Tenable Nessus Reviews

Our use cases are pretty straightforward. We primarily use it for conducting vulnerability scans.

Out of the box, the product works well for us, so it's not a tool that we need to customize very much.

The reporting interface is in need of improvement. The reports are okay, but the interface is a bit difficult to navigate in some cases.

Nessus is not very good at identifying web application vulnerabilities, which means that we need to buy another product like Acunetix or EMC Networker to handle that part. This is an area that could be enhanced because we would prefer to have these capabilities in one application.

I have been using Tenable Nessus for more than 10 years.

Tenable is a reliable solution.

We have not had any use cases that required scaling.

Our installation is a single tenant.

We haven't had the need to contact technical support.

Many years ago, we tried Nexpose by Rapid7.

The initial setup was easy and very straightforward.

It took about half an hour to deploy, including all of the updates. It is the updates that take time to complete.

We pay approximately $2,500 on a yearly basis. We do not pay any fees in addition to the standard licensing costs.

Ultimately, we plan to use this product less because it is something that we advise our customers to buy for themselves. They should not be using our solution.

My advice for anybody who is considering Tenable Nessus is that it is easy to install, easy and straightforward to use, and not expensive. These are the reasons that we advice our customers to use it.

I would rate this solution an eight out of ten.

The features of Tenable Nessus that I have found most valuable are its reliability and its ability to collate a dependable output, where we are able to get the same vulnerability when we test manually. The output is quite reliable.

In terms of what could be improved, I would say its reporting portion.

Additionally, we have the on-prem version, but sometimes we want to have an on-cloud deployment as well for certain projects, although not so many. The people who used it on cloud didn't find it as good as the version they were using on-prem. Overall, the cloud version could be improved.

I have been using Tenable Nessus for about three years now. We are currently using the latest version.

In terms of stability, recently we are seeing many updates coming in and we are finding that the updating model with its latest releases may be a little buggy. So sometimes deployment may take a couple of times and Nessus takes its own time for updating, thereby delaying the deployment time. Of late is, we are seeing updates coming in very frequently. So when we deploy it, it just updates again and again and that almost doubles the time.

Tenable Nessus is scalable. That's not an issue.

We did reach out to technical support. I think it was just once, but it took them a long time to respond. Maybe it was case specific, but they took a few days to get back to us and we didn't expect that. Now they've completely changed the model to email support, so we send the email and we'll have to wait until the guys answer us back.

The initial setup on-prem and on-cloud did not have any issues. It just took a couple of hours.

On a scale of one to ten, I would give Tenable Nessus an eight.

What happens is Nessus keeps on updating and this becomes a showstopper. We are unable to proceed with the vulnerability scans or testing if we do not update to the latest available patch. We can understand the risk if it's maybe one version earlier, meaning, we understand something was updated with XYZ patch but there should be something which gives us an option so that not all of our deployments need to have the latest patch. This would save the deployment time because of frequent updates.

I would recommend Tenable Nessus. Especially the commercial model. We operate in small and medium enterprises and for them, Nessus is becoming expensive. Because of this I may not buy Nessus this year and I might switch to Qualys, for example. Overall, Tenable Nessus is not so price pocket friendly for small and medium users.

I primarily use the solution for vulnerability scanning within our organization.

The automatic scanner and scheduler are pretty cool. 

The interface is excellent. It makes it very user friendly and easy to navigate for the most part.

It's a pretty solid product. I pretty much like almost all of it. 

The product is pretty problem-free. We don't have any real issues with it.

The reporting is a bit cumbersome. 

A lot of times you have got to, if you want to test things, go in and then back all the way out, and then try something else, and that just becomes cumbersome. 

The testing functionality could be better.

The way they had set up the scan sometimes is difficult as well. It's partly due to how it's set up where I am. It's not necessarily a Tenable thing, however, the user, how they assign users and roles, is strange. Sometimes if a coworker sets up a scan, I can't start it or stop it. That's just something that may be an issue on our set-up and not a Tenable issue.

I've been using the solution for a while. I've probably been using the solution since 2015. It's been over five years at this point.

We're just customers. We're end-users. We don't have a business relationship with the company.

We're using the solution as what I would consider a hybrid, where the security center is managed by another group. However, we have a scanner in our network that connects back to the security center and the DOD of Azure.

