Orca Security vs Tenable Nessus comparison

"Overall, we have seen about eighty-seven percent reduction of the number of vulnerabilities that require urgency to remediate, specifically the number of criticals."

"Zafran is an excellent tool."

"We are able to see the real risk of a vulnerability on our environment with our security tools."

"We saw benefits from Zafran Security almost immediately after deploying it."

"Zafran has become an indispensable tool in our cybersecurity arsenal."

"I recommend Orca Security to others looking for a cloud security solution due to its seamless integration and side-scanning technology that does not hamper cloud asset performance."

"One of the valuable features of Orca Security is its design and options that allow flexible filtering and user-friendly visualization."

"Orca's platform provides an agentless data collection facility that collects information directly from the cloud using APIs, with zero impact on performance."

"The best features of Orca Security include its ability to perform a lot of security controls without requiring any installation of agents, making it very easy to set up."

"Orca Security has patented technologies. It's an agentless solution, so you don't need to install an agent. Instead, it contacts your account provider and fetches metadata, eliminating the need for snapshots or reserved space to copy client infrastructure."

"The most valuable feature of Orca Security is the automated scanning tool, user-friendliness, and ease of use."

"I would rate the quality of support as nine stars out of ten due to their quick and helpful responses."

"The GUI features are very good. Threat intelligence is also very good."

"Nessus is effortless to integrate."

"User friendly and good dashboards."

"The ease of use is the primary valuable feature. This specific version is very straightforward. I like the ability to modify it and configure it based on the different policies."

"I like this solution because it is complete. It can scan and check many types of vulnerabilities. It can also check for compliance."

"I have experience with it on my attack stations, and it's pretty good to optimize. Personally, I think Nessus is quite a good product."

"Tenable Nessus is cheap and flexible."

"I find the features that are most valuable are the policies that help us identify the vulnerabilities. These policies are then used for scanning instabilities and then identifying the particular vulnerabilities."

"The most valuable feature of Tenable Nessus is vulnerability assessments. There are a lot of threats around the world and this solution is the first to come out with detection rules."

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."

"I think the ability to have some enhanced reporting capabilities is something they can improve on, as they have good reports but we have asked for some specific reporting enhancements."

"The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvements."

"They can expand a little bit in anti-malware detection. While we have pretty good confidence that it's going to detect some of the static malware, some of the detections are heuristics. There could be a growth in the library from where they're pulling their information, but we don't get a lot of those alerts based on the design of our products. In general, that might be an area that needs to be filled since they offer it as a service within it."

"The interface can be a bit cranky and sometimes takes a lot of time to load."

"The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments... Ultimately, the ability to auto-remediate is something that I would like to see."

"The documentation for Orca Security could be improved."

"The documentation for Orca Security could be improved."

"Orca Security can be improved as there should be some kind of central pane of glass. Similar to how cloud management works, Orca Security should have something comparable."

"It's not all clouds that they are currently onboarded with. For instance, they are not yet with public cloud and many other private clouds."

"The presentation of the data in the dashboard is a little bit chaotic."

