Tenable Nessus Reviews

I use this solution for OS auditing, database auditing, virtualization, and following how closely it follows our CI or TISA benchmarks. We also use it for malware and ransomware risk and for carrying out assessments. We purchased this product from a local partner that has a premium partnership with Tenable. I'm a cybersecurity and compliance lead engineer.

The solution makes ransomware checking and OS auditing and implementation relatively easy. It covers most of the requirements for benchmarks for all sorts of widely available required configuration settings in the technology industry. It's also very user-friendly, easy on the eye, and saves a lot of time. It provides us with reports that perfectly satisfy compliance requirements, whatever the device or configuration settings. 

There is very little to improve but cloud security tests would be something helpful to have. Tenable could also offer some penetration testing-related services, which would be beneficial.

I've been using Nessus for three years. 

It's a very stable solution. 

The solution is scalable. I use it for around 4,000 servers on a daily basis.

The technical support is good. They offer expensive professional support, but I generally use the website documentation to fix things. Compared with other companies, they provide very good support. 

Positive

I previously used Qualys and had a bad experience. It's not very user-friendly, licensing was difficult and deployment painful. I also used Rapid7, and I think Nessus is more user-friendly than both of those products. 

The initial setup was very easy and took just a few hours. It's important to plan wisely before implementing. Know how many servers you have and try to project your future requirements so that you can estimate the total number of IPs you require. If the forecast is accurate, the solution is cost-efficient. We used consultants from Singapore and they installed some agents in our on-premise servers. Maintenance is very easy.

The global situation is very unstable and the dollar price has already increased significantly in our country in the last three or four months so everything has become expensive. Licensing is very competitive in our local markets and there's a lot of haggling that goes on. The option of a three-year license would be most beneficial for us because of the huge variations in the dollar. 

I rate this solution nine out of 10. 

Tenable is for scanning the vulnerabilities on the endpoint. That's the prime use case. It can also be extended for scanning web publications, et cetera. 

Nessus is a very stable product. And it has been a pioneer and has been around for a long time. Their vulnerability dashboards are very good to use.

It is easy to set up.

The solution can scale well. 

The pricing is reasonable. 

While the pricing is quite good, any client would, of course, like it to be a bit less. 

We'd like to see the solution embrace more user-friendliness. That said, currently, we are happy with the product.

I've used the solution for a while. it's been a couple of years. 

It is a stable, reliable product. The performance is good. There are no bugs or glitches. It doesn't crash or freeze. 

I have found the product to be scalable. 

We generally don't have a lot of requirements for tech support with Tenable. We have been using it for so long, we have received quite a good amount of training from them at this point. Therefore, we don't look for a lot of tech support.

The setup is quite straightforward and simple. I wouldn't describe the process as overly complex. 

The deployment time depends on how the endpoints are distributed. If it is a single one within one country and one region, it is very fast. We can do it in less than three months.

We are consultants. We can assist users with the setup process. 

It's not an overly expensive solution. It's pretty affordable. 

Users pay an annual licensing fee. 

I'm a consultant. 

We can deploy the solution either on-premises or on the cloud. 

I'd advise potential new users to look at what the landscape is. And based on the landscape, they should be able to fit the product. You need to first consider your strategy and build towards that. We would recommend this solution to others if it seems to fit their needs. 

I'd rate the solution nine out of ten.

We use this solution for network and device scanning. Massive scanners have been integrated with the security center. We scan devices and pull the report from the security center. We publish the report to respective stakeholders, and we maintain the reports for our records. The reports show vulnerabilities, plugin text, and plugin outputs. We analyze the report and try to close the vulnerabilities identified in the scan.

The solution is deployed on-premises.

There are about 10 people using this solution in my organization. They were part of the security team and were doing the scanning and remediation. I led the team and dealt with any challenges.

My organization is a service provider. We provide security services to clients.

The vulnerability scanner is the most valuable feature. It's an important feature for us. We use the plugin output for that. It shows us the exact version of Nessus and what is needed for remediation. Based on that, we decide what should be remediated first to get the best result for security.

