No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco Vulnerability Management (formerly Kenna.VM) vs Tenable Nessus comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco Vulnerability Managem...
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
1
Ranking in other categories
Cisco Security Portfolio (11th), Risk-Based Vulnerability Management (23rd)
Tenable Nessus
Average Rating
8.4
Reviews Sentiment
6.0
Number of Reviews
88
Ranking in other categories
Vulnerability Management (3rd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cisco Vulnerability Management (formerly Kenna.VM) is designed for Risk-Based Vulnerability Management and holds a mindshare of 2.2%, down 2.4% compared to last year.
Tenable Nessus, on the other hand, focuses on Vulnerability Management, holds 3.7% mindshare, down 8.5% since last year.
Risk-Based Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Cisco Vulnerability Management (formerly Kenna.VM)2.2%
Qualys VMDR9.7%
Rapid7 InsightVM7.8%
Other80.3%
Risk-Based Vulnerability Management
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Tenable Nessus3.7%
Wiz4.4%
Qualys VMDR3.9%
Other88.0%
Vulnerability Management
 

Featured Reviews

AshishPaliwal - PeerSpot reviewer
Self-employed at Self-employed
Offers contextual prioritization and risk-based remediation of vulnerability
An improvement would be some sort of an integration with any GRC suite. There are a lot of GRC suites available, like Archer, MetricStream, Rsam, Protiviti, for example. So how would a solution like this work if my company has already invested thousands or maybe millions in a GRC solution? Do I still need it and how does it fit into an existing SAP environment? There could be interoperability, having more data sources, integrating Splunk, Qualys, FireEye, Rapid7, Carbon Black. I'm sure all that can be done to an extent, with a little more insight and a little more accuracy on the industry numbers and trends. I'd like the solution to offer any sort of assistance in any way with the remediation part, not just identification of vulnerability risk, and that is second.
MohammedJaffir - PeerSpot reviewer
Founder at Cipheroot Cybersecurity Solutions
Has enabled me to reduce false positives and perform deep credential auditing with seamless integrations
I mostly use the configuration audit feature for the audit configuration as a scan policy, and I will use it for credential audit, which helps me scan credentials access such as local administrator or root access, performing a deeper and more accurate check of local configuration settings and file systems, making it a highly recommended feature. Regarding integration capabilities, we can integrate Tenable Nessus with SIM tools such as Splunk, IBM QRadar, and Azure Sentinel, as well as with ticketing systems such as ServiceNow, Jira, and Slack. There is no complexity as it is very easy to integrate everything. In terms of the reporting feature, while vulnerability scanning can throw some false positives, Tenable Nessus has very few, achieving a reduction of 75% to 80% false positives with manual analysis needed. We can generate standard Nessus reports that typically include host summaries and vulnerabilities by host and plugin, alongside solutions and remediation recommendations. The main benefits I get from Tenable Nessus are complete asset inventory and comprehensive attack surface management, allowing us to prioritize vulnerabilities based on risk, focusing on true risk and threat path analysis.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The risk context of any vulnerability is a valuable feature; that is what it is used for and then data from different sources can be fed into it, and they have good dashboards, risk meters, and virtualization."
"The risk context of any vulnerability is a valuable feature."
"I like its ease of use. It has the script that is pre-built in it, and you just got to know which ones you're looking for."
"Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips at documentation), tests against cloud providers, database profiles, several types of telecom devices, and others highly customizable scans."
"One thing that is important for us is that when the regulation agency is asking for something, we can send them reports from Nessus and they're very satisfied."
"It provides multiple recommendations towards the remedy of vulnerabilities."
"The solution is the most dynamic one I have seen thus far."
"The solution is great for scanning servers."
"I have experience with it on my attack stations, and it's pretty good to optimize. Personally, I think Nessus is quite a good product."
"I would definitely recommend this solution; it's the best that I've used so far."
 

Cons

"An improvement would be some sort of an integration with any GRC suite."
"To be honest, I haven't used it much to tell you that these are the things that should be improved. But I believe the UI should be enhanced somewhat. For example, there are two ways to find a report, and people are frequently confused as to which is the correct method for locating a full report. Sometimes they go in the opposite direction, so this is an area that may be improved."
"The solution could improve security updates."
"The interface is a little bit clunky, and the reporting is not marvelous. There should be better integration of reporting between instances. Currently, the instance stands alone, and it produces a report. Being able to amalgamate those reports with another instance will be useful."
"The solution should be able to support more devices."
"Tenable Nessus is not feasible for a large company."
"The tool needs to upgrade asset tracking."
"I think the reporting templates could be improved with Tenable Nessus."
"While Tenable Nessus is a good enterprise solution, the high price would likely make it prohibitive to smaller organizations."
 

Pricing and Cost Advice

"I think the pricing is based on the number of endpoints, so it's more subscription-based."
"The price is reasonable."
"We incurred a single cost for a perpetual license, although I cannot comment on the price as this is above my management level."
"One problem with Tenable is its pricing policy. Optimal results can be achieved with Greenbone Solutions which has much more friendly pricing policies."
"The newer tools are quite pricey. There is a case of some fine tuning that can be done in terms of licensing. The IP based licensing that is offered makes the tool very expensive. If they want the IT industry to adopt it, the price should be looked at."
"The product is free."
"In general, it is extremely expensive."
"We pay approximately $2,500 on a yearly basis."
"The price of the solution is reasonable."
report
Use our free recommendation engine to learn which Risk-Based Vulnerability Management solutions are best for your needs.
904,054 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Retailer
15%
Computer Software Company
14%
Construction Company
10%
Financial Services Firm
10%
Manufacturing Company
10%
Financial Services Firm
10%
Government
9%
Computer Software Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business40
Midsize Enterprise19
Large Enterprise35
 

Questions from the Community

Ask a question
Earn 20 points
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of the program is such that if a company should desire to handle the installation t...
What is your experience regarding pricing and costs for Tenable Nessus?
Based on my experience, the pricing for Tenable Nessus is somewhat higher, but customers still want to pay for it, so it remains acceptable. The annual price increase of six to seven percent could ...
 

Also Known As

Kenna.VM, Kenna Security, Kenna, Kenna Security Platform
No data available
 

Overview

 

Sample Customers

TransUnion
Bitbrains, Tesla, Just Eat, Crosskey Banking Solutions, Covenant Health, Youngstown State University
Find out what your peers are saying about Qualys, Horizon3.ai, Tenable and others in Risk-Based Vulnerability Management. Updated: June 2026.
904,054 professionals have used our research since 2012.