Tenable Nessus Reviews

Our customers are using this solution. They scan their network, and they get a report about vulnerability assessment tools and solutions.

It's deployed on-prem.

It gives you an unlimited IP scan. It's a cheap solution compared to Rapid7 or Qualys. It's very user-friendly. Customers can easily scan their network.

I would like to have a management option after the network scanning.

The difference between Nessus and Rapid7 is price. Nessus is a very cheap solution compared to Rapid7 and has unlimited IP scanning facilities, but Rapid7 doesn't have this option. It has IP limitations. Rapid7 has some models based on how many IPs the customer wants to scan, and the costs depends on that amount.

The cost is around $4,300 per year. Use is unlimited. You don't pay more if you want to use it for another IP.

I would rate this solution 8 out of 10.

We primarily use the solution for our customer vApp, the dynamic application testing using NetWeb application and security and the infra scanning. It allows us to do a weekly scan for our customers. 

The solution was a great help during the pandemic for closing down all those open vulnerabilities. Continuous scanning of the infra was helpful for identification on the web applications level.

The solution is the most dynamic one I have seen thus far. It is one of the best available solutions. It is the best vulnerability tool that is available at present. 

While Tenable Nessus is a good enterprise solution, the high price would likely make it prohibitive to smaller organizations. 

We feel the licensing cost to be too high for our customers and us. 

EQA's and dashboards should be addressed in the next release. 

We have been using Tenable Nessus for four or five years. I believe that our practice team is doing so. 

The solution is highly reliable. 

Scalability is not an issue. 

Tech support is good. I think we are now partnered with Tenable.

The initial setup was straightforward. The solution was very easy to set up and configure.

We have a yearly subscription license. 

We have a partnership for filling Tenable Nessus as a manager product for our customers. 

Though it is a good enterprise solution, it is likely too highly priced for smaller organizations. 

We feel the licensing cost to be too high for our customers and us.

We have both on-premises and cloud-based deployment in our organization. 

The solution is good. 

I rate Tenable Nessus as a nine out of ten. 

As new upgrades to the software come out periodically, I am currently using the latest version. 

I feel comfortable with the solution's vulnerability scanning capabilities.

While the solution is great for scanning servers, its features are limited when it comes to scanning network devices for vulnerabilities. 

I have been using Tenable Nessus since 2015. 

I can say that I am satisfied with Tenable Nessus' support and customer relations, which is why I'm still with the solution.

Technical support is very user-friendly. Upon entering their forum I can easily find the answers I seek, which I feel to be understandable and helpful. I have not any issues with the software that would have given me reason to engage technical support. 

I did not use an alternate solution prior to Tenable Nessus and have been using it since the inception of my career in information security. 

The installation of the solution was extremely easy. 

There was no need for me to involve my system administrator in the installation process, as I was able to handle it on my own. It is easy to install the solution on any server. 

The price is reasonable. 

I am actually using the solution in three or four different organizations, including Engro and Martin Dow. 

There are two or three people using the solution in my organization on an ongoing basis in key dedicated positions. 

As Tenable Nessus lacks adequate network vulnerability scanning features, I rate it as a seven out of ten. 

The scanning capabilities are most valuable when compared to Nessus.

I think the reporting templates could be improved with Tenable Nessus.

I have been working with Tenable Nessus for the past year.

Tenable Nessus is scalable.

Technical support always replies back on Mondays and it depends on the open support cases.

The setup is straightforward. It takes about five to ten minutes to deploy and it is easy.

I would rate Tenable Nessus an eight on a scale of one to ten.

We use Tenable Nessus when we are preparing our audit where we need to do an initial scan of our customers' platform to see if they have any critical issues.

The reports are pretty nice and easy to understand.

The price could be reduced.

I have been using Tenable Nessus for approximately 20 years, since the time that it was first released. 

This solution is stable. We do not have any issues with the stability of this solution.

It's a scalable product. We have approximately 300 companies.

I have yet to contact technical support. The users within my team are technical people, and if they have an issue, they can resolve it themselves using the knowledge base.

The initial setup is straightforward. It is very easy.

It takes less than 10 minutes to install.

I am the consultant.

We have a team of two to three to deploy and maintain this solution.

We have a subscription, the licensing fees are paid yearly, and I am using the latest version.

The pricing is fine, but it could be cheaper.

So far, I am quite pleased with this product and don't have any complaints. I would recommend this solution to others who are interested in using it.

I would rate this solution a nine out of ten.

I have been using Tenable Nessus for my personal use. It works well.

I am using this solution for testing.

The most valuable features are that it's fast, it's easy to use, and it provides good reports.

The only thing that I don't like is KBs information. For example, if we scan our workstation and you go to the results report that Nessus provides, we are going to see a lot of KBs as remediation. But in most cases, the KBs are always superseded.

Also, we are not able to apply those because Microsoft has already released a new TB. 

Nessus is not doing a good job in updating its remediation section of the reports.

Remediation needs improvement. They are providing a lot of superseded KBs as remediation.

For example, when you share that with several team members or with one individual, and you ask them to work on this, they reply with Microsoft already has something new.

I have been using Tenable Nessus for approximately two years.

This solution is stable. I have not experienced any issues. It worked fine.

It's a scalable solution. I have not had any problems.

I am the only person using this solution.

Technical support is good. They provided information that is needed.

Previously, I was not using another solution. I use Nessus through a course that I was taking in the security field.

The initial setup was straightforward.

We did not use a vendor or vendor team to implement this solution.

