Security Infrastructure Engineer at NP Secure Co.,Ltd
Reseller
Top 5
2023-08-31T10:14:21Z
Aug 31, 2023
Tenable Nessus is a great tool. I believe everyone should be using Tenable Nessus since it is a tool that can be used for vulnerability assessment when companies face some vulnerabilities to find security holes or threats. I rate the overall solution a nine out of ten.
I recommend Tenable Nessus because it's a good solution, works properly, is not complicated to administrate, is simple to manage, and is stable. I rate Tenable Nessus a nine out of ten.
We're using the latest version of the solution. When you are doing a spot check, and something rescues you a lot from disaster, you really appreciate that service. The product has really worked for me. I highly recommend the solution. I'd suggest new users run a POC and exhaust all the functionality and test other solutions as well. At the end of the day, compare them. Don't forget to consider budgets. Ensure that it matches what your company needs and the budget that they have for that particular solution. Make sure that functionality is taken into account. Some people only look at the budget and go for something cheaper and then do not have the functionality they require. I'd rate the solution nine out of ten.
Security Compliance Officer at a tech services company with 51-200 employees
Real User
2022-11-15T14:56:34Z
Nov 15, 2022
It is a good tool. It's not difficult to understand. It shouldn't be an issue as long as you know what you're doing. I would rate Tenable Nessus a seven out of ten.
Manager II at a insurance company with 10,001+ employees
Real User
2022-10-13T13:19:40Z
Oct 13, 2022
The solution is a great tool for automation and reducing your team's efforts. If you have the budget and knowledgeable staff, then I recommend you use it. I rate the solution an eight out of ten.
I would rate this solution as eight out of ten. For those who want to use this solution, my advice is to go to Tenable's website and read about the solution so you can properly understand its features. There are demo videos too. That will help you make a decision about whether you want to use the tool or not. I would definitely recommend this solution to others who want to use it.
I would advise anybody thinking of implementing Nessus that they should be competent with risk management language and do some training on the solution, otherwise, they won't understand anything. I would rate Nessus ten out of ten.
Security is complicated a subject. There's a lot involved in Tenable Nessus, but the solution is easy to run and manage and we have had a lot of good success with it. I rate Tenable Nessus a nine out of ten.
Information Security Manager at a transportation company with 1,001-5,000 employees
Real User
2022-02-16T17:53:17Z
Feb 16, 2022
My advice to people who are looking into implementing this product would be to just go ahead and do it. Don't be frightened about it. It is great. It does exactly what you'd expect it to do. You can use it as a stepping stone to the other Tenable products. I would rate it a nine out of 10. It is a lovely product. It just does what you need it to do, and lets you get on with your day.
Founder & CEO at a tech services company with 1-10 employees
Real User
2021-12-08T22:52:56Z
Dec 8, 2021
It's important to test the solution so you know that it works for your situation. They have a trial version so it's easy to test before you purchase it. I rate this solution eight out of 10.
Assistant Manager of Information Security at a pharma/biotech company with 1,001-5,000 employees
Real User
2021-06-19T08:51:47Z
Jun 19, 2021
I am actually using the solution in three or four different organizations, including Engro and Martin Dow. There are two or three people using the solution in my organization on an ongoing basis in key dedicated positions. As Tenable Nessus lacks adequate network vulnerability scanning features, I rate it as a seven out of ten.
Lead Cyber Security engineer at a tech services company with 201-500 employees
Real User
2021-05-19T12:15:00Z
May 19, 2021
There are at least ten people in our organization making use of the solution. Tenable Nessus is an appropriate solution for a small scale company, one with budgeting constraints and no complexities within the organization. It not that user-friendly. I would rate Tenable Nessus as a seven out of ten.
So far, I am quite pleased with this product and don't have any complaints. I would recommend this solution to others who are interested in using it. I would rate this solution a nine out of ten.
