I use Tenable Nessus to evaluate the security posture of multiples acquisitions before integrating them to our network.
IT Manager at Medmen
Provides multiple recommendations towards the remedy of vulnerabilities
Pros and Cons
- "It provides multiple recommendations towards the remedy of vulnerabilities."
- "It allows me to prioritize efforts and utilize effective technical resources."
- "They should improve the I/O reporting and the customized spreadsheet export feature."
- "Multiple steps to create an actionable plan will be a great addition to Nessus."
What is our primary use case?
How has it helped my organization?
Tenable Nessus has helped us visualize the security posture of acquisitions. It provides actionable recommendations to the implementation team towards security remedies.
What is most valuable?
I have found the remedy recommendation feature helpful, as it:
- Provides multiple recommendations towards the remedy of vulnerabilities.
- Allows me to prioritize efforts and utilize effective technical resources.
What needs improvement?
- They should improve the I/O reporting and the customized spreadsheet export feature.
- Multiple steps to create an actionable plan will be a great addition to Nessus.
Buyer's Guide
Tenable Nessus
October 2024
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
For how long have I used the solution?
One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
A cost-effective and user-friendly vulnerability scanning solution, but it lacks application-level support for mobile devices
Pros and Cons
- "I like the fact that it was not expensive. I like that it's user-friendly."
- "It would be better if they had application-level support for mobile devices. They don't have anything to scan mobile devices. Tenable Nessus doesn't have a mobile application vulnerability assessment. I also have issues with the false positive rates. The product has limited features."
What is our primary use case?
I evaluated, set up, and implemented Tenable Nessus for a client. They had four firewalls, about 500 endpoints, two servers, and one database server.
What is most valuable?
I like the fact that it was not expensive. I like that it's user-friendly.
What needs improvement?
It would be better if they had application-level support for mobile devices. They don't have anything to scan mobile devices. Tenable Nessus doesn't have a mobile application vulnerability assessment. I also have issues with the false positive rates. The product has limited features.
For how long have I used the solution?
I have been using Tenable Nessus for about six months.
What do I think about the stability of the solution?
On a scale from one to ten, I would give stability a seven.
How was the initial setup?
The initial setup is straightforward. We can deploy this solution within a week.
On a scale from one to ten, I would give the initial setup a seven.
What about the implementation team?
We implemented this solution.
What's my experience with pricing, setup cost, and licensing?
Tenable Nessus is affordable.
On a scale from one to ten, I would give pricing a ten.
What other advice do I have?
I would tell potential users that Tenable Nessus is suitable for device security.
On a scale from one to ten, I would give Tenable Nessus a seven.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Tenable Nessus
October 2024
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Independ consultant
Highly scalable and reliable
Pros and Cons
- "The stability is very good."
- "The reports should be improved in Tenable Nessus. For example, when you are auditing compliance with CIS standards. It provides very poor reports."
What needs improvement?
The reports should be improved in Tenable Nessus. For example, when you are auditing compliance with CIS standards. It provides very poor reports.
For how long have I used the solution?
I have been using Tenable Nessus for approximately one year.
What do I think about the stability of the solution?
The stability is very good.
What do I think about the scalability of the solution?
Tenable Nessus has been scalable.
What other advice do I have?
My advice to others is for them to focus on the cloud solution, and do as much as possible in the cloud.
I rate Tenable Nessus an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Assistant Engineer at Harel Mallac Technologies Ltd
User-friendly, easy to use, and good performance
Pros and Cons
- "Tenable Nessus has a good performance, is very user-friendly, and is easy to use."
- "The solution should be able to support more devices."
What is most valuable?
Tenable Nessus has a good performance, is very user-friendly, and is easy to use.
What needs improvement?
The solution should be able to support more devices.
For how long have I used the solution?
I have been using Tenable Nessus for approximately one year.
What do I think about the scalability of the solution?
I have one customer that is using this solution.
How was the initial setup?
The installation of Tenable Nessus is straightforward, and it can take a couple of hours.
What about the implementation team?
I am able to do the deployment myself.
What's my experience with pricing, setup cost, and licensing?
There is an annual license required to use this solution.
What other advice do I have?
I would recommend this solution to others.
