Tenable Nessus Reviews

We use Tenable Nessus as a vulnerability management tool. It helps identify vulnerabilities in our system, how to address them, and what mitigation steps are required. We can assign high, medium, or low priority levels and schedule scans to run at specific times. The tool generates vulnerability assessment reports, valuable in our organization's environment for continuous security assessment.

We can onboard our organization's access and run scans as needed. We can also share the scan results every year and perform many other tasks with Tenable.

It’s a strong vulnerability assessment tool for management and serviceability. It is a reliable product that helps us identify vulnerabilities in our system effectively. I use it to scan our environment with SSM and generate vulnerability assessment reports.

The dashboard could be improved.

I have been using Tenable Nessus for two years.

Our team has 10-15 people using this solution. It’s a good tool for vulnerability assessment, and we can identify vulnerabilities in our organization. At this time, we can effectively use it within our organization.

I rate the solution’s scalability a nine out of ten.

It is expensive.

I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.

Overall, I rate the solution a seven out of ten.

I implement the solution as a vulnerability management tool for client use cases. It can be used for public factors because it sits right where you have tie in and bleeds over or in between other tools as another piece in the EDR puzzle. The solution identifies vulnerabilities, applies patches, and provides some other EDR results. 

I have also used the solution in environments where customers only want to pay for master's licensing and conduct vulnerability scanning for 100 to 12,000 endpoints. It took 23 days to create a security center from that page with data imports and API plugins. 

It really just depends on what you need, where your money lies, and what you want to get from the solution at the endpoints. 

The solution has a single price for unlimited assets. Value wise, the solution is also great for pen testers and consultants. 

The solution is useful for vulnerability and patch management from both the internal and public facing sides. 

Quick assessments, compliance scores, and results are provided without having to do agents. 

It would be nice for the professional module to include some of the reports available in the expert module. 

I have been using the solution for ten years. 

The solution is very stable so stability is rated a ten out of ten. 

The scalability is not an issue for the solution itself because it is a software. Scalability really depends on your hardware. 

I have not needed technical support. A colleague reported that a licensing issue took two weeks to resolve. A bigger client was trying to buy five licenses and it took two months. It seems most issues revolve around purchasing or upgrading licenses.  

The setup is straightforward. 

I implement the solution for customers. 

The solution has a single price for unlimited assets and offers both professional and expert modules. The professional module is agentless. The expert module costs around $2,000 and includes agents. 

Be sure you have an appropriate amount of time available if you are not running an agent-based system. Pulling in results for 15,000 endpoints takes time because the solution can only fetch data for eight to ten endpoints at a time. You have to scan or you will have network traffic load issues. 

I rate the solution a nine out of ten. 

We have around 500 virtual machines. Therefore, we conduct monthly scans and open tickets for our developers to address identified vulnerabilities. These scans cover the servers, other network equipment, and appliances in our infrastructure. 

One significant drawback we encounter is the tool's tendency to flag patched packages incorrectly. For instance, if a package is patched by Debian maintainers but not updated to a major or minor version, Nessus may still flag it as vulnerable based on its database. This discrepancy leads to false alarms and requires our developers, system admins, and DevOps teams to address them. 

It would be beneficial if it could handle minor additions to versions similar to how Debian manages its patches. This feature would allow it to differentiate between patched and non-patched versions.

I have been using the product for ten years. 

Tenable Nessus is very stable. We encountered some issues with scanning certain network equipment but resolved them by adjusting the parameters. Our main focus is scanning our servers; we haven't experienced any significant problems with that process.

My company has three users. 

We haven't contacted Tenable Nessus for assistance or questions because we haven't encountered any serious issues, and we are generally satisfied with the product.

We chose Tenable Nessus because we primarily rely on open-source products as a publicly funded institution. About ten years ago, we conducted research to determine the best option, and at that time, it stood out as the preferred choice.

Tenable Nessus' deployment is straightforward. 

The product is free. 

I rate the overall product a nine out of ten. 

I am using it for scanning and checking vulnerabilities. I am using the Azure version of Tenable Nessus.

I like this solution because it is complete. It can scan and check many types of vulnerabilities. It can also check for compliance.

It fits very well in my environment. It is very easy to use, and there is a very good cost-benefit of this solution. 

There should be a possibility to install agents on scanned machines. Tenable IO provides the capability of using local agents to check local problems, but this feature is not there in Tenable Nessus Professional. It would be nice to have something similar in Tenable Nessus Professional. We should have the capability to use local agents installed on the machines to locally check a problem.

It is stable.

It is, for sure, scalable. We have 10 or 12 people who use this solution.

We never have any kind of problem or lack of response. I would rate them a ten out of ten.

Positive

It is very easy. It is pretty straightforward.

It has a fair cost and very good cost-benefit ratio.

I would recommend it to others. It does everything that such a solution needs to do. It can check for vulnerabilities and compliance. It is also very easy to use. It is better than its competitors, such as Rapid7.

I trust Tenable solutions. I have worked with Tenable IO a few years ago, and with Tenable Nessus, I had the same feeling that I had with Tenable IO. It is a very good solution. It is more expensive than Tenable IO, but it is a complete solution. 

