?
I rate the support of Tenable Nessus a four out of five.
Which solution did I use previously and why did I switch?
I have not used another solution previously to Tenable Nessus.
How was the initial setup?
For our deployment of Tenable Nessus, there are elements of complexity. However, the complexity depends on the use case. The solution is not that difficult to implement, the complexity comes from the many things that are involved. You do not need to be an expert there are many parts that need to be set up.
We had Linux servers built and the Tenable Nessus software was installed on top of that. It was relatively simple as far as that goes.
I rate the ease of setup of Tenable Nessus a three out of five.
What about the implementation team?
We did the implementation in-house.
We have two administrators and one SME that does the supporting of Tenable Nessus.
What was our ROI?
It is difficult to show or rate ROI from a security standpoint, it is similar to having car insurance. When there are vulnerabilities out there, we can quickly look because we're scanning all the time at what our vulnerabilities are. Tenable Nessus is used for keeping our infrastructure safe.
What's my experience with pricing, setup cost, and licensing?
Tenable Nessus needs to be licensed. We own a license for the security center and that license is charged by the number of IP addresses that you can scan. You're allowed to have as many scanners as you want and there's no license for the number of scanners. We have a bunch of Nessus scanners out there, and as long as we're comfortable with staying under that IP address limit, that's really all we have to be concerned about.
We pay a monthly maintenance fee, which is reoccurring.
Which other solutions did I evaluate?
We did evaluate other solutions before choosing Tenable Nessus, such as Rapid7. We choose Tenable Nessus because it was used by more customers and it seemed at the time to be more straightforward.
What other advice do I have?
Security is complicated a subject. There's a lot involved in Tenable Nessus, but the solution is easy to run and manage and we have had a lot of good success with it.
I rate Tenable Nessus a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Tenable Nessus Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Vulnerability ManagementPopular Comparisons
Microsoft Intune
Microsoft Defender for Cloud
Qualys VMDR
Tenable Security Center
Tanium
Rapid7 InsightVM
Tenable Vulnerability Management
Orca Security
Pentera
Acunetix
JFrog Xray
Claroty Platform
Skybox Security Suite
Buyer's Guide
Download our free Tenable Nessus Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Qualys VM vs Tenable Nessus: Comparison
- How would you choose between Rapid7 InsightVM and Tenable Nessus?
- What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
- How does Tenable Nessus compare with Qualys VM?
- What are the main differences between Qualys VMDR and Tenable Nessus?
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
Easy to deploy and use, stable, and scalable.