Tenable Nessus Reviews

Our use cases are pretty straightforward. We primarily use it for conducting vulnerability scans.

Out of the box, the product works well for us, so it's not a tool that we need to customize very much.

The reporting interface is in need of improvement. The reports are okay, but the interface is a bit difficult to navigate in some cases.

Nessus is not very good at identifying web application vulnerabilities, which means that we need to buy another product like Acunetix or EMC Networker to handle that part. This is an area that could be enhanced because we would prefer to have these capabilities in one application.

I have been using Tenable Nessus for more than 10 years.

Tenable is a reliable solution.

We have not had any use cases that required scaling.

Our installation is a single tenant.

We haven't had the need to contact technical support.

Many years ago, we tried Nexpose by Rapid7.

The initial setup was easy and very straightforward.

It took about half an hour to deploy, including all of the updates. It is the updates that take time to complete.

We pay approximately $2,500 on a yearly basis. We do not pay any fees in addition to the standard licensing costs.

Ultimately, we plan to use this product less because it is something that we advise our customers to buy for themselves. They should not be using our solution.

My advice for anybody who is considering Tenable Nessus is that it is easy to install, easy and straightforward to use, and not expensive. These are the reasons that we advice our customers to use it.

I would rate this solution an eight out of ten.

The features of Tenable Nessus that I have found most valuable are its reliability and its ability to collate a dependable output, where we are able to get the same vulnerability when we test manually. The output is quite reliable.

In terms of what could be improved, I would say its reporting portion.

Additionally, we have the on-prem version, but sometimes we want to have an on-cloud deployment as well for certain projects, although not so many. The people who used it on cloud didn't find it as good as the version they were using on-prem. Overall, the cloud version could be improved.

I have been using Tenable Nessus for about three years now. We are currently using the latest version.

In terms of stability, recently we are seeing many updates coming in and we are finding that the updating model with its latest releases may be a little buggy. So sometimes deployment may take a couple of times and Nessus takes its own time for updating, thereby delaying the deployment time. Of late is, we are seeing updates coming in very frequently. So when we deploy it, it just updates again and again and that almost doubles the time.

Tenable Nessus is scalable. That's not an issue.

We did reach out to technical support. I think it was just once, but it took them a long time to respond. Maybe it was case specific, but they took a few days to get back to us and we didn't expect that. Now they've completely changed the model to email support, so we send the email and we'll have to wait until the guys answer us back.

The initial setup on-prem and on-cloud did not have any issues. It just took a couple of hours.

On a scale of one to ten, I would give Tenable Nessus an eight.

What happens is Nessus keeps on updating and this becomes a showstopper. We are unable to proceed with the vulnerability scans or testing if we do not update to the latest available patch. We can understand the risk if it's maybe one version earlier, meaning, we understand something was updated with XYZ patch but there should be something which gives us an option so that not all of our deployments need to have the latest patch. This would save the deployment time because of frequent updates.

I would recommend Tenable Nessus. Especially the commercial model. We operate in small and medium enterprises and for them, Nessus is becoming expensive. Because of this I may not buy Nessus this year and I might switch to Qualys, for example. Overall, Tenable Nessus is not so price pocket friendly for small and medium users.

I primarily use the solution for vulnerability scanning within our organization.

The automatic scanner and scheduler are pretty cool. 

The interface is excellent. It makes it very user friendly and easy to navigate for the most part.

It's a pretty solid product. I pretty much like almost all of it. 

The product is pretty problem-free. We don't have any real issues with it.

The reporting is a bit cumbersome. 

A lot of times you have got to, if you want to test things, go in and then back all the way out, and then try something else, and that just becomes cumbersome. 

The testing functionality could be better.

The way they had set up the scan sometimes is difficult as well. It's partly due to how it's set up where I am. It's not necessarily a Tenable thing, however, the user, how they assign users and roles, is strange. Sometimes if a coworker sets up a scan, I can't start it or stop it. That's just something that may be an issue on our set-up and not a Tenable issue.

I've been using the solution for a while. I've probably been using the solution since 2015. It's been over five years at this point.

We're just customers. We're end-users. We don't have a business relationship with the company.

We're using the solution as what I would consider a hybrid, where the security center is managed by another group. However, we have a scanner in our network that connects back to the security center and the DOD of Azure.