I would rate it a nine out of ten.

The platform is essential for vulnerability management tasks and integrates with various data management applications.

The product could have unique features similar to Qualys. 

We have been using Tenable Nessus for about a year to a year and a half. We are using the latest version to ensure access to all the latest features.

While Tenable offers a robust solution, the main competitor, Qualys, has some unique features. However, Tenable has a larger market share, indicating that it has undergone extensive testing and development based on customer feedback.

The complexity of deploying Nessus largely depends on the customer's operational environment. If the environment has diverse systems, implementation may be more complex, while a more uniform system allows for easier setup.

The timeline for implementation could range from one week to several months based on these factors.

The product pricing is dynamic and varies based on the specific needs of each project and customer.

Discounts can be offered based on competition and project requirements, making it a relative cost depending on the context.

The solution automates vulnerability checks, which is crucial for our customers who cannot dedicate a team to monitor security issues constantly. It notifies us of vulnerabilities as they arise, allowing us to respond quickly without manual intervention.

It automates the scanning process, allowing us to schedule regular scans, generate reports, and receive notifications about critical vulnerabilities via email. It enhances our ability to monitor the security landscape continuously.

Overall, I rate it a nine out of ten. 

I use Tenable Nessus for vulnerability assessment so that you can scan for CVEs and existing CVEs. Tenable Nessus will show you the latest update on those vulnerabilities and where it needs patches, so it goes hand in hand with patch management. As soon as you scan, you can see whether it needs patching, and if needed, you can go ahead and deploy patch management to address the current issue.

The most valuable features of the solution are the policy and the active scan. The features are different for Tenable Security Center since it is more on an on-premises model. The solution also has features like Tenable.io and Tenable Web App Scanning.

I wouldn't want to change anything about Tenable Nessus since I haven't found or run into any issues in Tenable Nessus.

I like Tenable since I find everything related to the solution simplified and easy to use. You can approach the online community of Tenable when you run into a problem, and there is a bunch of information available there that you can gather and use for troubleshooting purposes.

I faced some problems with Tenable Nessus when dealing with some of our company's customers in China. The problems I faced with Tenable Nessus were related to its dashboard's customization capabilities and its ability to provide data to third-party sources. The solution should offer simplified data-sharing capabilities. Though we have the dashboards and can customize them, the options for customization are available in the templates provided by Tenable Nessus. It might not be possible with Tenable Nessus to add every component a person wants to a single dashboard since they can only choose whatever is available on the templates provided by Tenable Nessus. The aforementioned areas can be considered for improvement in the solution.

I have been using Tenable Nessus for two months. My company operates as a reseller of the product while also having a partnership with the solution.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution an eight out of ten.

Around 90 percent of our company's customers work with Tenable Nessus.

For the solution's technical support, our company directly seeks help from the solution's vendor in Vietnam or Singapore, who are very responsive. I rate the technical support an eight out of ten.

Positive

The initial setup of Tenable Nessus is very easy. You can get the application's installation file and implement it faster than ManageEngine, making it a simple process. I rate the initial setup of Tenable Nessus a nine out of ten.

The solution is deployed on an on-premises model.

With Tenable Nessus, you have a file, and you just need to install it. In the on-premises model of the solution, you have a dashboard or console that you go to, which is like an internal website that you have set up so that you can get access to the on-premises version of the product.

I rate the product's price seven or eight on a scale of one to ten, where one is low price and ten is high price.

Tenable Nessus is a great tool. I believe everyone should be using Tenable Nessus since it is a tool that can be used for vulnerability assessment when companies face some vulnerabilities to find security holes or threats.

I rate the overall solution a nine out of ten.

The tool was used mainly to do network and security scans in some designated areas. It was part of maintaining the ISO 27k certification for some countries, like Turkey, Egypt, and India. Another usage was that we had regular and yearly scans planned as part of policies on some other network areas that would do network management in the central region and Internet-shared network.

Security is the key number because it can start to scan with a few clicks compared to Qualys, which is a bit complicated. So simplicity is the first advantage. Then the generated reports are well done and easy to present to management. The quality of the scan is quite good in detecting the severity. The solution has simplicity. Also, it has frequent updates so that is also a valuable feature.

We've got several versions of Tenable, and the one we use is the professional. It's the only one I know because we did not explore others. It was called Nessus Professional, and it should not be confused with Nessus Enterprise, Tenable, or tenable.sc or tenable.io. In Nessus Professional, the main drawback was that we could have a single-user login password. So it could be better in terms of security. Of course, we could have as many users as we wanted, and we got about fifteen users, but we couldn't distinguish the rules in this solution. If you wanted to allow some people to do a scan of some areas and some other areas, we would have to go through an expensive version. So, with the professional edition, the management of users needed to be improved. We could have a new user-defined.

I have been using the solution since 2003.It has been twenty years.

It is a stable solution.

It is a scalable solution. Fifteen users are using the solution.

The technical support team is good. But one drawback is that they must give more attention to small customers. We had only ten licenses in the professional mode, one of the cheapest.

So we found it easy to get attention and always found the solution.

Neutral

The initial setup was easy.

