Tenable Nessus Reviews

As new upgrades to the software come out periodically, I am currently using the latest version. 

I feel comfortable with the solution's vulnerability scanning capabilities.

While the solution is great for scanning servers, its features are limited when it comes to scanning network devices for vulnerabilities. 

I have been using Tenable Nessus since 2015. 

I can say that I am satisfied with Tenable Nessus' support and customer relations, which is why I'm still with the solution.

Technical support is very user-friendly. Upon entering their forum I can easily find the answers I seek, which I feel to be understandable and helpful. I have not any issues with the software that would have given me reason to engage technical support. 

I did not use an alternate solution prior to Tenable Nessus and have been using it since the inception of my career in information security. 

The installation of the solution was extremely easy. 

There was no need for me to involve my system administrator in the installation process, as I was able to handle it on my own. It is easy to install the solution on any server. 

The price is reasonable. 

I am actually using the solution in three or four different organizations, including Engro and Martin Dow. 

There are two or three people using the solution in my organization on an ongoing basis in key dedicated positions. 

As Tenable Nessus lacks adequate network vulnerability scanning features, I rate it as a seven out of ten. 

I have been using Tenable Nessus for my personal use. It works well.

I am using this solution for testing.

The most valuable features are that it's fast, it's easy to use, and it provides good reports.

The only thing that I don't like is KBs information. For example, if we scan our workstation and you go to the results report that Nessus provides, we are going to see a lot of KBs as remediation. But in most cases, the KBs are always superseded.

Also, we are not able to apply those because Microsoft has already released a new TB. 

Nessus is not doing a good job in updating its remediation section of the reports.

Remediation needs improvement. They are providing a lot of superseded KBs as remediation.

For example, when you share that with several team members or with one individual, and you ask them to work on this, they reply with Microsoft already has something new.

I have been using Tenable Nessus for approximately two years.

This solution is stable. I have not experienced any issues. It worked fine.

It's a scalable solution. I have not had any problems.

I am the only person using this solution.

Technical support is good. They provided information that is needed.

Previously, I was not using another solution. I use Nessus through a course that I was taking in the security field.

The initial setup was straightforward.

We did not use a vendor or vendor team to implement this solution.

I have evaluated one other solution, but because of my company policies. I can't share that information.

Tenable has Tenable.io, and I believe that they have the remediation updated, but Tenable Nessus Professional does not. I don't think that they will continue to keep it available in the market. They should probably decommission it.

Remediation is better in other tools than with Nessus.

For anyone who is interested in this solution, they should test the scan timing to see if it consumes a lot of time or not.

Research the remediation information to see if it is okay, or trust proof or not.

The reporting works well and it allows you to share. Also, support is important.

I would rate Tenable Nesuss an eight out of ten.

We primarily use the solution for vulnerability management. We also use it during our IP scans.

The VPR scores are the solution's most valuable aspects.

The plug-in text information is quite useful.

The solution can scale well.

We've found the solution to be quite stable.

It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear.

We find that the solution causes several issues due to the fact that it runs even before it calculates, the asset in prevention. 

I can't think of any features that are lacking.

I've been using the solution for one to two years at this point.

It's stable. I don't have any major complaints. It doesn't have bugs. It isn't affected by glitches. It doesn't crash or freeze on us. It's reliable.

We have about 100 direct users who are logging onto the solution on a daily basis.

We don't plan on increasing usage at this time.

We have been able to scale it in the past, however, and a company that needs to expand it should not face too many issues doing so.

We've worked with technical support in the past, and we've found them to be quite efficient. They are knowledgable and responsive.

We previously used McAfee and switched over completely at the end of May.

We had some help with the initial setup. We were able to use our vendor's expertise and have them walk us through any issues we had.

However, we completely handle the maintenance now that is it up and running. We have admins who deal with any upkeep.

The vendor assisted us in the initial implementation.

I don't have any information when it comes to the cost of the solution. It's not part of my job to deal with billing or payments, so I don't have any visibility on the cost structure.

We are simply customers. We don't have a business relationship with Tenable.

We're using the latest version of the solution.

I would definitely recommend this solution. It's the best that I've used so far.

On a scale from one to ten, I'd rate it at an eight overall.

I use it for performing vulnerability scans for both my environment and for clients. I provide fractional CISO consulting services. As such, I will perform a vulnerability scan on an environment before I say "yes."

Everybody has to have a vulnerability scan. You should do them periodically which, to me, is monthly. It's just good practice to perform that scan monthly and whenever there's a major change, to make sure that you don't have any open environment. 

I monitor web servers, database servers, app servers, desktops; everything you'd find on a network, besides switches and routers. I don't have that, but I monitor any Windows- and Linux-based nodes.

I went to a client's site and I ran the report. They had a number of fives, fours, and threes. With that information, we were able to remediate the fives, fours, and threes down to a couple of threes.

It also helps to prioritize based on risk. If it provides a notification that you have an older operating system out there, for example, obviously you would have that as a higher risk and wish to remediate that above any and all other risks. It details what that the risk is and what you should do about it.

The solution helps to limit cyber exposure. By running it on a monthly basis, you tighten the window of opportunity for any nefarious individual to get into your environment. Industry standards say that you have to do it quarterly or yearly and I do it monthly, so I think I'm in a better position to secure the environment.

The solution reduces the number of critical and high vulnerabilities which need to be patched first. In terms of a percentage reduction, it's more of a detective control, along with the preventative control. I can't give you a percentage. It reduces the risks by providing the information that you can react to, quicker than finding out that you've been breached.

Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully. 

It also has an executive report where you don't have to provide the client all the detail for them to sift though. But if they wish to dig through the detail they can.