The agent scanner is a valuable feature. We also do credential scans, which gives the equivalent report. In the log project situation, we receive very good support from Nessus. They have built one policy for the log project itself. With the help of that policy and the plugins specified for the log project, the scans were faster for that project.

If we run a scan, it will usually check all of the plugins, which is a time-consuming process. We received help, and we had one plugin for the log project. That was for checking the log project only because we were already done with the complete scan.

I would like to see more on the automation side. There should be proper tools and support for automation in Tenable itself.

I have used this solution for more than four years.

It's a stable solution, but we noticed that the agent wasn't being updated. This means we have to update it manually and run a few commands to get the service running. If the solution isn't updated with the latest version, it will go offline.

We receive very good technical support from the team in India. We're very happy with them. I'm also in touch with some people from Tenable India. They helped me understand the requirements and the solution's latest features.

I would rate technical support as four out of five because they could always improve.

Initial setup was easy. That's why I proposed the solution to my current organization. 

The deployment process completely depends on approvals and how we're getting the procurement of hardware and the licenses. It depends on the organization.

The solution is worth the cost. It's a good investment. 

I have also evaluated Qualys. There were some missing features, so we weren't able to detect vulnerabilities related to specific software, like Adobe and Java.

I have also used Tenable.sc.

I would rate this solution as eight out of ten. 

For those who want to use this solution, my advice is to go to Tenable's website and read about the solution so you can properly understand its features. There are demo videos too. That will help you make a decision about whether you want to use the tool or not.

I would definitely recommend this solution to others who want to use it.

We use Tenable Nessus internally for our vulnerability scan and dynamic vulnerability assessments.

Tenable Nessus has helped us with better visibility of the current security posture of our infrastructure and helped us be proactive about remediating those findings.

The most valuable feature of Tenable Nessus is the support it provides for any new vulnerabilities quickly.

Tenable Nessus application device assessment is one of the top tools. However, in the application security assessment, there are other tools that provide better, and more accurate findings.

In a future release, I would like to see all SC reporting features included in the Professional version.

I have been using Tenable Nessus for approximately five years.

Tenable Nessus is stable.

The stability of Tenable Nessus is good.

We don't have a very big security team. It's four or five people who are using it.

We have used the support from Tenable Nessus. The support was relatively good.

The initial setup of Tenable Nessus was straightforward, we did not have any issues.

The deployment of Tenable Nessus was done in-house.

The solution is not difficult to maintain at the scale we are working on it.

We have seen a return on investment by using Tenable Nessus.

The newer tools are quite pricey. There is a case of some fine tuning that can be done in terms of licensing. The IP based licensing that is offered makes the tool very expensive. If they want the IT industry to adopt it, the price should be looked at.

For the professional the cost is reasonable. However, if you go to an HC or IO platform, then the price is high. Even though the scan engine is the same, the additional features for dashboarding and reporting should not cost more than the solution itself or the intelligence of the tool to identify those findings.

There are not any fees

In terms of the identification of vulnerabilities, this is a good tool. The engine it uses is accurate. However, it depends on which tool out of the stack you would use, and the scale of the infrastructure.

I rate Tenable Nessus a seven out of ten.

We are using the product for CIS benchmarking on our systems.

Our primary use case is basically understanding whether our systems are compliant with the CIS benchmarks in terms of system hardening. What Tenable Nessus does is it can run a scan on the systems and it gives us a report in terms of what properties or settings on the systems are in compliance and what are not in compliance. Then we can review that and go back and improve the systems in terms of those settings.

What I like about it is the fact that it can figure out what changes we need to make on our systems to ensure that they're hardened properly.

The initial setup is not difficult. 

Once you get past the initial implementation, the solution is very stable. 

It's scalable. 

So far, it has been fulfilling the requirements. From that perspective, there is not a lot that I would want to improve in the features that we are using it.

They could make their reporting a little better. Maybe they could do some more integrations with certain other tools to extend it or make the reporting better in the sense that it could probably generate some alerts or something of that sort. It could do some real-time reporting. If there are any policies that are changing or getting violated, they could probably generate some alerts, which could involve the on-call on my side so that I could take immediate action. That could probably be one thing that they could introduce.