We paid about six thousand dollars per license.

I evaluated Qualys but the pricing scheme was different so did not go with that. Although Tenable was much more limited than Qualys.

People should use it because it is straightforward and simple. I would rate it seven out of ten, for the simplicity of usage and the quality of the security assessment that is done and the reporting.

Tenable Nessus is vulnerability management software. We install Nessus scanners on all our workstations and laptops. It runs scans to check for outdated software and vulnerabilities. At the beginning of each month, I send notes out to the admins about what needs to be updated, and I check at the end of the month to make sure it's done. 

Nessus helps us keep our software up to date to avoid security vulnerabilities. It's a good tool for auditing our vulnerability management. 

My favorite part about Nessus is that you can customize the tool to scan exactly what you want. Microsoft releases new patches monthly on Patch Tuesday, and a lot of companies track that date. I set up Nessus for the day after Patch Tuesday to see which devices have already pushed those updates from Microsoft, so we can stay updated. 

Tenable stays on top of new IT trends in vulnerability management because there's constant innovation. They keep up with the industry. In the past few years, everything has shifted to cloud-based servers. It's a long-term trend that COVID accelerated. Tenable came out with a tool for that. 

Nessus  is pretty stable if you have a disaster recovery plan in place. We've never had an outage. The stability depends on the servers where it is running. 

You can scale Nessus to the extent that you can afford it. You need to have a license for every device you scan. As long as you can afford the increased costs, you won't have a problem scaling it.

I rate Tenable support 10 out of 10. They're top-of-the-line.  It's the best support I've worked with so far. 

Positive

I rate Tenable Nessus nine out of 10. I recommend creating a Tenable Community account. Tenable uses that for support, but they also have a massive library of training videos that they call Tenable University. You can also access the Tenable Community forums where experts and general users can share information and ask questions. 

Tenable is for scanning the vulnerabilities on the endpoint. That's the prime use case. It can also be extended for scanning web publications, et cetera. 

Nessus is a very stable product. And it has been a pioneer and has been around for a long time. Their vulnerability dashboards are very good to use.

It is easy to set up.

The solution can scale well. 

The pricing is reasonable. 

While the pricing is quite good, any client would, of course, like it to be a bit less. 

We'd like to see the solution embrace more user-friendliness. That said, currently, we are happy with the product.

I've used the solution for a while. it's been a couple of years. 

It is a stable, reliable product. The performance is good. There are no bugs or glitches. It doesn't crash or freeze. 

I have found the product to be scalable. 

We generally don't have a lot of requirements for tech support with Tenable. We have been using it for so long, we have received quite a good amount of training from them at this point. Therefore, we don't look for a lot of tech support.

The setup is quite straightforward and simple. I wouldn't describe the process as overly complex. 

The deployment time depends on how the endpoints are distributed. If it is a single one within one country and one region, it is very fast. We can do it in less than three months.

We are consultants. We can assist users with the setup process. 

It's not an overly expensive solution. It's pretty affordable. 

Users pay an annual licensing fee. 

I'm a consultant. 

We can deploy the solution either on-premises or on the cloud. 

I'd advise potential new users to look at what the landscape is. And based on the landscape, they should be able to fit the product. You need to first consider your strategy and build towards that. We would recommend this solution to others if it seems to fit their needs. 

I'd rate the solution nine out of ten.

Our company uses the solution for vulnerability scanning. 

The solution is easy to understand for users because instructions are included on the platform. 

Scanning capabilities are vast with built-in configurations that are pre-coded for various types of servers. 

There are very few false positives reported. 

It is easy to access and share reports. For example, consultants can extract reports, remove columns if needed, and share final copies with clients. 

Vulnerability recommendations are outdated and not in line with industry standards. 

The reporting tool should allow fancier customizations such as pivot or formula-based options. 

Cloud reviews should be a focus because AWS is taking over the market. 

I have been using the solution for three years. 

The solution is very, very stable and is considered the leader in stability. 

The solution is very scalable and we have it on every server in our organization with no issues. We only provide user-level access to our security teams. 

Technical support is very good and responsive. 

A few months back, we utilized their assistance for configurations on a custom EMI. They were very helpful and indicated the next upgrade would include a checklist and benchmarking documents for manual completion. 

The setup is very straightforward. 

The implementation was handled by Tenable. There was a one-time installation cost of $500-$1,000 which was nominal for our large organization. 

Tenable either connects virtually or comes onsite to deploy the solution across your entire network.  

Routine maintenance is performed on a local machine with no server needs. This occurs about three times a year by our in-house team. 

Our organization is huge so our license costs $30,000. We are one of the biggest financial sector groups in India, so are charged appropriately. 

Pricing is rated a seven out of ten because it is reasonable but always could be cheaper.

We use both the solution and Qualys which are leading tools in the industry.

Qualys is a complicated tool for users because it does not include easy-to-access instructions. It also reports more false positives. 

The solution is easier to use and includes instructions for running scans. 

Overall, the solution is a better tool than Qualys. 

The solution is a great tool for automation and reducing your team's efforts. If you have the budget and knowledgeable staff, then I recommend you use it. 

I rate the solution an eight out of ten.