Chief Hacking Officer at a security firm with 1-10 employees
Real User
2021-02-19T09:45:24Z
Feb 19, 2021
Ultimately, we plan to use this product less because it is something that we advise our customers to buy for themselves. They should not be using our solution. My advice for anybody who is considering Tenable Nessus is that it is easy to install, easy and straightforward to use, and not expensive. These are the reasons that we advice our customers to use it. I would rate this solution an eight out of ten.
VP - Risks, Audits & InfoSec at a tech services company with 501-1,000 employees
Real User
2021-02-09T16:13:00Z
Feb 9, 2021
On a scale of one to ten, I would give Tenable Nessus an eight. What happens is Nessus keeps on updating and this becomes a showstopper. We are unable to proceed with the vulnerability scans or testing if we do not update to the latest available patch. We can understand the risk if it's maybe one version earlier, meaning, we understand something was updated with XYZ patch but there should be something which gives us an option so that not all of our deployments need to have the latest patch. This would save the deployment time because of frequent updates. I would recommend Tenable Nessus. Especially the commercial model. We operate in small and medium enterprises and for them, Nessus is becoming expensive. Because of this I may not buy Nessus this year and I might switch to Qualys, for example. Overall, Tenable Nessus is not so price pocket friendly for small and medium users.
CSSP Manager at a tech services company with 51-200 employees
MSP
2021-01-13T19:38:19Z
Jan 13, 2021
We're just customers. We're end-users. We don't have a business relationship with the company. We're using the solution as what I would consider a hybrid, where the security center is managed by another group. However, we have a scanner in our network that connects back to the security center and the DOD of Azure. We're largely happy with the product. Overall, I'd rate the solution eight out of ten. If it weren't for the reporting or the scanning difficulties, I would rate it higher.
IT Security Operations Analyst at a manufacturing company with 10,001+ employees
Real User
2020-12-13T06:30:07Z
Dec 13, 2020
For anyone who is interested in this solution, they should test the scan timing to see if it consumes a lot of time or not. Research the remediation information to see if it is okay, or trust proof or not. The reporting works well and it allows you to share. Also, support is important. I would rate Tenable Nesuss an eight out of ten.
Owner at a tech services company with 1-10 employees
Real User
2020-12-07T21:15:00Z
Dec 7, 2020
The advice would be definitely doing your proof of concept because that's what you're going to need for your buy-in for your upper management because it is going to cost some money. I would do a hybrid version, where your own Nessus is internal, and then you have your cloud. If you lose connection to the internet, you could still run an internal Nessus scan to save the scan and then input the scan into Tenable.sc. Do your proof of concepts, get your reports, and use your proof of concepts when you do your presentation to upper management to purchase. If you use your own nodes and your own network as your proof of concept, it gives them an eye view of, "Hey, we're vulnerable because of this, and here's the tool that did it." To me, that was a better selling point because it was real. It wasn't the demo data. Once you have purchased it and get it all set up, use it continuously, meaning include your scanned reports with your change control. This way, it shuts all the administrators who have been there over 20 years and say, "Hey, I don't want to patch right now because it takes the network down." Yes, it's going to take the network down. However, the longer you wait, the more vulnerable you are because if I'm doing change requests every week, and I'm calling on more and more risk and you start to find the same nodes in the same reports, then somebody up high is going to say to the network administrator guy to fix it. I would rate Tenable Nessus a ten out of ten right now. If you had asked me last year, Rapid7 would have been the same and on top, but now that I've been using Tenable and I'm comparing the jobs that I'm doing right now, Tenable is cut and clear to what the report is saying. My favorite report is the VPR report. Instead of just looking at CVS numbers, it has a VPR report that ranks, whereas, in Rapid7, it's just focused on CVS. It is CVS version 2 or 3, which kind of gets confusing. For example, in Tenable, I can run a scheduled scan and have my report, but let's say, for instance, I did patching in the middle before my scheduled scan. I could kick off a new scan specifically for that vulnerability and get a report, whereas, in Rapid7, you could not easily do that. Therefore, you were stuck waiting for the scan to go again and to see if your mitigation efforts fixed it.