We've used the solution for about a year now. It hasn't been that long. 

Initially, we had some issues. Initially, we were not very confident about how to configure certain things. Once we had integrated and deployed the product, we needed a few support calls to fix the system properly in our environment and since then it has been smooth, I would say. The stability is now good.

The solution can scale. 

We have very few users. It's basically based on the number of systems that we need to install it on in terms of scaling. That's something that probably is more than the number of users who actually access the system. It's largely used by the security team.

We do have plans to increase the usage of Tenable Nessus organically. As the number of systems that we use is dynamic in nature, it likely will keep going up and down over time.

We've dealt with technical support on and off I would say. We keep talking to the technical support at times to get some insights on any new features that are coming in or in terms of how to use a certain feature that we are probably trying to introduce or something of that sort.

We were not using any other products before this.

For the initial setup, I need to deploy an agent on my systems. It's pretty straightforward. It's not very difficult.

I'm not really sure about how long it took, however, my understanding is it didn't take too long for our system. It was maybe a few minutes per system or maybe half an hour per system. Not more than that.

We did not use a consultant or any integrator for the deployment. We did it in-house. 

There were a couple of people on my team who were able to set it up for us.

I'm not aware of the licensing cost.

I'd recommend the product to others. If a company wants to use it for system analysis as part of the benchmarking of the systems or if a company wants to do security benchmarking, they can use this. They should be able to use the tool.

I'd rate the solution eight out of ten. 

Tenable Nessus can be deployed on-premise and in the cloud.

Tenable Nessus is a vulnerability scanner to find vulnerabilities. The solution finds the vulnerabilities in our environment and then we send those vulnerabilities that are found out to the SMEs to be fixed.

Tenable Nessus allows us to keep up on fixing the vulnerabilities that are either being exploited in the wild or the ones that we find most critical.

The most valuable feature of Tenable Nessus is vulnerability detection.

Tenable Nessus could improve reporting and information sharing. It would be helpful if we could share the reports and have a little bit better flexibility in the reporting of the data.

In the next release, they should add some more integration with other security solutions that would be helpful.

I have used Tenable Nessus for approximately 10 years.

The stability of Tenable Nessus is very good.

Tenable Nessus is highly scalable.

We have a couple of administrators and vulnerability analysts who run scans, and read-only accounts for the SMEs who fix vulnerabilities, and an executive role for management to view the data.

We use Tenable Nessus extensively, we have scheduled jobs running all the time. We do scans on all the systems on our network, and we are always making tweaks.

I rate the support of Tenable Nessus a four out of five.

I have not used another solution previously to Tenable Nessus.

For our deployment of Tenable Nessus, there are elements of complexity. However, the complexity depends on the use case. The solution is not that difficult to implement, the complexity comes from the many things that are involved. You do not need to be an expert there are many parts that need to be set up.

We had Linux servers built and the Tenable Nessus software was installed on top of that. It was relatively simple as far as that goes.

I rate the ease of setup of Tenable Nessus a three out of five.

We did the implementation in-house.

We have two administrators and one SME that does the supporting of Tenable Nessus.

It is difficult to show or rate ROI from a security standpoint, it is similar to having car insurance. When there are vulnerabilities out there, we can quickly look because we're scanning all the time at what our vulnerabilities are. Tenable Nessus is used for keeping our infrastructure safe.

Tenable Nessus needs to be licensed. We own a license for the security center and that license is charged by the number of IP addresses that you can scan. You're allowed to have as many scanners as you want and there's no license for the number of scanners. We have a bunch of Nessus scanners out there, and as long as we're comfortable with staying under that IP address limit, that's really all we have to be concerned about.

We pay a monthly maintenance fee, which is reoccurring.

We did evaluate other solutions before choosing Tenable Nessus, such as Rapid7. We choose Tenable Nessus because it was used by more customers and it seemed at the time to be more straightforward.

Security is complicated a subject. There's a lot involved in Tenable Nessus, but the solution is easy to run and manage and we have had a lot of good success with it.

