Tenable Nessus Reviews

I am using it for scanning and checking vulnerabilities. I am using the Azure version of Tenable Nessus.

I like this solution because it is complete. It can scan and check many types of vulnerabilities. It can also check for compliance.

It fits very well in my environment. It is very easy to use, and there is a very good cost-benefit of this solution. 

There should be a possibility to install agents on scanned machines. Tenable IO provides the capability of using local agents to check local problems, but this feature is not there in Tenable Nessus Professional. It would be nice to have something similar in Tenable Nessus Professional. We should have the capability to use local agents installed on the machines to locally check a problem.

It is stable.

It is, for sure, scalable. We have 10 or 12 people who use this solution.

We never have any kind of problem or lack of response. I would rate them a ten out of ten.

Positive

It is very easy. It is pretty straightforward.

It has a fair cost and very good cost-benefit ratio.

I would recommend it to others. It does everything that such a solution needs to do. It can check for vulnerabilities and compliance. It is also very easy to use. It is better than its competitors, such as Rapid7.

I trust Tenable solutions. I have worked with Tenable IO a few years ago, and with Tenable Nessus, I had the same feeling that I had with Tenable IO. It is a very good solution. It is more expensive than Tenable IO, but it is a complete solution. 

I would rate it a nine out of ten.

We are using the product for CIS benchmarking on our systems.

Our primary use case is basically understanding whether our systems are compliant with the CIS benchmarks in terms of system hardening. What Tenable Nessus does is it can run a scan on the systems and it gives us a report in terms of what properties or settings on the systems are in compliance and what are not in compliance. Then we can review that and go back and improve the systems in terms of those settings.

What I like about it is the fact that it can figure out what changes we need to make on our systems to ensure that they're hardened properly.

The initial setup is not difficult. 

Once you get past the initial implementation, the solution is very stable. 

It's scalable. 

So far, it has been fulfilling the requirements. From that perspective, there is not a lot that I would want to improve in the features that we are using it.

They could make their reporting a little better. Maybe they could do some more integrations with certain other tools to extend it or make the reporting better in the sense that it could probably generate some alerts or something of that sort. It could do some real-time reporting. If there are any policies that are changing or getting violated, they could probably generate some alerts, which could involve the on-call on my side so that I could take immediate action. That could probably be one thing that they could introduce.

We've used the solution for about a year now. It hasn't been that long. 

Initially, we had some issues. Initially, we were not very confident about how to configure certain things. Once we had integrated and deployed the product, we needed a few support calls to fix the system properly in our environment and since then it has been smooth, I would say. The stability is now good.

The solution can scale. 

We have very few users. It's basically based on the number of systems that we need to install it on in terms of scaling. That's something that probably is more than the number of users who actually access the system. It's largely used by the security team.

We do have plans to increase the usage of Tenable Nessus organically. As the number of systems that we use is dynamic in nature, it likely will keep going up and down over time.

We've dealt with technical support on and off I would say. We keep talking to the technical support at times to get some insights on any new features that are coming in or in terms of how to use a certain feature that we are probably trying to introduce or something of that sort.

We were not using any other products before this.

For the initial setup, I need to deploy an agent on my systems. It's pretty straightforward. It's not very difficult.

I'm not really sure about how long it took, however, my understanding is it didn't take too long for our system. It was maybe a few minutes per system or maybe half an hour per system. Not more than that.

We did not use a consultant or any integrator for the deployment. We did it in-house. 

There were a couple of people on my team who were able to set it up for us.

I'm not aware of the licensing cost.

I'd recommend the product to others. If a company wants to use it for system analysis as part of the benchmarking of the systems or if a company wants to do security benchmarking, they can use this. They should be able to use the tool.

I'd rate the solution eight out of ten. 

We use Tenable Nessus for vulnerability scanning.

The results are not that bad, but the key selling point is that it is an affordable tool set.

It is a very easy tool to use.

We are happy with the existing features.

We are happy with the functionality, and what we get from the tool.

I am not sure. I see they have released new products that we haven't yet evaluated. I believe the new products are the opportunity for improvement that they are bringing to market. But for the time being,

They have added a new Tenable Nessus Expert. That is their new product, which caters to the cloud and everything else. 

I am assuming that the new features and product enhancements are based on that tool set, but we haven't reviewed it yet.

I have been working with Tenable Nessus for 10 years.

It's a proper toolkit, it goes a long way with us.

We are working with the latest version.

Tenable Nessus is very stable. 

I would rate the stability of this solution a five out of five.

Tenable Nessus is a scalable solution, I would rate the scalability a five out of five.

