Tenable Nessus Reviews

Our customers are using this solution. They scan their network, and they get a report about vulnerability assessment tools and solutions.

It's deployed on-prem.

It gives you an unlimited IP scan. It's a cheap solution compared to Rapid7 or Qualys. It's very user-friendly. Customers can easily scan their network.

I would like to have a management option after the network scanning.

The difference between Nessus and Rapid7 is price. Nessus is a very cheap solution compared to Rapid7 and has unlimited IP scanning facilities, but Rapid7 doesn't have this option. It has IP limitations. Rapid7 has some models based on how many IPs the customer wants to scan, and the costs depends on that amount.

The cost is around $4,300 per year. Use is unlimited. You don't pay more if you want to use it for another IP.

I would rate this solution 8 out of 10.

We are using it to find out the vulnerabilities in our critical servers and to patch them.

We are using the latest version.

Tenable Nessus is good. It's the best vulnerability solution in the industry. Most organizations are using it.

In terms of what could be improved, I would say that the reporting feature needs to be improved.

Additionally, although it has the features, the enterprise edition is very limited. They need to add multiple reporting features in the enterprise edition.

I have been using Tenable Nessus for the last two years.

It is a stable product.

Tenable Nessus is a vulnerability product. We have two to three users who are running it, but in terms of the end devices, because it's intended for vulnerabilities scanning and you have to scan your end devices, we have around hundred devices who are scanning with it.

It is a scalable solution.

We contacted support for some scenarios, like upgrades, new security patches, and for some customized reports.

We were satisfied with the speed of the answers. It is good support.

The initial setup is very easy.

Anyone can deploy it, even the managers, the technical teams, the engineers.

I think it took five minutes.

We installed with the help of a consultant. You can do it one time and then you will learn it very easily.

We have an annual subscription.

We also evaluated the Rapid7 Nexpose product, but it has a limitation that it supports 128 users then you have to buy another 128, but with  the Tenable Nessus enterprise edition, you have unlimited licenses to scan the device.

I would recommend Tenable Nessus.

On a scale of one to ten, I would rate it an eight.

We usually use the solution for infrastructure level and web application scanning, although mostly for the former. This is what we are doing at present. We were using the web application portion of Tenable Nessus for several months before switching to Veracode. 

A valuable feature of the solution is that it is easy to understand. When it comes to running a scan, the scanning mechanism is also easy, and it is quite fast compared to Veracode and Qualys.

The solution should have a more in-depth level of scanning, with features to meet the developers. Other points that should be addressed involve the understanding of issues by the users and the need for improvising the reporting structure. The reports should also be more attractive and user-friendly.

This is how Tenable Nessus occasionally works when drawing up something on the field.

Additional features I wish to see addressed in the next release include customer support and ease of  understanding of vulnerabilities and how they can be fixed.

In contrast to Tenable Nessus, we have found Veracode to be more user-friendly, with a greater in-depth understanding of the details and how things can be fixed. Other points in its favor include study cases, customer support, training and e-learning. 

The solution is sort of down the mid range, so we are more happy with Veracode.

We have made use of Tenable Nessus over the past 12 months, and started doing so a couple of months before we got Veracode.

The solution is reliable and has good stability. 

We have been in the web, so we have not tried to expand the solution.

We feel the solution's technical support to be very bad.

While we do receive a response upon creating a ticket, it is not like that of Qualys or Veracode. That extensive support is not there.

The initial setup was straightforward.

We deployed under the release plan of 8.11.

We incurred a single cost for a perpetual license, although I cannot comment on the price as this is above my management level.

There are at least ten people in our organization making use of the solution. 

Tenable Nessus is an appropriate solution for a small scale company, one with budgeting constraints and no complexities within the organization. It not that user-friendly.

I would rate Tenable Nessus as a seven out of ten. 

Tenable Nessus is used to perform process and network assessments and sometimes for reviews.

The most valuable features of Tenable Nessus are the scanning option. Advanced scanning is highly useful. The offline config audits and application assessments are useful.

The price and scalability of the solution could improve.

I have been using the solution for six years and seven months.

I rate the stability of Tenable Nessus a ten out of ten.

The scalability of Tenable Nessus has been scalable. I am able to scan a large number of IPs.

We have all our three security staff using the solution.

I have not contacted the support.

The initial setup of Tenable Nessus is easy. The deployment took approximately 4 hours for the policies and the setup was not long.

I rate the initial setup of Tenable Nessus a nine out of ten.

The price of the solution is reasonable.

I would recommend others use this solution.

I rate Tenable Nessus a nine out of ten.

My company uses Tenable as a vulnerability assessment.

We use it for scanning, for the discovery of vulnerabilities in the components or the software, or on the IT infrastructure of our client.

The solution can conduct a full vulnerability assessment and also suggest mitigation of vulnerabilities and has a lot of other features. 

It creates a classification of the vulnerability and the likelihood and the impact on other features.

The solution is easy to deploy and simple to use.

It's scalable. 

The solution is stable. 

It would be a good idea if they have a simulation of attacks or a use case for finding a new vulnerability or dealing with a zero-day attack.

Right now, it works based on dealing with a vulnerability that is already detected and reported, and it would be great if they have a combination of a vulnerability that existed and another use case to have a more proactive approach to potential new issues. Therefore, doing a simulation of attacks to find a new or zero-day issue or vulnerability would be helpful.

I've been using the solution for more than two years. 

The solution is very stable and reliable. I'd rate it four or five out of five. The performance is good. There are no bugs or glitches, and it doesn't crash or freeze. 

It is very scalable. I'd rate it a four or five out of five in terms of the ease of expansion. 

