As new upgrades to the software come out periodically, I am currently using the latest version.
Assistant Manager of Information Security at a pharma/biotech company with 1,001-5,000 employees
Great scanning capabilities for servers, but limited when it comes to networks
Pros and Cons
- "The solution is great for scanning servers."
- "The features are limited when it comes to scanning network devices for vulnerabilities."
What is our primary use case?
What is most valuable?
I feel comfortable with the solution's vulnerability scanning capabilities.
What needs improvement?
While the solution is great for scanning servers, its features are limited when it comes to scanning network devices for vulnerabilities.
For how long have I used the solution?
I have been using Tenable Nessus since 2015.
Buyer's Guide
Tenable Nessus
November 2024
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
How are customer service and support?
I can say that I am satisfied with Tenable Nessus' support and customer relations, which is why I'm still with the solution.
Technical support is very user-friendly. Upon entering their forum I can easily find the answers I seek, which I feel to be understandable and helpful. I have not any issues with the software that would have given me reason to engage technical support.
Which solution did I use previously and why did I switch?
I did not use an alternate solution prior to Tenable Nessus and have been using it since the inception of my career in information security.
How was the initial setup?
The installation of the solution was extremely easy.
What about the implementation team?
There was no need for me to involve my system administrator in the installation process, as I was able to handle it on my own. It is easy to install the solution on any server.
What's my experience with pricing, setup cost, and licensing?
The price is reasonable.
What other advice do I have?
I am actually using the solution in three or four different organizations, including Engro and Martin Dow.
There are two or three people using the solution in my organization on an ongoing basis in key dedicated positions.
As Tenable Nessus lacks adequate network vulnerability scanning features, I rate it as a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager Information Security at NCCPL
Anyone can deploy it, even the managers, the technical teams, and the engineers
Pros and Cons
- "With the Tenable Nessus enterprise edition, you have unlimited licenses to scan the device."
- "The reporting feature needs to be improved."
What is our primary use case?
We are using it to find out the vulnerabilities in our critical servers and to patch them.
We are using the latest version.
What is most valuable?
Tenable Nessus is good. It's the best vulnerability solution in the industry. Most organizations are using it.
What needs improvement?
In terms of what could be improved, I would say that the reporting feature needs to be improved.
Additionally, although it has the features, the enterprise edition is very limited. They need to add multiple reporting features in the enterprise edition.
For how long have I used the solution?
I have been using Tenable Nessus for the last two years.
What do I think about the stability of the solution?
It is a stable product.
What do I think about the scalability of the solution?
Tenable Nessus is a vulnerability product. We have two to three users who are running it, but in terms of the end devices, because it's intended for vulnerabilities scanning and you have to scan your end devices, we have around hundred devices who are scanning with it.
It is a scalable solution.
How are customer service and support?
We contacted support for some scenarios, like upgrades, new security patches, and for some customized reports.
We were satisfied with the speed of the answers. It is good support.
How was the initial setup?
The initial setup is very easy.
Anyone can deploy it, even the managers, the technical teams, the engineers.
I think it took five minutes.
What about the implementation team?
We installed with the help of a consultant. You can do it one time and then you will learn it very easily.
What's my experience with pricing, setup cost, and licensing?
We have an annual subscription.
Which other solutions did I evaluate?
We also evaluated the Rapid7 Nexpose product, but it has a limitation that it supports 128 users then you have to buy another 128, but with the Tenable Nessus enterprise edition, you have unlimited licenses to scan the device.
What other advice do I have?
I would recommend Tenable Nessus.
On a scale of one to ten, I would rate it an eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Tenable Nessus
November 2024
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
IT Security Operations Analyst at a manufacturing company with 10,001+ employees
Fast and easy to use, with good reporting and good support
Pros and Cons
- "The most valuable features are that it's fast, it's easy to use and it provides good reports."
- "Remediation needs improvement."
What is our primary use case?
I have been using Tenable Nessus for my personal use. It works well.
I am using this solution for testing.
What is most valuable?
The most valuable features are that it's fast, it's easy to use, and it provides good reports.
What needs improvement?