I rate Tenable Nessus a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Network Security Engineer at a construction company with 1,001-5,000 employees
Helps us limit our vulnerabilities and reduce exploitation
Pros and Cons
- "Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities."
- "We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux."
What is our primary use case?
We mainly use it for scanning for vulnerability on our hosts, like network devices and servers; to find the vulnerabilities and do remediation. We monitor Windows and Linux workstations.
How has it helped my organization?
It helps us limit our vulnerabilities and to reduce exploitations.
Tenable also helps us focus resources on the vulnerabilities that are most likely to be exploited.
What is most valuable?
Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities. I can export reports to Excel to adjust them and it's a convenient way to send them to my manager. We actually use the report feature to identify all the vulnerabilities on all the hosts.
- The prioritization is done quickly and is good.
- Their VPR is good.
- I'm also able to find its features easily.
What needs improvement?
We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux.
Also, Agent scanning is more efficient than credential scanning but Agent scanning is more expensive than credential scanning. I prefer, mainly, the Agent scan over the credential scan, it's better. But we will continue to use the credential scan. I would like to see Tenable make some improvements to the credential scanning; more vulnerabilities, because most of the problems have occurred on Windows Server. We have some scanning issues.
For how long have I used the solution?
We have been using Tenable for just over a year.
What do I think about the stability of the solution?
It's always working, no crashes.
What do I think about the scalability of the solution?
We can add more scanners to the scan zone. We can also create different organizations in terms of scanning, so I think the scalability is good.
We use Tenable on 300 servers. In our office we have two or three people using the solution who are network security engineers. Two or three people are enough to take care of deployment and maintenance of Tenable.
We have plans to increase our usage. We want to increase our licenses up to about 1,000.
How are customer service and technical support?
Technical support is good. I get responses quickly and they provide quick resolution. I can look at their community to find questions or the problem. The support is good.
Which solution did I use previously and why did I switch?
Before Tenable, our global team used Qualys, but I myself didn't use that. The switch to Tenable was decided on by our U.S. team. It was a global strategy to move to Tenable.
How was the initial setup?
The initial setup was good, not complex. We had the guides from Tenable to guide us through the setup. It took us two days, but one day should be good enough for the initial deployment.
Originally, we wanted to scan all our servers from multiple clouds and also on-premises, to scan the local network.
What other advice do I have?
Tenable mainly works on vulnerability scanning and prioritizing.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Infrastructure Engineer at IP Protocol INC
Provides good scalability, but there could be more learning documentation
Pros and Cons
- "The product's most valuable features are vulnerability and asset management. It can define the rules and validate the configuration."
- "There could be an integration between Tenable Nessus and other Tenable products. It will help us manage all the solutions using one dashboard."
What is our primary use case?
We use Tenable Nessus for asset and vulnerability management.
What is most valuable?
The product's most valuable features are vulnerability and asset management. It can define the rules and validate the configuration.
What needs improvement?
There could be an integration between Tenable Nessus and other Tenable products. It will help us manage all the solutions using one dashboard. Additionally, they should include more learning material to know about the product.
For how long have I used the solution?
We have been using Tenable Nessus for one year.
What do I think about the stability of the solution?
The product has good stability.
What do I think about the scalability of the solution?
We have more than 50 Tenable Nessus users in our organization. It is a scalable platform.
How was the initial setup?
Tenable Nessus is easy to deploy and manage.
What other advice do I have?
I recommend Tenable Nessus to others and rate it a seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Consultant at a tech services company with 11-50 employees
Good vulnerability management and easy to set up but needs more integration capabilities
Pros and Cons
- "The initial setup is very straightforward."
- "We'd like to see more integration potential within the solution."
What is our primary use case?
We primarily use the solution for vulnerability management.
When it comes to servers and scanners, or servers and endpoints, you can discover the vulnerabilities that might be on the other end. You can see, for example, if
you have a gap in vulnerabilities in specific servers or specific endpoints, and you if have to close the. You can really see the risks that might be encountered within your environment.
What is most valuable?
The solution is very good at vulnerability management. It gives you great visibility of visibilities.
The solution is stable.
The initial setup is very straightforward.
What needs improvement?
We'd like to see more integration potential within the solution.