The predictive prioritization features are spot-on. I enjoy how it actually gives me a prioritization that I can address and it associates it with a known vulnerability. I like that.

One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that. Or, if they change the product itself for you to add comments of remediation efforts and allow you to sort on that and report on it, that would be helpful. Most of us would rather not have that information out in the cloud. We'd rather have it in-house. It would be better if you could provide it in an Excel spreadsheet for us to work with.

I've been using it for four years.

It's very stable. It hasn't aggravated my environment, so I'm happy with that. It's up and running. It runs all the time.

Scaling is easy because it goes out and examines the network and identifies all the nodes that are out there. You don't have to worry about scalability, per se. It's just another node that it adds to the list, so it's easy.

It's being used for under 500 nodes. I would like to increase it if possible, but I have no plans to do so.

Before Nessus, I used Qualys. I switched because the reporting in Nessus is better. The reporting in Nessus is more executive-friendly. When giving information to clients, I don't need to repackage it. It is fine the way it is.

The level of visibility Nessus provides, compared to a solution like Qualys, from an executive standpoint, is better. From a technical standpoint, it does not provide you that documentation capability that I would like. Having said that, from my standpoint, for my client base, the executive reporting is better.

The initial setup was straightforward. It was easy-peasy. I just said, "Run," and it set it up. After that, it was a matter of putting in my company's information and setting up a scan. It wasn't hard at all. It was very intuitive, very easy.

It took about half-an-hour.

All I had to do was download the software, install it, and run it. That was it.

If you're going to employ this product, it's the better one for smaller to medium businesses because of the executive documentation. I would not try to sell it as a technical tool for a technical group. As a consultant it would be best for you to run it and manage it for clients. With that, you're a one-stop shop for them. I would remind clients that most auditing requirements state that you need a third-party individual to do an assessment of your environment. As a consultant you would do that for them. Keep it in-house. I wouldn't sell it.

The priority rating is an industry-standard rating, so it's not like it pulls it out of a hat. It's a known rating, so that's good.

Tenable Nessus is used to perform process and network assessments and sometimes for reviews.

The most valuable features of Tenable Nessus are the scanning option. Advanced scanning is highly useful. The offline config audits and application assessments are useful.

The price and scalability of the solution could improve.

I have been using the solution for six years and seven months.

I rate the stability of Tenable Nessus a ten out of ten.

The scalability of Tenable Nessus has been scalable. I am able to scan a large number of IPs.

We have all our three security staff using the solution.

I have not contacted the support.

The initial setup of Tenable Nessus is easy. The deployment took approximately 4 hours for the policies and the setup was not long.

I rate the initial setup of Tenable Nessus a nine out of ten.

The price of the solution is reasonable.

I would recommend others use this solution.

I rate Tenable Nessus a nine out of ten.

I am using Tenable Nessus to know where the vulnerabilities are on my website.

The most valuable feature of Tenable Nessus is the dashboard. They are convenient to use.

Tenable Nessus could improve the price.

I have been using Tenable Nessus for approximately two months.

The stability of Tenable Nessus is good.

We have approximately three people using this solution in my organization. The users are managers and engineers. 

The support from Tenable Nessus is okay. However, they are sometimes slow and can take days to respond. Additionally, I would like to be able to ask them more technical questions than I am able to.

The initial setup of Tenable Nessus is simple. It took us approximately one hour to do the process.

We did the initial setup of the solution in-house.

The price of Tenable Nessus could improve, it is expensive.

I rate Tenable Nessus an eight out of ten.

We are using Tenable Nessus real-time monitoring.

The most valuable feature of Tenable Nessus is real-time monitoring.

Tenable Nessus could improve by having more steady updates which will reduce the vulnerabilities.

I have been using Tenable Nessus for approximately 10 years.

Tenable Nessus is a stable solution, we are fairly satisfied.

I rate the scalability of Tenable Nessus an eight out of ten.

Most of the people using this solution at this time are managers.

The technical support has been very useful. They are helpful.

I rate the technical support from Tenable Nessus a four out of five.

The initial setup has been straightforward. However, we are trying to roll out our agents and find all of our devices which we have experienced some challenges. The whole process has taken us approximately three months.

We are doing the implementation in-house.

I would advise others that if this solution fits your use case then I would try it out. Different environments require different solutions.

I rate Tenable Nessus an eight out of ten.

Nessus was used to scan vulnerabilities and compliances in our clients' networks and with this, carry out the remediation process through constant cycles in time until threats to the network are considerably reduced. The environments are small business networks (less than 50 employees), and so far there have been no major impediments in the scans performed.

Nessus has greatly improved the security of our clients' networks. The comfortable management of their systems makes it easier for engineers to use the codes for each vulnerability or compliance. Deploying the server to launch the scans is very easy, and only the necessary prerequisites for scanning should be fulfilled. Nessus has been very valuable to the company.

The comprehensive coverage offered by Nessus has been the most remarkable; it really does everything that has been asked of the software.

It's great, the possibility of automating implementations and really your database is immense for all the compliances and vulnerabilities.

Tenable University is great and allows to train all the personnel in charge of making the scans in an optimal and effective way.

• I think that the next versions could improve the graphical interface to make more intuitive the management of the reports. 
• Additionally, it could include better features in the vulnerability scan at the language level.

Nessus is very stable and really works in diverse environments without any difficulty. The most important thing is to establish the necessary requirements.

Scalability of this type of software does not seem so relevant.

The Tenable support is very good and has really solved in a timely manner the problems that have occurred in the various projects.

In the company, Qualys was used, and it was not possible to manage the projects with this tool.

Quite simple and comfortable.

Internal team.

Phenomenal.

The costs are not high, considering all the support and service offered by Tenable.

Scans using agents are very useful, and taking advantage of them is the best way to take advantage of the tool.