The only thing that I don't like is KBs information. For example, if we scan our workstation and you go to the results report that Nessus provides, we are going to see a lot of KBs as remediation. But in most cases, the KBs are always superseded.
Also, we are not able to apply those because Microsoft has already released a new TB.
Nessus is not doing a good job in updating its remediation section of the reports.
Remediation needs improvement. They are providing a lot of superseded KBs as remediation.
For example, when you share that with several team members or with one individual, and you ask them to work on this, they reply with Microsoft already has something new.
For how long have I used the solution?
I have been using Tenable Nessus for approximately two years.
What do I think about the stability of the solution?
This solution is stable. I have not experienced any issues. It worked fine.
What do I think about the scalability of the solution?
It's a scalable solution. I have not had any problems.
I am the only person using this solution.
How are customer service and technical support?
Technical support is good. They provided information that is needed.
Which solution did I use previously and why did I switch?
Previously, I was not using another solution. I use Nessus through a course that I was taking in the security field.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
We did not use a vendor or vendor team to implement this solution.
Which other solutions did I evaluate?
I have evaluated one other solution, but because of my company policies. I can't share that information.
Tenable has Tenable.io, and I believe that they have the remediation updated, but Tenable Nessus Professional does not. I don't think that they will continue to keep it available in the market. They should probably decommission it.
Remediation is better in other tools than with Nessus.
What other advice do I have?
For anyone who is interested in this solution, they should test the scan timing to see if it consumes a lot of time or not.
Research the remediation information to see if it is okay, or trust proof or not.
The reporting works well and it allows you to share. Also, support is important.
I would rate Tenable Nesuss an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Vulnerability Management Analyst at a financial services firm with 10,001+ employees
Scalable with good VPR scores and great plug-in text information
Pros and Cons
- "The plug-in text information is quite useful."
- "It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear."
What is our primary use case?
We primarily use the solution for vulnerability management. We also use it during our IP scans.
What is most valuable?
The VPR scores are the solution's most valuable aspects.
The plug-in text information is quite useful.
The solution can scale well.
We've found the solution to be quite stable.
What needs improvement?
It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear.
We find that the solution causes several issues due to the fact that it runs even before it calculates, the asset in prevention.
I can't think of any features that are lacking.
For how long have I used the solution?
I've been using the solution for one to two years at this point.
What do I think about the stability of the solution?
It's stable. I don't have any major complaints. It doesn't have bugs. It isn't affected by glitches. It doesn't crash or freeze on us. It's reliable.
What do I think about the scalability of the solution?
We have about 100 direct users who are logging onto the solution on a daily basis.
We don't plan on increasing usage at this time.
We have been able to scale it in the past, however, and a company that needs to expand it should not face too many issues doing so.
How are customer service and technical support?
We've worked with technical support in the past, and we've found them to be quite efficient. They are knowledgable and responsive.
Which solution did I use previously and why did I switch?
We previously used McAfee and switched over completely at the end of May.
How was the initial setup?
We had some help with the initial setup. We were able to use our vendor's expertise and have them walk us through any issues we had.
However, we completely handle the maintenance now that is it up and running. We have admins who deal with any upkeep.
What about the implementation team?
The vendor assisted us in the initial implementation.
What's my experience with pricing, setup cost, and licensing?
I don't have any information when it comes to the cost of the solution. It's not part of my job to deal with billing or payments, so I don't have any visibility on the cost structure.
What other advice do I have?
We are simply customers. We don't have a business relationship with Tenable.
We're using the latest version of the solution.
I would definitely recommend this solution. It's the best that I've used so far.
On a scale from one to ten, I'd rate it at an eight overall.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
President and Sr CISO Consultant at Micro Strategies
Provides me with executive-friendly reporting for my clients
Pros and Cons
- "Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully."
- "It also has an executive report where you don't have to provide the client all the detail for them to sift though. But if they wish to dig through the detail they can."
- "One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that."
What is our primary use case?
I use it for performing vulnerability scans for both my environment and for clients. I provide fractional CISO consulting services. As such, I will perform a vulnerability scan on an environment before I say "yes."