We would use Nessus to conduct a vulnerability assessment. How many people use the solution depends on the client. Maybe five or six people from the engineering side use it in general.

We have a new client coming on, and we will require more users on the product to conduct vulnerability assessments, so we do have plans to increase usage.

I've never had any interaction with customer support. The solution works very well, and we haven't needed help.

The initial setup is very straightforward. It's not overly difficult, or complex.

I cannot recall how long the deployment process took. 

Our technical team handled the deployment. 

Another department handles the licensing. I can't speak to the exact costs. I do know that we pay a yearly licensing fee. 

We would like to discover other solutions and do a comparison to see the better solution for our clients. We've, for example, tried to look into Cyber XM.

We are just end-users and customers. 

I'm not sure which version of the solution we're using. 

I'd rate the solution eight out of ten.

We use Tenable Nessus for vulnerability assessments.

I have found the vulnerability assessment and the reports to be useful.

The solution could improve by having better integration with different vendors' IPS solutions. The ACLs and IPS policies signatures should be enabled based on the results of Tenable Nessus automatically, we currently have to do it manually which is very time-consuming. It has done a good job integrating with Fortinet but we would like it to be better integrated with other solutions that we have. Additionally, After Tenable Nessus was able to recognize the vulnerability it would be great to have it virtually batch the systems if you are not able to update the different systems.

I have been using Tenable Nessus within the last 12 months.

While doing the scans we have not had any issues, the solution is stable.

Tenable Nessus is scalable.

The technical support was responsive and helpful. We were trying different integrations and needed some assistance.

We used Qualys previously. 

The initial setup is very easy and straightforward. The VM can be done very quickly and the whole process takes approximately 30 minutes. The installation is quicker than others solutions, such as Qualys.

The price of the solution is reasonable.

I rate Tenable Nessus an eight out of ten.

I use it for performing vulnerability scans for both my environment and for clients. I provide fractional CISO consulting services. As such, I will perform a vulnerability scan on an environment before I say "yes."

Everybody has to have a vulnerability scan. You should do them periodically which, to me, is monthly. It's just good practice to perform that scan monthly and whenever there's a major change, to make sure that you don't have any open environment. 

I monitor web servers, database servers, app servers, desktops; everything you'd find on a network, besides switches and routers. I don't have that, but I monitor any Windows- and Linux-based nodes.

I went to a client's site and I ran the report. They had a number of fives, fours, and threes. With that information, we were able to remediate the fives, fours, and threes down to a couple of threes.

It also helps to prioritize based on risk. If it provides a notification that you have an older operating system out there, for example, obviously you would have that as a higher risk and wish to remediate that above any and all other risks. It details what that the risk is and what you should do about it.

The solution helps to limit cyber exposure. By running it on a monthly basis, you tighten the window of opportunity for any nefarious individual to get into your environment. Industry standards say that you have to do it quarterly or yearly and I do it monthly, so I think I'm in a better position to secure the environment.

The solution reduces the number of critical and high vulnerabilities which need to be patched first. In terms of a percentage reduction, it's more of a detective control, along with the preventative control. I can't give you a percentage. It reduces the risks by providing the information that you can react to, quicker than finding out that you've been breached.

Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully. 

It also has an executive report where you don't have to provide the client all the detail for them to sift though. But if they wish to dig through the detail they can.

The predictive prioritization features are spot-on. I enjoy how it actually gives me a prioritization that I can address and it associates it with a known vulnerability. I like that.

One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that. Or, if they change the product itself for you to add comments of remediation efforts and allow you to sort on that and report on it, that would be helpful. Most of us would rather not have that information out in the cloud. We'd rather have it in-house. It would be better if you could provide it in an Excel spreadsheet for us to work with.

I've been using it for four years.

It's very stable. It hasn't aggravated my environment, so I'm happy with that. It's up and running. It runs all the time.

Scaling is easy because it goes out and examines the network and identifies all the nodes that are out there. You don't have to worry about scalability, per se. It's just another node that it adds to the list, so it's easy.

It's being used for under 500 nodes. I would like to increase it if possible, but I have no plans to do so.

Before Nessus, I used Qualys. I switched because the reporting in Nessus is better. The reporting in Nessus is more executive-friendly. When giving information to clients, I don't need to repackage it. It is fine the way it is.

The level of visibility Nessus provides, compared to a solution like Qualys, from an executive standpoint, is better. From a technical standpoint, it does not provide you that documentation capability that I would like. Having said that, from my standpoint, for my client base, the executive reporting is better.

The initial setup was straightforward. It was easy-peasy. I just said, "Run," and it set it up. After that, it was a matter of putting in my company's information and setting up a scan. It wasn't hard at all. It was very intuitive, very easy.

It took about half-an-hour.

All I had to do was download the software, install it, and run it. That was it.

If you're going to employ this product, it's the better one for smaller to medium businesses because of the executive documentation. I would not try to sell it as a technical tool for a technical group. As a consultant it would be best for you to run it and manage it for clients. With that, you're a one-stop shop for them. I would remind clients that most auditing requirements state that you need a third-party individual to do an assessment of your environment. As a consultant you would do that for them. Keep it in-house. I wouldn't sell it.

The priority rating is an industry-standard rating, so it's not like it pulls it out of a hat. It's a known rating, so that's good.

The solution is used to check vulnerabilities.

The product has good features. It gives us a view of the vulnerabilities like open ports and different issues with software. It is a mature tool.

The product must be more comprehensive. It must catch all the issues.

I have been using the solution for a few years.

I rate the tool’s stability a nine out of ten. The stability could be improved.

The tool is scalable. We have three users. We need a team to maintain the product.

The deployment can be done in-house.

I recommend the solution to others. I rate the solution a nine out of ten.