I rate Tenable Nessus a nine out of ten.

Over 15.000 active assets|inside 10 companies belonging to the group, the biennium recurrent project mapped the real situation, in parallel with photography of IT/Security maturity through three main domains: processes, people, and technology. 5 TOEs: Infrastructure, Databases (SQL and Oracle in deep), AWS Cloud, Connectivity (Routers, Switches, and Firewalls against/based CIS) and Web Application instances (partial tests). Nessus running over a hardened Linux customized with HA (High Availability).

Nessus has more plugins/add-ons, tests, and templates than previous tools (OpenVas) and it is faster and customizable using CLI/API features. It offers enough resources for an interesting cost-benefit rating (for small and medium companies) and minus false-positive events per type of asset. 

It helped us to quickly produce a QuickWin report that guided the VulnerabilityMgmt actions and plans within the company's during the next 3-5 years using the same tool/investment/team for all companies inside the de group.  

Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips in the documentation), tests against cloud providers, database profiles, several types of telecom devices, and other highly customizable scans. You can scale your environment to gradually increase the quality, depth, and quantity of the tests, enabling you to learn and gradually optimize your vulnerability management platform(s)/instance(s). The possibility of integration with other market tools (Kenna, Archer...) is another differential.

- Add the possibility to customize attributes that define the assets critical level based on the company's "business sense".

- Improve integration and tests for OT platforms, OT application, OT hardware, and non-Ethernet protocols.

- Improve the exchange of info/insights/attributes with RM (Risk Management) domain.

- Offer a more flexible strategic and high-level dashboards based on previous comments (minus technical and more business-oriented)

- Model OS costs (and its segregation schema for individual modules).

7+ years with Tenable and more than 15y with others.

Excellent. No one problem during operation time and deployment.

Enough (faster than OpenVAS engine).

It SLA/support are enough. 

Neutral

OpenVAS. We reached the previous level/threshold/maturity using OpenVas (more limited tool when compared with Nessus). I/We believe that, the change to a better tool (in this and in others categories) should be carried out when these indicators are reached.

Very simple and fast.

In-house.

Good. Nessus Pro combined with other xLAP solutions to offer a presentation/grouping layer is great. Using SC this curve/point of ROI is slower.

Start small, learn about your problems/fixing time and grow up gradually.

Several. OpenVas, Rapid7, Qualys, CORE* and Retina.

A cost/benefit interesting tool.

We are using Nessus Pro. Our operational security team is using it at the moment. It is being used in a couple of ways. In one instance, it is being used purely to scan the internal infrastructure. In the second instance, we're using it to scan the entire network range, including all endpoints. In the third instance, we're using it to do PCI DSS compliance scanning.

It does exactly what you expect it to do, and its pricing is great. We couldn't really ask for a better deal.

The interface is a little bit clunky, and the reporting is not marvelous. There should be better integration of reporting between instances. Currently, the instance stands alone, and it produces a report. Being able to amalgamate those reports with another instance will be useful.

It has never let us down from a stability point of view.

It is really scalable. It is great.

We have six people who are actually interacting with the tool itself, but obviously, it has been deployed against thousands of endpoints. There are three different roles of those six users.

They are very good. Their formal support and the wider community support are excellent.

We've used Rapid7 in the past. We switched because of the value for money and the fact that it feeds into the Tenable.io platform, which is where we ultimately want to be.

It was straightforward and fast. It literally took a morning.

It was done in-house. For its deployment and maintenance, there is just one person. He is an information security analyst.

Its pricing is great and can't be improved. It is very cheap. It is less than 2,000 pounds a license, and you can't really ask for more.

It has unlimited IPs and unlimited scans. There are no particular pricing constraints. The only additional cost is the inherent cost of the people to actually review the actual scans.

My advice to people who are looking into implementing this product would be to just go ahead and do it. Don't be frightened about it. It is great. It does exactly what you'd expect it to do. You can use it as a stepping stone to the other Tenable products.

I would rate it a nine out of 10. It is a lovely product. It just does what you need it to do, and lets you get on with your day.