We're largely happy with the product. Overall, I'd rate the solution eight out of ten. If it weren't for the reporting or the scanning difficulties, I would rate it higher.

We mainly use it for scanning for vulnerability on our hosts, like network devices and servers; to find the vulnerabilities and do remediation. We monitor Windows and Linux workstations.

It helps us limit our vulnerabilities and to reduce exploitations.

Tenable also helps us focus resources on the vulnerabilities that are most likely to be exploited.

Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities. I can export reports to Excel to adjust them and it's a convenient way to send them to my manager. We actually use the report feature to identify all the vulnerabilities on all the hosts.

• The prioritization is done quickly and is good.
• Their VPR is good.
• I'm also able to find its features easily.

We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux.

Also, Agent scanning is more efficient than credential scanning but Agent scanning is more expensive than credential scanning. I prefer, mainly, the Agent scan over the credential scan, it's better. But we will continue to use the credential scan. I would like to see Tenable make some improvements to the credential scanning; more vulnerabilities, because most of the problems have occurred on Windows Server. We have some scanning issues.

We have been using Tenable for just over a year.

It's always working, no crashes.

We can add more scanners to the scan zone. We can also create different organizations in terms of scanning, so I think the scalability is good.

We use Tenable on 300 servers. In our office we have two or three people using the solution who are network security engineers. Two or three people are enough to take care of deployment and maintenance of Tenable.

We have plans to increase our usage. We want to increase our licenses up to about 1,000.

Technical support is good. I get responses quickly and they provide quick resolution. I can look at their community to find questions or the problem. The support is good.

Before Tenable, our global team used Qualys, but I myself didn't use that. The switch to Tenable was decided on by our U.S. team. It was a global strategy to move to Tenable.

The initial setup was good, not complex. We had the guides from Tenable to guide us through the setup. It took us two days, but one day should be good enough for the initial deployment.

Originally, we wanted to scan all our servers from multiple clouds and also on-premises, to scan the local network.

Tenable mainly works on vulnerability scanning and prioritizing.

I use it for performing vulnerability scans for both my environment and for clients. I provide fractional CISO consulting services. As such, I will perform a vulnerability scan on an environment before I say "yes."

Everybody has to have a vulnerability scan. You should do them periodically which, to me, is monthly. It's just good practice to perform that scan monthly and whenever there's a major change, to make sure that you don't have any open environment. 

I monitor web servers, database servers, app servers, desktops; everything you'd find on a network, besides switches and routers. I don't have that, but I monitor any Windows- and Linux-based nodes.

I went to a client's site and I ran the report. They had a number of fives, fours, and threes. With that information, we were able to remediate the fives, fours, and threes down to a couple of threes.

It also helps to prioritize based on risk. If it provides a notification that you have an older operating system out there, for example, obviously you would have that as a higher risk and wish to remediate that above any and all other risks. It details what that the risk is and what you should do about it.

The solution helps to limit cyber exposure. By running it on a monthly basis, you tighten the window of opportunity for any nefarious individual to get into your environment. Industry standards say that you have to do it quarterly or yearly and I do it monthly, so I think I'm in a better position to secure the environment.

The solution reduces the number of critical and high vulnerabilities which need to be patched first. In terms of a percentage reduction, it's more of a detective control, along with the preventative control. I can't give you a percentage. It reduces the risks by providing the information that you can react to, quicker than finding out that you've been breached.

Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully. 

It also has an executive report where you don't have to provide the client all the detail for them to sift though. But if they wish to dig through the detail they can.

The predictive prioritization features are spot-on. I enjoy how it actually gives me a prioritization that I can address and it associates it with a known vulnerability. I like that.

One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that. Or, if they change the product itself for you to add comments of remediation efforts and allow you to sort on that and report on it, that would be helpful. Most of us would rather not have that information out in the cloud. We'd rather have it in-house. It would be better if you could provide it in an Excel spreadsheet for us to work with.

I've been using it for four years.

It's very stable. It hasn't aggravated my environment, so I'm happy with that. It's up and running. It runs all the time.

Scaling is easy because it goes out and examines the network and identifies all the nodes that are out there. You don't have to worry about scalability, per se. It's just another node that it adds to the list, so it's easy.

It's being used for under 500 nodes. I would like to increase it if possible, but I have no plans to do so.