Vulnerability Management Analyst at a financial services firm with 10,001+ employees
Real User
2020-10-04T06:40:14Z
Oct 4, 2020
We are simply customers. We don't have a business relationship with Tenable. We're using the latest version of the solution. I would definitely recommend this solution. It's the best that I've used so far. On a scale from one to ten, I'd rate it at an eight overall.
In some cases, we deploy on-premises because the customer is still evaluating the readiness to go to the cloud. A few of our customers are already on the cloud, and others are migrating. We have deployed on both models. With my experience, I would definitely recommend it. This is the only tool we have used recently. I would rate this solution an eight out of ten.
CISO at a financial services firm with 201-500 employees
Real User
2019-11-27T05:42:00Z
Nov 27, 2019
If I were to speak to someone who works with IBM Guardium they would probably tell me, "Ah, Nessus is too simple for me. Guardium is better." But I can recommend Nessus to anyone who wants a good product for a "small amount of money." It's the best buy. When I speak with my colleagues we usually share our experiences. I know that some of my colleagues are thinking about Nessus for next year because they don't have any solution, but they need one, according to regulations. When I explain how it works they usually say that they will check into it. Probably, in Bosnia, there will be two more banks using Nessus in the next year. Alem, as a company, is very friendly and that's most important. They come to our office to explain things. They spent three or four hours here with me, explaining everything about Nessus. They suggested a free trial. It's important to have that kind of support. I know that if I need something, I can ask them without any problems, at any time. Overall, Nessus is working well.
President and Sr CISO Consultant at Micro Strategies
MSP
2019-11-14T06:34:00Z
Nov 14, 2019
If you're going to employ this product, it's the better one for smaller to medium businesses because of the executive documentation. I would not try to sell it as a technical tool for a technical group. As a consultant it would be best for you to run it and manage it for clients. With that, you're a one-stop shop for them. I would remind clients that most auditing requirements state that you need a third-party individual to do an assessment of your environment. As a consultant you would do that for them. Keep it in-house. I wouldn't sell it. The priority rating is an industry-standard rating, so it's not like it pulls it out of a hat. It's a known rating, so that's good.
Security Architect at C. H. Robinson Worldwide, Inc.
Real User
2019-11-13T05:29:00Z
Nov 13, 2019
Leverage authenticated scans if you can. That reduces the number of false positives compared to just network-based scanning. Leverage the Tenable Agents if you can, as well, because that will help reduce the scan time and make it easier to get data from machines that are all over your network. The solution isn't really helping to reduce our exposure over time because there are always new vulnerabilities coming out. It's helping us keep track of what's out there better. The next part is going to be convincing external auditors that VPR is a reasonable way to actually prioritize, in terms of whatever our policy statements say for what we fix and how quickly; to get that to line up. A lot of people are still in the, "You must patch criticals with this number of days, highs with this number of days." We want to be able to turn that into a more risk-based approach but haven't really been able to do that. The users of the solution in our organization are really just the people on our security team, so the number is under ten people. They're really just using it to look at the vulnerabilities, analyze the vulnerabilities, and figure out where our risks are and what should get patched. For deployment and maintenance of the solution we have a quarter of an FTE.
Senior Systems Administrator at Government Scientific Source, Inc.
Real User
2019-11-07T10:35:00Z
Nov 7, 2019
Know that it's only a detection tool and that it has limitations as a detection tool, but the deployment can be pretty scalable. The solution didn't reduce the number of critical and high vulnerabilities we needed to patch first. It tells you what the critical vulnerabilities are that you need to patch, but it didn't reduce anything. It doesn't patch it for you. I would give Nessus a seven out of ten, as it doesn't automatically resolve the vulnerabilities. There are tools out there that give you an option: "Hey, do you want me to patch that vulnerability?" You just hit "yes" and it automatically does it. Nessus doesn't do that. And, as I said, the grouping could be a little bit better.
Senior Infrastructure Project Manager at a energy/utilities company with 501-1,000 employees
Real User
2019-09-08T09:50:00Z
Sep 8, 2019
My advice to others would be to include post-implementation support for six months from the vendor to help with the fine-tuning. I rate this solution an eight out of ten. In the future, I would like to see better reporting for high impact vulnerabilities.