Everybody has to have a vulnerability scan. You should do them periodically which, to me, is monthly. It's just good practice to perform that scan monthly and whenever there's a major change, to make sure that you don't have any open environment.
I monitor web servers, database servers, app servers, desktops; everything you'd find on a network, besides switches and routers. I don't have that, but I monitor any Windows- and Linux-based nodes.
How has it helped my organization?
I went to a client's site and I ran the report. They had a number of fives, fours, and threes. With that information, we were able to remediate the fives, fours, and threes down to a couple of threes.
It also helps to prioritize based on risk. If it provides a notification that you have an older operating system out there, for example, obviously you would have that as a higher risk and wish to remediate that above any and all other risks. It details what that the risk is and what you should do about it.
The solution helps to limit cyber exposure. By running it on a monthly basis, you tighten the window of opportunity for any nefarious individual to get into your environment. Industry standards say that you have to do it quarterly or yearly and I do it monthly, so I think I'm in a better position to secure the environment.
The solution reduces the number of critical and high vulnerabilities which need to be patched first. In terms of a percentage reduction, it's more of a detective control, along with the preventative control. I can't give you a percentage. It reduces the risks by providing the information that you can react to, quicker than finding out that you've been breached.
What is most valuable?
Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully.
It also has an executive report where you don't have to provide the client all the detail for them to sift though. But if they wish to dig through the detail they can.
The predictive prioritization features are spot-on. I enjoy how it actually gives me a prioritization that I can address and it associates it with a known vulnerability. I like that.
What needs improvement?
One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that. Or, if they change the product itself for you to add comments of remediation efforts and allow you to sort on that and report on it, that would be helpful. Most of us would rather not have that information out in the cloud. We'd rather have it in-house. It would be better if you could provide it in an Excel spreadsheet for us to work with.
For how long have I used the solution?
I've been using it for four years.
What do I think about the stability of the solution?
It's very stable. It hasn't aggravated my environment, so I'm happy with that. It's up and running. It runs all the time.
What do I think about the scalability of the solution?
Scaling is easy because it goes out and examines the network and identifies all the nodes that are out there. You don't have to worry about scalability, per se. It's just another node that it adds to the list, so it's easy.
It's being used for under 500 nodes. I would like to increase it if possible, but I have no plans to do so.
Which solution did I use previously and why did I switch?
Before Nessus, I used Qualys. I switched because the reporting in Nessus is better. The reporting in Nessus is more executive-friendly. When giving information to clients, I don't need to repackage it. It is fine the way it is.
The level of visibility Nessus provides, compared to a solution like Qualys, from an executive standpoint, is better. From a technical standpoint, it does not provide you that documentation capability that I would like. Having said that, from my standpoint, for my client base, the executive reporting is better.
How was the initial setup?
The initial setup was straightforward. It was easy-peasy. I just said, "Run," and it set it up. After that, it was a matter of putting in my company's information and setting up a scan. It wasn't hard at all. It was very intuitive, very easy.
It took about half-an-hour.
All I had to do was download the software, install it, and run it. That was it.
What other advice do I have?
If you're going to employ this product, it's the better one for smaller to medium businesses because of the executive documentation. I would not try to sell it as a technical tool for a technical group. As a consultant it would be best for you to run it and manage it for clients. With that, you're a one-stop shop for them. I would remind clients that most auditing requirements state that you need a third-party individual to do an assessment of your environment. As a consultant you would do that for them. Keep it in-house. I wouldn't sell it.
The priority rating is an industry-standard rating, so it's not like it pulls it out of a hat. It's a known rating, so that's good.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Manager (Information Security) at Girnarsoft Private Limited
High availability, useful scanning and assessments
Pros and Cons
- "The most valuable features of Tenable Nessus are the scanning option. Advanced scanning is highly useful. The offline config audits and application assessments are useful."
- "The price and scalability of the solution could improve."
What is our primary use case?
Tenable Nessus is used to perform process and network assessments and sometimes for reviews.
What is most valuable?
The most valuable features of Tenable Nessus are the scanning option. Advanced scanning is highly useful. The offline config audits and application assessments are useful.
What needs improvement?