"The price could be more reasonable. I used the free Nessus version in my lab with which you can only scan 16 IP addresses. If I wanted to put it in the lab in my network at work, and I'm doing a test project that has over 30 nodes in it, I can't use the free version of Nessus to scan it because there are only 16 IP addresses. I can't get an accurate scan. The biggest thing with all the cybersecurity tools out there nowadays, especially in 2020, is that there's a rush to get a lot of skilled cybersecurity analysts out there. Some of these companies need to realize that a lot of us are working from home and doing proof of concepts, and some of them don't even offer trials, or you get a trial and it is only 16 IP addresses. I can't really do anything with it past 16. I'm either guessing or I'm doing double work to do my scans. Let's say there was a license for 50 users or 50 IP addresses. I would spend about 200 bucks for that license to accomplish my job. This is the biggest complaint I have as of right now with all cybersecurity tools, including Rapid7, out there, especially if I'm in a company that is trying to build its cybersecurity program. How am I going to tell my boss, who has no real budget of what he needs to build his cybersecurity program, to go spend over $100,000 for a tool he has never seen, whereas, it would pack the punch if I could say, "Let me spend 200 bucks for a 50 user IP address license of this product, do a proof of concept to scan 50 nodes, and provide the reason for why we need it." I've been a director, and now I'm an ISO. When I was a director, I had a budget for an IT department, so I know how budgets work. As an ISO, the only thing that's missing from my C-level is I don't have to deal with employees and budgets, but I have everything else. It's hard for me to build the program and say, "Hey, I need these tools." If I can't get a trial, I would scratch that off the list and find something else. I'm trying to set up Tenable.io to do external PCI scans. The documentation says to put in your IP addresses or your external IP addresses. However, if the IP address is not routable, then it says that you have to use an internal agent to scan. This means that you set up a Nessus agent internally and scan, which makes sense. However, it doesn't work because when you use the plugin and tell it that it is a PCI external, it says, "You cannot use an internal agent to scan external." The documentation needs to be a little bit more clear about that. It needs to say if you're using the PCI external plugin, all IP addresses must be external and routable. It should tell the person who's setting it up, "Wait a minute. If you have an MPLS network and you're in a multi-tenant environment and the people who hold the network schema only provide you with the IP addresses just for your tenant, then you are not going to know what the actual true IP address that Tenable needs to do a PCI scan." I've been working on Tenable.io to set up PCI scans for the last ten days. I have been going back and forth to the network thinking I need this or that only to find out that I'm teaching their team, "Hey, you know what, guys? I need you to look past your MPLS network. I need you to go to the edge's edge. Here's who you need to ask to give me the whitelist to allow here." I had the blurb that says the plugin for external PCI must be reachable, and you cannot use an internal agent. I could have cut a few days because I thought I had it, but then when I ran it, it said that you can't run it this way. I wasted a few hours in a day. In terms of new features, it doesn't require new features. It is a tool that has been out there for years. It is used in the cybersecurity community. It has got the CV database in it, and there are other plugins that you could pass through. It has got APIs you can attach to it. They can just improve the database and continue adding to the database and the plugins to make sure those don't have false positives. If you're a restaurant and you focus on fried chicken, you have no business doing hamburgers."

"The product must be more comprehensive."

"The problems I faced with Tenable Nessus were related to its dashboard's customization capabilities and its ability to provide data to third-party sources."

"The features are limited when it comes to scanning network devices for vulnerabilities."

"Tenable Nessus could include a broader range of IT assets."

"Pricing is one of the most important features, and it is something that they can improve on."

"There is room for improvement in finishing the transition to the cloud. We'd like to see them keep on improving the Tenable.io product, so that we can migrate to it entirely, instead of having to keep the Tenable.sc on-prem product."

"One significant drawback we encounter is the tool's tendency to flag patched packages incorrectly. For instance, if a package is patched by Debian maintainers but not updated to a major or minor version, Nessus may still flag it as vulnerable based on its database. This discrepancy leads to false alarms and requires our developers, system admins, and DevOps teams to address them."

"It is the cost of the visibility that you get. When you really sit down and think about what do you need to do to secure an environment with a low impact on the business, and you take a look out into the world, I think this tool is well justified around cost."

"I think their pricing model is aligned with market demand. Of course, Orca could probably better align their pricing model with the needs of smaller businesses as well as some larger-scale enterprises with millions of assets. But in all fairness, I think the Orca sales team has been accommodating and ensured that we're happy with the pricing."

"We have a total of 25 licenses for this solution. The solution is on a pay-and-you-use model."

"Overall, the pricing is reasonable and the discounts have been acceptable."

"The pricing depends on how many assets you have running in your cloud and how many environments you have. If you have a dev environment, test environment, and a production environment then it's really important that you have coverage for all of them."

"Its license is a bit expensive."

"Orca Security charges are based on cloud workloads. So, it's based on workloads. If we look at one feature, it might be expensive."

"While it's competitive with Palo Alto Prisma, I think Orca's list price is very high. I would advise Orca to lower it because, at that price, I might consider alternatives like Wiz, which also offers agentless services."

"The is a free version of Tenable Nessus available."

"There is an annual license required to use this solution."

"When comparing the price of Tenable Nessus to other similar solutions, such as Acunetix, Tenable Nessus is not as expensive. It is averagely priced in the market. We pay for the solution annually."

"This solution is affordable."

"The pricing is much more manageable versus other products."

"The product pricing is dynamic and varies based on the specific needs of each project and customer."

"Tenable Nessus is affordable."

"While Tenable Nessus is a good enterprise solution, the high price would likely make it prohibitive to smaller organizations."