It is based on the number of endpoints. We have 1,500 endpoints in our company.

We can contact technical support using their web console. We can log a support ticket as end users, although we seldom use this feature.

I would rate their technical support a five out of five.

Positive

We are also working with Rapid7 InsightVM.

It is not as good as Rapid7 from our perspective, but it is part of our toolbox arsenal. As a result, we have it on board and solely use it internally.

It is very easy to deploy.

This solution was deployed in 30 minutes, or less. It is very easy. It is straightforward, and out of the box.

The deployment was completed in-house. We did it ourselves.

We only need one engineer to deploy and maintain this solution.

I would rate the return on investment a five out of five.

Cost-wise, it's an affordable tool.

Licensing fees are paid annually.

I would rate the licensing cost a five out of five.

I would rate Tenable Nessus a ten out of ten.

I use Tenable Nessus for vulnerability assessment so that you can scan for CVEs and existing CVEs. Tenable Nessus will show you the latest update on those vulnerabilities and where it needs patches, so it goes hand in hand with patch management. As soon as you scan, you can see whether it needs patching, and if needed, you can go ahead and deploy patch management to address the current issue.

The most valuable features of the solution are the policy and the active scan. The features are different for Tenable Security Center since it is more on an on-premises model. The solution also has features like Tenable.io and Tenable Web App Scanning.

I wouldn't want to change anything about Tenable Nessus since I haven't found or run into any issues in Tenable Nessus.

I like Tenable since I find everything related to the solution simplified and easy to use. You can approach the online community of Tenable when you run into a problem, and there is a bunch of information available there that you can gather and use for troubleshooting purposes.

I faced some problems with Tenable Nessus when dealing with some of our company's customers in China. The problems I faced with Tenable Nessus were related to its dashboard's customization capabilities and its ability to provide data to third-party sources. The solution should offer simplified data-sharing capabilities. Though we have the dashboards and can customize them, the options for customization are available in the templates provided by Tenable Nessus. It might not be possible with Tenable Nessus to add every component a person wants to a single dashboard since they can only choose whatever is available on the templates provided by Tenable Nessus. The aforementioned areas can be considered for improvement in the solution.

I have been using Tenable Nessus for two months. My company operates as a reseller of the product while also having a partnership with the solution.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight out of ten.

Around 90 percent of our company's customers work with Tenable Nessus.

For the solution's technical support, our company directly seeks help from the solution's vendor in Vietnam or Singapore, who are very responsive. I rate the technical support an eight out of ten.

Positive

The initial setup of Tenable Nessus is very easy. You can get the application's installation file and implement it faster than ManageEngine, making it a simple process. I rate the initial setup of Tenable Nessus a nine out of ten.

The solution is deployed on an on-premises model.

With Tenable Nessus, you have a file, and you just need to install it. In the on-premises model of the solution, you have a dashboard or console that you go to, which is like an internal website that you have set up so that you can get access to the on-premises version of the product.

I rate the product's price seven or eight on a scale of one to ten, where one is low price and ten is high price.

Tenable Nessus is a great tool. I believe everyone should be using Tenable Nessus since it is a tool that can be used for vulnerability assessment when companies face some vulnerabilities to find security holes or threats.

I rate the overall solution a nine out of ten.

The valuable feature for me is being able to ping the computers to do the automated scan and to come back and be able to see everything. That's definitely a huge plus, but then there's also the ease of reviewing the scores, identifying vulnerabilities, and getting the information on the vulnerabilities; the ability to review all that within one tool has been phenomenal. When we're reviewing those Nessus scores, the solution works well.

I think there's still some things that need to be ironed out to ensure that we can have a one-stop shop to do both ACAS, SCAP automated assessments in. We've been trying to do that and they say you can, the capability is integrated into the system. But in most instances, especially when you're dealing with some systems that are standalone or a network that we built ourselves, we find that some devices aren't pinged and the scans aren't done properly. That also comes down to the hardening of the systems where the password or the privileges weren't taken, so therefore it didn't do the scan properly. 

I've been using this solution for the past six or seven years. 

The solution is stable. We haven't run into any issues other than some passwords that don't take, but that's the way we set up the system. If it's set up properly and configured appropriately, there won't be any issues.

We could definitely make the adjustment to scale it left, right, up and down, depending on what we're using it for and we haven't run into any issues on that. It's pretty flexible.

The setup itself is pretty straightforward. Because these are standalone systems, there are some additional steps that the IT team needs to do, but they pretty much have it down to where they could install the tools pretty easily and have it running reasonably quickly. 