Tenable Nessus is a vulnerability management solution that aims to empower organizations to be aware of threats that both they and their customers face. It is the most deployed scanner in the vulnerability management industry. Organizations that use this product have access to the largest continuously updated global library of vulnerability and configuration checks. They can stay ahead of threats that Tenable Nessus’s competitors may be unable to spot. Additionally, Tenable Nessus supports a...
Overall, I rate the solution a seven out of ten.
I would recommend it to others. It's a good solution. Overall, I would rate it an eight out of ten. In every aspect, it is good.
I rate the overall product a nine out of ten.
I recommend the solution to others. I rate the solution a nine out of ten.
I recommend Tenable Nessus to others and rate it a seven out of ten.
Tenable Nessus is a great tool. I believe everyone should be using Tenable Nessus since it is a tool that can be used for vulnerability assessment when companies face some vulnerabilities to find security holes or threats. I rate the overall solution a nine out of ten.
I would recommend others use this solution. I rate Tenable Nessus a nine out of ten.
I would tell potential users that Tenable Nessus is suitable for device security. On a scale from one to ten, I would give Tenable Nessus a seven.
I give the solution an eight out of ten. We have 100 workstations that all use the solution.
I recommend Tenable Nessus because it's a good solution, works properly, is not complicated to administrate, is simple to manage, and is stable. I rate Tenable Nessus a nine out of ten.
We're using the latest version of the solution. When you are doing a spot check, and something rescues you a lot from disaster, you really appreciate that service. The product has really worked for me. I highly recommend the solution. I'd suggest new users run a POC and exhaust all the functionality and test other solutions as well. At the end of the day, compare them. Don't forget to consider budgets. Ensure that it matches what your company needs and the budget that they have for that particular solution. Make sure that functionality is taken into account. Some people only look at the budget and go for something cheaper and then do not have the functionality they require. I'd rate the solution nine out of ten.
It is a good tool. It's not difficult to understand. It shouldn't be an issue as long as you know what you're doing. I would rate Tenable Nessus a seven out of ten.
We are just end-users and customers. I'm not sure which version of the solution we're using. I'd rate the solution eight out of ten.
The solution is a great tool for automation and reducing your team's efforts. If you have the budget and knowledgeable staff, then I recommend you use it. I rate the solution an eight out of ten.
I would recommend Nessus Manager and rate it at eight on a scale from one to ten.
I would rate Tenable Nessus an eight on a scale of one to ten.
I would rate this solution as eight out of ten. For those who want to use this solution, my advice is to go to Tenable's website and read about the solution so you can properly understand its features. There are demo videos too. That will help you make a decision about whether you want to use the tool or not. I would definitely recommend this solution to others who want to use it.
I would advise anybody thinking of implementing Nessus that they should be competent with risk management language and do some training on the solution, otherwise, they won't understand anything. I would rate Nessus ten out of ten.
My advice to others is for them to start using the free version to get used to the solution. I rate Tenable Nessus an eight out of ten.
I rate this solution nine out of 10.
It is a very good and useful tool. I would rate it a nine out of ten.
I would rate this solution 8 out of 10.
Security is complicated a subject. There's a lot involved in Tenable Nessus, but the solution is easy to run and manage and we have had a lot of good success with it. I rate Tenable Nessus a nine out of ten.
Tenable is the best vulnerability management product in the world, and I recommend it. I would rate this solution a nine out of ten.
My advice to people who are looking into implementing this product would be to just go ahead and do it. Don't be frightened about it. It is great. It does exactly what you'd expect it to do. You can use it as a stepping stone to the other Tenable products. I would rate it a nine out of 10. It is a lovely product. It just does what you need it to do, and lets you get on with your day.
My advice to others is for them to focus on the cloud solution, and do as much as possible in the cloud. I rate Tenable Nessus an eight out of ten.
We have both on-premises and cloud-based deployment in our organization. The solution is good. I rate Tenable Nessus as a nine out of ten.