Before Nessus, I used Qualys. I switched because the reporting in Nessus is better. The reporting in Nessus is more executive-friendly. When giving information to clients, I don't need to repackage it. It is fine the way it is.

The level of visibility Nessus provides, compared to a solution like Qualys, from an executive standpoint, is better. From a technical standpoint, it does not provide you that documentation capability that I would like. Having said that, from my standpoint, for my client base, the executive reporting is better.

The initial setup was straightforward. It was easy-peasy. I just said, "Run," and it set it up. After that, it was a matter of putting in my company's information and setting up a scan. It wasn't hard at all. It was very intuitive, very easy.

It took about half-an-hour.

All I had to do was download the software, install it, and run it. That was it.

If you're going to employ this product, it's the better one for smaller to medium businesses because of the executive documentation. I would not try to sell it as a technical tool for a technical group. As a consultant it would be best for you to run it and manage it for clients. With that, you're a one-stop shop for them. I would remind clients that most auditing requirements state that you need a third-party individual to do an assessment of your environment. As a consultant you would do that for them. Keep it in-house. I wouldn't sell it.

The priority rating is an industry-standard rating, so it's not like it pulls it out of a hat. It's a known rating, so that's good.

Our primary use case of this solution is scanning of our external websites.

The feature I find most valuable is the vulnerability reporting.

I would like to see an improvement in the ranking of high, medium and low vulnerability.

The solution is very stable.

Tenable Nessus is a very scalable solution. We have over 50 devices running on it currently, and over 50 locations. And we plan to increase our usage in the future. We use our existing team for maintenance, so we didn't have to increase our headcounts. One person is enough to do the maintenance.

The technical support is good.

I will say the initial setup was not straightforward, and not complex either. It's medium. Technically it's not too complicated, but if you work with a good partner, they can help. The deployment took us about three to six months.

My advice to others would be to include post-implementation support for six months from the vendor to help with the fine-tuning. I rate this solution an eight out of ten. In the future, I would like to see better reporting for high impact vulnerabilities.

Nessus was used to scan vulnerabilities and compliances in our clients' networks and with this, carry out the remediation process through constant cycles in time until threats to the network are considerably reduced. The environments are small business networks (less than 50 employees), and so far there have been no major impediments in the scans performed.

Nessus has greatly improved the security of our clients' networks. The comfortable management of their systems makes it easier for engineers to use the codes for each vulnerability or compliance. Deploying the server to launch the scans is very easy, and only the necessary prerequisites for scanning should be fulfilled. Nessus has been very valuable to the company.

The comprehensive coverage offered by Nessus has been the most remarkable; it really does everything that has been asked of the software.

It's great, the possibility of automating implementations and really your database is immense for all the compliances and vulnerabilities.

Tenable University is great and allows to train all the personnel in charge of making the scans in an optimal and effective way.

• I think that the next versions could improve the graphical interface to make more intuitive the management of the reports. 
• Additionally, it could include better features in the vulnerability scan at the language level.

Nessus is very stable and really works in diverse environments without any difficulty. The most important thing is to establish the necessary requirements.

Scalability of this type of software does not seem so relevant.

The Tenable support is very good and has really solved in a timely manner the problems that have occurred in the various projects.

In the company, Qualys was used, and it was not possible to manage the projects with this tool.

Quite simple and comfortable.

Internal team.

Phenomenal.

The costs are not high, considering all the support and service offered by Tenable.

Scans using agents are very useful, and taking advantage of them is the best way to take advantage of the tool.

Primarily, I use this for assessment and administration testing.

I find the features that are most valuable are the policies that help us identify the vulnerabilities. These policies are then used for scanning and identifying instabilities.

The reporting functionality needs improvement. I think it would be beneficial to have a high level explanation for a particular user. 

It is very stable, based on our past experience. We have had some false positives in the past, which we hope can improve in the future.

The scalability is fine. It is tied to the licensing agreement. We currently have 20 people using this tool in our organization. It is primarily used by people in our cellular team. If we see a need to add more users in the future, we will renegotiate our licensing agreement to do so. 

We have not needed to contact tech support much. We contacted them about the false positives, and they were helpful. 

We also evaluated Netplus. 

The installation is very straightforward and easy. We did not use a third-party installer. 

I think the price is fairly affordable. It provides a license that is fair.