I would recommend making sure that the solution meets your needs for automated scans and the SCAP. If you're looking for a one-stop shop, I think it's a great tool for that. I would recommend some form of training if you don't have experience with this kind of solution. There's a bit of a learning curve involved in terms of configuring and using Nessus. 

I rate this solution an eight out of 10. 

We have clients, and we are a vendor. We have deployed Tenable Nessus users with the help of the Principal on the client's environment. I have experience with the deployment and the scanning.

The features I personally like include host discovery. For web servers, there are individual options available. There are many options that are useful to us.

Sometimes, the categorization for clients was tricky at first, however, they eventually got used to it.

I haven't faced any issues as of now. It has been stable with no critical issues, technical issues, or downtimes.

The support has been really cooperative. Whenever any issue arises, we contact the support, and they are always there for us. The support is pretty good.

Positive

The deployment was done by the Tenable team, and I was part of this process.

I definitely recommend Tenable Nessus for network scanning and other tasks.

I'd rate the solution eight out of ten.

We are using Tenable Nessus for vulnerability management. Not exactly the management, but we perform vulnerability assessments mostly for internal networks. Additionally, we use Acunetix and it comes into play for the web application.

The most valuable feature of Tenable Nessus is vulnerability assessments. There are a lot of threats around the world and this solution is the first to come out with detection rules.

Tenable Nessus could improve the reporting by adding some dashboards. The reports are a hassle at this time. Tenable.io has more detailed reports. Having a better dashboard that can show where the vulnerabilities are and be categorized would be helpful. We then could present them to upper management for a deep overview of our network posture which they do not see.

I have been using Tenable Nessus for approximately seven years.

Tenable Nessus is stable.

Tenable Nessus is scalable, it can scale up and down.

We have five or six people using this solution occasionally. We have monthly schedules for scanning, the solution is not used daily.

The support of Tenable Nessus is responsive and helpful.

I rate the support from Tenable Nessus a five out of five.

Positive

I have previously used Acunetix and they are more focused on web applications instead of vulnerability assessments. Tenable Nessus lacks in this area, they should focus more on the web applications side.

The initial setup of Tenable Nessus is straightforward. There is helpful documentation that is provided.

I rate the setup of Tenable Nessus a five out of five.

We did the implementation of the solution in-house.

When comparing the price of Tenable Nessus to other similar solutions, such as Acunetix, Tenable Nessus is not as expensive. It is averagely priced in the market. We pay for the solution annually.

My advice to others wanting to implement this solution is they need to understand what will be scanned. For example, if they are using internal servers or something similar, and is it on the cloud, or web applications, this is something they need to know. It's a good idea to evaluate these things on their end before choosing to use the solution. This solution focuses more on the servers or the network security side. Acunetix focuses more on the web application side. This is where the buyer has to evaluate and know their use case.

I rate Tenable Nessus a nine out of ten.

We use Tenable to scan all the workstations in our government environment for vulnerabilities and outdated software. The Tenable agents installed on the PCs enable us to detect any potential security risks or applications that are not up-to-date, malicious, or suspicious. This helps us ensure that all the PCs are secure and are in good posture.

The most valuable feature is the installation of Tenable which is incredibly easy. Even those without extensive technical knowledge can do it. All we need is the license and a few clicks through the installation process which is simple. Once the program is installed on all PCs and servers, we're good to go!

The solution can be annoyingly slow.

The pricing is a bit high. 

We would like to see the inclusion of penetration testing capabilities if possible.

Tenable has been mostly used in the on-premise environment, so it would be great if they could improve the transition to the cloud.

The accuracy of the vulnerability assessment needs improvement as false alarms and false positives occur often. Applications are often flagged as critical when they are actually benign. To improve user experience, there needs to be an upgrade in the accuracy of the results and a more user-friendly interface.

Sometimes it can be difficult to adjust the policies. When the solution has been previously installed. Making changes to policies requires navigating multiple steps. This process can be time-consuming and potentially confusing. Expert knowledge may be necessary in certain cases.

I have been using the solution for four years.

There has been an improvement over the years and the solution is now extremely stable.

We can easily scale up our license to support more devices. By increasing our license, we can add more workstations.

The technical support is outstanding. We encountered some difficulties during our initial deployment, yet they persisted in helping us all day long. Their support team is very competent.

Positive

The initial setup is straightforward. 

The deployment took us two days to install the SoC on all 100 of our workstations.

The solution is expensive. We lost bids to competing companies due to the pricing; there are cheaper alternatives to Tenable such as Rapid7 InsightVM.

I give the solution an eight out of ten.

We have 100 workstations that all use the solution.