The price and scalability of the solution could improve.
For how long have I used the solution?
I have been using the solution for six years and seven months.
What do I think about the stability of the solution?
I rate the stability of Tenable Nessus a ten out of ten.
What do I think about the scalability of the solution?
The scalability of Tenable Nessus has been scalable. I am able to scan a large number of IPs.
We have all our three security staff using the solution.
How are customer service and support?
I have not contacted the support.
How was the initial setup?
The initial setup of Tenable Nessus is easy. The deployment took approximately 4 hours for the policies and the setup was not long.
I rate the initial setup of Tenable Nessus a nine out of ten.
What's my experience with pricing, setup cost, and licensing?
The price of the solution is reasonable.
What other advice do I have?
I would recommend others use this solution.
I rate Tenable Nessus a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at a educational organization with 1,001-5,000 employees
Stable, simple and quick setup
Pros and Cons
- "The most valuable feature of Tenable Nessus is the dashboard. They are convenient to use."
- "Tenable Nessus could improve the price."
What is our primary use case?
I am using Tenable Nessus to know where the vulnerabilities are on my website.
What is most valuable?
The most valuable feature of Tenable Nessus is the dashboard. They are convenient to use.
What needs improvement?
Tenable Nessus could improve the price.
For how long have I used the solution?
I have been using Tenable Nessus for approximately two months.
What do I think about the stability of the solution?
The stability of Tenable Nessus is good.
What do I think about the scalability of the solution?
We have approximately three people using this solution in my organization. The users are managers and engineers.
How are customer service and support?
The support from Tenable Nessus is okay. However, they are sometimes slow and can take days to respond. Additionally, I would like to be able to ask them more technical questions than I am able to.
How was the initial setup?
The initial setup of Tenable Nessus is simple. It took us approximately one hour to do the process.
What about the implementation team?
We did the initial setup of the solution in-house.
What's my experience with pricing, setup cost, and licensing?
The price of Tenable Nessus could improve, it is expensive.
What other advice do I have?
I rate Tenable Nessus an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at a media company with 10,001+ employees
Helpful support, reliable, and effective real-time monitoring
Pros and Cons
- "The most valuable feature of Tenable Nessus is real-time monitoring."
- "Tenable Nessus could improve by having more steady updates which will reduce the vulnerabilities."
What is our primary use case?
We are using Tenable Nessus real-time monitoring.
What is most valuable?
The most valuable feature of Tenable Nessus is real-time monitoring.
What needs improvement?
Tenable Nessus could improve by having more steady updates which will reduce the vulnerabilities.
For how long have I used the solution?
I have been using Tenable Nessus for approximately 10 years.
What do I think about the stability of the solution?
Tenable Nessus is a stable solution, we are fairly satisfied.
What do I think about the scalability of the solution?
I rate the scalability of Tenable Nessus an eight out of ten.
Most of the people using this solution at this time are managers.
How are customer service and support?
The technical support has been very useful. They are helpful.
I rate the technical support from Tenable Nessus a four out of five.
How was the initial setup?
The initial setup has been straightforward. However, we are trying to roll out our agents and find all of our devices which we have experienced some challenges. The whole process has taken us approximately three months.
What about the implementation team?
We are doing the implementation in-house.
What other advice do I have?
I would advise others that if this solution fits your use case then I would try it out. Different environments require different solutions.
I rate Tenable Nessus an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Tenable Nessus Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Vulnerability ManagementPopular Comparisons
Microsoft Defender for Cloud
Qualys VMDR
Tenable Security Center
Tanium
Tenable Vulnerability Management
Orca Security
Pentera
Acunetix
JFrog Xray
Claroty Platform
Lacework FortiCNAPP
Skybox Security Suite
Microsoft Defender Vulnerability Management
Rapid7 Metasploit
Buyer's Guide
Download our free Tenable Nessus Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Qualys VM vs Tenable Nessus: Comparison
- How would you choose between Rapid7 InsightVM and Tenable Nessus?
- What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
- How does Tenable Nessus compare with Qualys VM?
- What are the main differences between Qualys VMDR and Tenable Nessus?
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?