Tenable Nessus Reviews

We mainly use it for scanning for vulnerability on our hosts, like network devices and servers; to find the vulnerabilities and do remediation. We monitor Windows and Linux workstations.

It helps us limit our vulnerabilities and to reduce exploitations.

Tenable also helps us focus resources on the vulnerabilities that are most likely to be exploited.

Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities. I can export reports to Excel to adjust them and it's a convenient way to send them to my manager. We actually use the report feature to identify all the vulnerabilities on all the hosts.

• The prioritization is done quickly and is good.
• Their VPR is good.
• I'm also able to find its features easily.

We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux.

Also, Agent scanning is more efficient than credential scanning but Agent scanning is more expensive than credential scanning. I prefer, mainly, the Agent scan over the credential scan, it's better. But we will continue to use the credential scan. I would like to see Tenable make some improvements to the credential scanning; more vulnerabilities, because most of the problems have occurred on Windows Server. We have some scanning issues.

We have been using Tenable for just over a year.

It's always working, no crashes.

We can add more scanners to the scan zone. We can also create different organizations in terms of scanning, so I think the scalability is good.

We use Tenable on 300 servers. In our office we have two or three people using the solution who are network security engineers. Two or three people are enough to take care of deployment and maintenance of Tenable.

We have plans to increase our usage. We want to increase our licenses up to about 1,000.

Technical support is good. I get responses quickly and they provide quick resolution. I can look at their community to find questions or the problem. The support is good.

Before Tenable, our global team used Qualys, but I myself didn't use that. The switch to Tenable was decided on by our U.S. team. It was a global strategy to move to Tenable.

The initial setup was good, not complex. We had the guides from Tenable to guide us through the setup. It took us two days, but one day should be good enough for the initial deployment.

Originally, we wanted to scan all our servers from multiple clouds and also on-premises, to scan the local network.

Tenable mainly works on vulnerability scanning and prioritizing.

Our primary use case of this solution is scanning of our external websites.

The feature I find most valuable is the vulnerability reporting.

I would like to see an improvement in the ranking of high, medium and low vulnerability.

The solution is very stable.

Tenable Nessus is a very scalable solution. We have over 50 devices running on it currently, and over 50 locations. And we plan to increase our usage in the future. We use our existing team for maintenance, so we didn't have to increase our headcounts. One person is enough to do the maintenance.

The technical support is good.

I will say the initial setup was not straightforward, and not complex either. It's medium. Technically it's not too complicated, but if you work with a good partner, they can help. The deployment took us about three to six months.

My advice to others would be to include post-implementation support for six months from the vendor to help with the fine-tuning. I rate this solution an eight out of ten. In the future, I would like to see better reporting for high impact vulnerabilities.

Nessus was used to scan vulnerabilities and compliances in our clients' networks and with this, carry out the remediation process through constant cycles in time until threats to the network are considerably reduced. The environments are small business networks (less than 50 employees), and so far there have been no major impediments in the scans performed.

Nessus has greatly improved the security of our clients' networks. The comfortable management of their systems makes it easier for engineers to use the codes for each vulnerability or compliance. Deploying the server to launch the scans is very easy, and only the necessary prerequisites for scanning should be fulfilled. Nessus has been very valuable to the company.

The comprehensive coverage offered by Nessus has been the most remarkable; it really does everything that has been asked of the software.

It's great, the possibility of automating implementations and really your database is immense for all the compliances and vulnerabilities.

Tenable University is great and allows to train all the personnel in charge of making the scans in an optimal and effective way.

• I think that the next versions could improve the graphical interface to make more intuitive the management of the reports. 
• Additionally, it could include better features in the vulnerability scan at the language level.

Nessus is very stable and really works in diverse environments without any difficulty. The most important thing is to establish the necessary requirements.

Scalability of this type of software does not seem so relevant.

The Tenable support is very good and has really solved in a timely manner the problems that have occurred in the various projects.

In the company, Qualys was used, and it was not possible to manage the projects with this tool.

Quite simple and comfortable.

Internal team.

Phenomenal.

The costs are not high, considering all the support and service offered by Tenable.

Scans using agents are very useful, and taking advantage of them is the best way to take advantage of the tool.

Primarily, I use this for assessment and administration testing.

I find the features that are most valuable are the policies that help us identify the vulnerabilities. These policies are then used for scanning and identifying instabilities.