It's important to test the solution so you know that it works for your situation. They have a trial version so it's easy to test before you purchase it. I rate this solution eight out of 10.
I would recommend Tenable Nessus. On a scale of one to ten, I would rate it an eight.
On a scale from one to ten, I would give Tenable Nessus an eight.
I would recommend this solution to others. I would rate Tenable Nessus a nine out of ten because it has many dimensions.
I rate this solution an eight out of 10.
I am actually using the solution in three or four different organizations, including Engro and Martin Dow. There are two or three people using the solution in my organization on an ongoing basis in key dedicated positions. As Tenable Nessus lacks adequate network vulnerability scanning features, I rate it as a seven out of ten.
There are at least ten people in our organization making use of the solution. Tenable Nessus is an appropriate solution for a small scale company, one with budgeting constraints and no complexities within the organization. It not that user-friendly. I would rate Tenable Nessus as a seven out of ten.
So far, I am quite pleased with this product and don't have any complaints. I would recommend this solution to others who are interested in using it. I would rate this solution a nine out of ten.
Ultimately, we plan to use this product less because it is something that we advise our customers to buy for themselves. They should not be using our solution. My advice for anybody who is considering Tenable Nessus is that it is easy to install, easy and straightforward to use, and not expensive. These are the reasons that we advice our customers to use it. I would rate this solution an eight out of ten.
On a scale of one to ten, I would give Tenable Nessus an eight. What happens is Nessus keeps on updating and this becomes a showstopper. We are unable to proceed with the vulnerability scans or testing if we do not update to the latest available patch. We can understand the risk if it's maybe one version earlier, meaning, we understand something was updated with XYZ patch but there should be something which gives us an option so that not all of our deployments need to have the latest patch. This would save the deployment time because of frequent updates. I would recommend Tenable Nessus. Especially the commercial model. We operate in small and medium enterprises and for them, Nessus is becoming expensive. Because of this I may not buy Nessus this year and I might switch to Qualys, for example. Overall, Tenable Nessus is not so price pocket friendly for small and medium users.
We're just customers. We're end-users. We don't have a business relationship with the company. We're using the solution as what I would consider a hybrid, where the security center is managed by another group. However, we have a scanner in our network that connects back to the security center and the DOD of Azure. We're largely happy with the product. Overall, I'd rate the solution eight out of ten. If it weren't for the reporting or the scanning difficulties, I would rate it higher.
For anyone who is interested in this solution, they should test the scan timing to see if it consumes a lot of time or not. Research the remediation information to see if it is okay, or trust proof or not. The reporting works well and it allows you to share. Also, support is important. I would rate Tenable Nesuss an eight out of ten.
The advice would be definitely doing your proof of concept because that's what you're going to need for your buy-in for your upper management because it is going to cost some money. I would do a hybrid version, where your own Nessus is internal, and then you have your cloud. If you lose connection to the internet, you could still run an internal Nessus scan to save the scan and then input the scan into Tenable.sc. Do your proof of concepts, get your reports, and use your proof of concepts when you do your presentation to upper management to purchase. If you use your own nodes and your own network as your proof of concept, it gives them an eye view of, "Hey, we're vulnerable because of this, and here's the tool that did it." To me, that was a better selling point because it was real. It wasn't the demo data. Once you have purchased it and get it all set up, use it continuously, meaning include your scanned reports with your change control. This way, it shuts all the administrators who have been there over 20 years and say, "Hey, I don't want to patch right now because it takes the network down." Yes, it's going to take the network down. However, the longer you wait, the more vulnerable you are because if I'm doing change requests every week, and I'm calling on more and more risk and you start to find the same nodes in the same reports, then somebody up high is going to say to the network administrator guy to fix it. I would rate Tenable Nessus a ten out of ten right now. If you had asked me last year, Rapid7 would have been the same and on top, but now that I've been using Tenable and I'm comparing the jobs that I'm doing right now, Tenable is cut and clear to what the report is saying. My favorite report is the VPR report. Instead of just looking at CVS numbers, it has a VPR report that ranks, whereas, in Rapid7, it's just focused on CVS. It is CVS version 2 or 3, which kind of gets confusing. For example, in Tenable, I can run a scheduled scan and have my report, but let's say, for instance, I did patching in the middle before my scheduled scan. I could kick off a new scan specifically for that vulnerability and get a report, whereas, in Rapid7, you could not easily do that. Therefore, you were stuck waiting for the scan to go again and to see if your mitigation efforts fixed it.