I have evaluated one other solution, but because of my company policies. I can't share that information.

Tenable has Tenable.io, and I believe that they have the remediation updated, but Tenable Nessus Professional does not. I don't think that they will continue to keep it available in the market. They should probably decommission it.

Remediation is better in other tools than with Nessus.

For anyone who is interested in this solution, they should test the scan timing to see if it consumes a lot of time or not.

Research the remediation information to see if it is okay, or trust proof or not.

The reporting works well and it allows you to share. Also, support is important.

I would rate Tenable Nesuss an eight out of ten.

We primarily use the solution for vulnerability management. We also use it during our IP scans.

The VPR scores are the solution's most valuable aspects.

The plug-in text information is quite useful.

The solution can scale well.

We've found the solution to be quite stable.

It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear.

We find that the solution causes several issues due to the fact that it runs even before it calculates, the asset in prevention. 

I can't think of any features that are lacking.

I've been using the solution for one to two years at this point.

It's stable. I don't have any major complaints. It doesn't have bugs. It isn't affected by glitches. It doesn't crash or freeze on us. It's reliable.

We have about 100 direct users who are logging onto the solution on a daily basis.

We don't plan on increasing usage at this time.

We have been able to scale it in the past, however, and a company that needs to expand it should not face too many issues doing so.

We've worked with technical support in the past, and we've found them to be quite efficient. They are knowledgable and responsive.

We previously used McAfee and switched over completely at the end of May.

We had some help with the initial setup. We were able to use our vendor's expertise and have them walk us through any issues we had.

However, we completely handle the maintenance now that is it up and running. We have admins who deal with any upkeep.

The vendor assisted us in the initial implementation.

I don't have any information when it comes to the cost of the solution. It's not part of my job to deal with billing or payments, so I don't have any visibility on the cost structure.

We are simply customers. We don't have a business relationship with Tenable.

We're using the latest version of the solution.

I would definitely recommend this solution. It's the best that I've used so far.

On a scale from one to ten, I'd rate it at an eight overall.

I use it for performing vulnerability scans for both my environment and for clients. I provide fractional CISO consulting services. As such, I will perform a vulnerability scan on an environment before I say "yes."

Everybody has to have a vulnerability scan. You should do them periodically which, to me, is monthly. It's just good practice to perform that scan monthly and whenever there's a major change, to make sure that you don't have any open environment. 

I monitor web servers, database servers, app servers, desktops; everything you'd find on a network, besides switches and routers. I don't have that, but I monitor any Windows- and Linux-based nodes.

I went to a client's site and I ran the report. They had a number of fives, fours, and threes. With that information, we were able to remediate the fives, fours, and threes down to a couple of threes.

It also helps to prioritize based on risk. If it provides a notification that you have an older operating system out there, for example, obviously you would have that as a higher risk and wish to remediate that above any and all other risks. It details what that the risk is and what you should do about it.

The solution helps to limit cyber exposure. By running it on a monthly basis, you tighten the window of opportunity for any nefarious individual to get into your environment. Industry standards say that you have to do it quarterly or yearly and I do it monthly, so I think I'm in a better position to secure the environment.

The solution reduces the number of critical and high vulnerabilities which need to be patched first. In terms of a percentage reduction, it's more of a detective control, along with the preventative control. I can't give you a percentage. It reduces the risks by providing the information that you can react to, quicker than finding out that you've been breached.

Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully. 

It also has an executive report where you don't have to provide the client all the detail for them to sift though. But if they wish to dig through the detail they can.

The predictive prioritization features are spot-on. I enjoy how it actually gives me a prioritization that I can address and it associates it with a known vulnerability. I like that.

One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that. Or, if they change the product itself for you to add comments of remediation efforts and allow you to sort on that and report on it, that would be helpful. Most of us would rather not have that information out in the cloud. We'd rather have it in-house. It would be better if you could provide it in an Excel spreadsheet for us to work with.

I've been using it for four years.

It's very stable. It hasn't aggravated my environment, so I'm happy with that. It's up and running. It runs all the time.

Scaling is easy because it goes out and examines the network and identifies all the nodes that are out there. You don't have to worry about scalability, per se. It's just another node that it adds to the list, so it's easy.

It's being used for under 500 nodes. I would like to increase it if possible, but I have no plans to do so.

Before Nessus, I used Qualys. I switched because the reporting in Nessus is better. The reporting in Nessus is more executive-friendly. When giving information to clients, I don't need to repackage it. It is fine the way it is.

The level of visibility Nessus provides, compared to a solution like Qualys, from an executive standpoint, is better. From a technical standpoint, it does not provide you that documentation capability that I would like. Having said that, from my standpoint, for my client base, the executive reporting is better.

The initial setup was straightforward. It was easy-peasy. I just said, "Run," and it set it up. After that, it was a matter of putting in my company's information and setting up a scan. It wasn't hard at all. It was very intuitive, very easy.

It took about half-an-hour.

All I had to do was download the software, install it, and run it. That was it.

If you're going to employ this product, it's the better one for smaller to medium businesses because of the executive documentation. I would not try to sell it as a technical tool for a technical group. As a consultant it would be best for you to run it and manage it for clients. With that, you're a one-stop shop for them. I would remind clients that most auditing requirements state that you need a third-party individual to do an assessment of your environment. As a consultant you would do that for them. Keep it in-house. I wouldn't sell it.

The priority rating is an industry-standard rating, so it's not like it pulls it out of a hat. It's a known rating, so that's good.