The reporting functionality needs improvement. I think it would be beneficial to have a high level explanation for a particular user. 

It is very stable, based on our past experience. We have had some false positives in the past, which we hope can improve in the future.

The scalability is fine. It is tied to the licensing agreement. We currently have 20 people using this tool in our organization. It is primarily used by people in our cellular team. If we see a need to add more users in the future, we will renegotiate our licensing agreement to do so. 

We have not needed to contact tech support much. We contacted them about the false positives, and they were helpful. 

We also evaluated Netplus. 

The installation is very straightforward and easy. We did not use a third-party installer. 

I think the price is fairly affordable. It provides a license that is fair.

My primary use case of this solution is for scanning internal networks.

We use Tenable Nessus for scanning. We find lots of vulnerabilities and then we reduce the time spent on finding inbox vulnerabilities. Of course, Tenable streamlines the process. It has been a positive experience overall.

Tenable can scan for missing patches for the endpoints. We can scan it and then, once we can support any endpoint without patching, we inform our users.

We wanted to do a lot of Hardening and we have to make sure that all endpoints are up to the certain Hardening standard and we propose the CIS benchmark to do this. That's why we use Tenable to do scanning frequency and to ensure the quality of the endpoints.

This is still a maturing product. Tenable is only a scanner for one ability, while other solutions like Rapid7 have more tools for verification. We still have to manually verify to see if the vulnerability is a false positive or not. 

It is stable. We have not had any major issues. It performs as scheduled and scans as needed.

In terms of scalability, there is an issue with cloud servers. You need the internet bandwidth to do the testing. They consume a lot of bandwidth and they use the cloud scanners for the scanning. 

I usually use the dashboard for support. It shows the critical vulnerabilities from low to high. They are very responsive when necessary. 

The implementation was straightforward. First, we noticed whether everything was ready, then we got a license key, set up some basic scanning using a default template, and finally, we scheduled time. 

The price of Tenable Nessus is much more competitive versus other solutions on the market. 

We were manually scanning before using Tenable Nessus. We looked at Rapid7 but we are satisfied with Tenable Nessus. 

I would suggest that people considering this solution should choose the cloud-based solution versus the on-premise version.

This is something that allows us to quickly get a really important information context. We can now deliver highly professional consulting using the product.

From my point of view, the solution basically is not for large enterprises. I also think there should be built-in plugins for the public cloud vendors.

I'm happy with stability, there's no problem from my point of view.

For an average sized company or for smaller enterprises, this solution is suitable. But, for large enterprises it's not a good choice. We have one customer with more than 5,000 servers. I do not think it will be suitable for that customer.

We communicated via email to solve our issue. The experience was quite good for us.

We switched because our previous solution was too expensive for us.

My advice when choosing a vendor is to always consider:

• Trustworthiness
• Quality
• Price

We looked at Tenable, Qualys and Rapid7. We found Tenable was the best of all three.

I use Tenable Nessus to evaluate the security posture of multiples acquisitions before integrating them to our network.

Tenable Nessus has helped us visualize the security posture of acquisitions. It provides actionable recommendations to the implementation team towards security remedies.

I have found the remedy recommendation feature helpful, as it:

• Provides multiple recommendations towards the remedy of vulnerabilities.
• Allows me to prioritize efforts and utilize effective technical resources.

• They should improve the I/O reporting and the customized spreadsheet export feature.
• Multiple steps to create an actionable plan will be a great addition to Nessus.

I primarily use Nessus for vulnerability management, including scanning, identifying, and assessing risks.

Nessus' most valuable feature is vulnerability management because it helps to discover vulnerabilities proactively and integrates with patch management solutions so you can push patches.  

Nessus' reporting could be more user-friendly.

I've been using Nessus for more than three years.

I would rate Nessus' stable five out of five.

Nessus is scalable.

Tenable's technical support has a very good turnaround time.

The initial setup is straightforward, and deployment takes up to five days.

The ROI from Nessus is good - it allows us to proactively discover vulnerabilities and deploy patches before the worst-case scenario happens. I would rate the ROI five out of five.

Nessus is affordable, but its licensing model could be improved with more flexibility for adding assets.

I would advise anybody thinking of implementing Nessus that they should be competent with risk management language and do some training on the solution, otherwise, they won't understand anything. I would rate Nessus ten out of ten.