They tend to do a new release every quarter, and will ultimately continue to add more features.
For how long have I used the solution?
We've been using the solution for two months. We've been looking into it over that time.
What do I think about the stability of the solution?
The solution is pretty stable. There are no bugs or glitches. It doesn't crash or freeze. Its performance is very reliable.
What do I think about the scalability of the solution?
I can't speak to the scalability. We have never tried to scale the solution.
I'm the only person in my organization that uses the solution. I don't have plans to increase usage at this time.
How are customer service and technical support?
I can't speak of technical support's knowledgeability or helpfulness. I haven't used them before and therefore couldn't really evaluate them very well.
How was the initial setup?
The solution is very straightforward and pretty simple. There isn't too much complexity or difficulty involved. A company shouldn't have any issues with the initial setup.
What about the implementation team?
I handled the installation myself. I didn't need the assistance of a consultant or integrator.
What's my experience with pricing, setup cost, and licensing?
We pay a yearly licensing fee.
I can't speak to the exact pricing. It's not an aspect of the solution I directly deal with.
What other advice do I have?
We're using the latest version of the solution. I can't speak to the exact version number.
I'd rate the solution at a seven out of ten. It's pretty great at vulnerability management, however, there are always ways to improve it.
I'd recommend the solution to other users.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Senior Consultant at a tech company with 1,001-5,000 employees
Reduces the amount of time spent on finding vulnerabilities.
Pros and Cons
- "Tenable Nessus streamlines the process of scanning for our organization."
- "This is still a maturing product. Tenable is only a scanner for one ability, while other solutions like Rapid7 have more tools for verification. We still have to manually verify to see if the vulnerability is a false positive or not."
What is our primary use case?
My primary use case of this solution is for scanning internal networks.
How has it helped my organization?
We use Tenable Nessus for scanning. We find lots of vulnerabilities and then we reduce the time spent on finding inbox vulnerabilities. Of course, Tenable streamlines the process. It has been a positive experience overall.
Tenable can scan for missing patches for the endpoints. We can scan it and then, once we can support any endpoint without patching, we inform our users.
What is most valuable?
We wanted to do a lot of Hardening and we have to make sure that all endpoints are up to the certain Hardening standard and we propose the CIS benchmark to do this. That's why we use Tenable to do scanning frequency and to ensure the quality of the endpoints.
What needs improvement?
This is still a maturing product. Tenable is only a scanner for one ability, while other solutions like Rapid7 have more tools for verification. We still have to manually verify to see if the vulnerability is a false positive or not.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
It is stable. We have not had any major issues. It performs as scheduled and scans as needed.
What do I think about the scalability of the solution?
In terms of scalability, there is an issue with cloud servers. You need the internet bandwidth to do the testing. They consume a lot of bandwidth and they use the cloud scanners for the scanning.
How is customer service and technical support?
I usually use the dashboard for support. It shows the critical vulnerabilities from low to high. They are very responsive when necessary.
How was the initial setup?
The implementation was straightforward. First, we noticed whether everything was ready, then we got a license key, set up some basic scanning using a default template, and finally, we scheduled time.
What's my experience with pricing, setup cost, and licensing?
The price of Tenable Nessus is much more competitive versus other solutions on the market.
Which other solutions did I evaluate?
We were manually scanning before using Tenable Nessus. We looked at Rapid7 but we are satisfied with Tenable Nessus.
What other advice do I have?
I would suggest that people considering this solution should choose the cloud-based solution versus the on-premise version.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Tenable Nessus Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Vulnerability ManagementPopular Comparisons
Microsoft Defender for Cloud
Qualys VMDR
Tenable Security Center
Tanium
Tenable Vulnerability Management
Orca Security
Pentera
Acunetix
JFrog Xray
Claroty Platform
Skybox Security Suite
Lacework
Microsoft Defender Vulnerability Management
Rapid7 Metasploit
Buyer's Guide
Download our free Tenable Nessus Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Qualys VM vs Tenable Nessus: Comparison
- How would you choose between Rapid7 InsightVM and Tenable Nessus?
- What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
- How does Tenable Nessus compare with Qualys VM?
- What are the main differences between Qualys VMDR and Tenable Nessus?
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?