We are simply customers. We don't have a business relationship with Tenable. We're using the latest version of the solution. I would definitely recommend this solution. It's the best that I've used so far. On a scale from one to ten, I'd rate it at an eight overall.
In some cases, we deploy on-premises because the customer is still evaluating the readiness to go to the cloud. A few of our customers are already on the cloud, and others are migrating. We have deployed on both models. With my experience, I would definitely recommend it. This is the only tool we have used recently. I would rate this solution an eight out of ten.
A cost/benefit interesting tool.
If I were to speak to someone who works with IBM Guardium they would probably tell me, "Ah, Nessus is too simple for me. Guardium is better." But I can recommend Nessus to anyone who wants a good product for a "small amount of money." It's the best buy. When I speak with my colleagues we usually share our experiences. I know that some of my colleagues are thinking about Nessus for next year because they don't have any solution, but they need one, according to regulations. When I explain how it works they usually say that they will check into it. Probably, in Bosnia, there will be two more banks using Nessus in the next year. Alem, as a company, is very friendly and that's most important. They come to our office to explain things. They spent three or four hours here with me, explaining everything about Nessus. They suggested a free trial. It's important to have that kind of support. I know that if I need something, I can ask them without any problems, at any time. Overall, Nessus is working well.
Tenable mainly works on vulnerability scanning and prioritizing.
If you're going to employ this product, it's the better one for smaller to medium businesses because of the executive documentation. I would not try to sell it as a technical tool for a technical group. As a consultant it would be best for you to run it and manage it for clients. With that, you're a one-stop shop for them. I would remind clients that most auditing requirements state that you need a third-party individual to do an assessment of your environment. As a consultant you would do that for them. Keep it in-house. I wouldn't sell it. The priority rating is an industry-standard rating, so it's not like it pulls it out of a hat. It's a known rating, so that's good.
Leverage authenticated scans if you can. That reduces the number of false positives compared to just network-based scanning. Leverage the Tenable Agents if you can, as well, because that will help reduce the scan time and make it easier to get data from machines that are all over your network. The solution isn't really helping to reduce our exposure over time because there are always new vulnerabilities coming out. It's helping us keep track of what's out there better. The next part is going to be convincing external auditors that VPR is a reasonable way to actually prioritize, in terms of whatever our policy statements say for what we fix and how quickly; to get that to line up. A lot of people are still in the, "You must patch criticals with this number of days, highs with this number of days." We want to be able to turn that into a more risk-based approach but haven't really been able to do that. The users of the solution in our organization are really just the people on our security team, so the number is under ten people. They're really just using it to look at the vulnerabilities, analyze the vulnerabilities, and figure out where our risks are and what should get patched. For deployment and maintenance of the solution we have a quarter of an FTE.
Know that it's only a detection tool and that it has limitations as a detection tool, but the deployment can be pretty scalable. The solution didn't reduce the number of critical and high vulnerabilities we needed to patch first. It tells you what the critical vulnerabilities are that you need to patch, but it didn't reduce anything. It doesn't patch it for you. I would give Nessus a seven out of ten, as it doesn't automatically resolve the vulnerabilities. There are tools out there that give you an option: "Hey, do you want me to patch that vulnerability?" You just hit "yes" and it automatically does it. Nessus doesn't do that. And, as I said, the grouping could be a little bit better.
My advice to others would be to include post-implementation support for six months from the vendor to help with the fine-tuning. I rate this solution an eight out of ten. In the future, I would like to see better reporting for high impact vulnerabilities.
Scans using agents are very useful, and taking advantage of them is the best way to take advantage of the tool.
I would suggest that people considering this solution should choose the cloud-based solution versus the on-premise version.