We're largely happy with the product. Overall, I'd rate the solution eight out of ten. If it weren't for the reporting or the scanning difficulties, I would rate it higher.

We use Tenable Nessus to provide service to our bank.

I use it to provide our main service related to our big management.

Other than providing information security to our clients, it is our information security provider, service provider — we manage it. Using Nessus, we are able to scan and locate any potential vulnerabilities that our clients may have and point them out to them.

I am not sure how many users we have using this solution, but we have more than 100,000 assets distributed between roughly 40 clients.

Tenable Nessus is cheap and flexible.

Currently, they don't have all of the features that I am looking for. I am looking for a technology that installs agents into the machines to perform complicated scanning. That's a good feature that I'm looking for.

Our issues are not all due to Tenable Nessus; we have more than one console that we administrate.

I have been using this solution for 10 to 15 years.

I use this solution on a regular basis at my current company. I used it at my previous company as well.

This solution is quite stable.

The professional version is not very scalable. It's not really scalable considering the number of assets and clients that I have.

Many of our clients would like to switch to a better solution.

The technical support is great. We have called them a few times and they have always helped us.

The initial setup was pretty straightforward. Within a week we had set up all of the infrastructure and were ready to deploy.

We primarily use the solution for vulnerability management. We also use it during our IP scans.

The VPR scores are the solution's most valuable aspects.

The plug-in text information is quite useful.

The solution can scale well.

We've found the solution to be quite stable.

It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear.

We find that the solution causes several issues due to the fact that it runs even before it calculates, the asset in prevention. 

I can't think of any features that are lacking.

I've been using the solution for one to two years at this point.

It's stable. I don't have any major complaints. It doesn't have bugs. It isn't affected by glitches. It doesn't crash or freeze on us. It's reliable.

We have about 100 direct users who are logging onto the solution on a daily basis.

We don't plan on increasing usage at this time.

We have been able to scale it in the past, however, and a company that needs to expand it should not face too many issues doing so.

We've worked with technical support in the past, and we've found them to be quite efficient. They are knowledgable and responsive.

We previously used McAfee and switched over completely at the end of May.

We had some help with the initial setup. We were able to use our vendor's expertise and have them walk us through any issues we had.

However, we completely handle the maintenance now that is it up and running. We have admins who deal with any upkeep.

The vendor assisted us in the initial implementation.

I don't have any information when it comes to the cost of the solution. It's not part of my job to deal with billing or payments, so I don't have any visibility on the cost structure.

We are simply customers. We don't have a business relationship with Tenable.

We're using the latest version of the solution.

I would definitely recommend this solution. It's the best that I've used so far.

On a scale from one to ten, I'd rate it at an eight overall.

We are a company that provides cloud migration services. We help companies to migrate to the public cloud. When our customers want to migrate applications, they're worried about the security aspect in the cloud. So we are trying to see how the application security that is on-premises can be migrated to the cloud.

We don't have any particular solution, we are working with a few options. The customer selects what best suits their needs. If we have a program, we work with that.

It's not specific to what we are working with.

We have done code scanning for a long period because as a company, we do DevOps as part of our development life cycle. We like scanning the ports and security as well as application-level security.

Some of our customers are operating on the cloud as well as on-premises.

We would like to have the option of using the solution for the cloud as well as on-premises with the same license at the same time. That would be very helpful.

We have used this solution for three or four projects in the last two years.

We are always working with the latest version.

The stability varies on the version that you are using. 

We have not had any problems with stability with what we are using. It's been stable and we have never been faced with any stability issues.

We have used this for an enterprise cloud application, which is much smaller with hundreds of users. It's pretty scalable. We have not had any challenges so far. 

I don't know the limits of scalability because we haven't trialed it fully. But for the enterprise application that we use, we didn't find any issue with scalability.

We have contacted technical support, once or twice when we have had issues with respect to some plugin related clarification. 

There are times where the solution doesn't work out of the box, and we have to install some plugins. We needed some assistance with this.

They are good, but the response resolution takes a bit of time. It would say that it's still within an acceptable response time. Within a few hours, they will get back to you with a solution.

The initial setup is pretty easy.

When we use the scales we find it to be easy.

In our experience a complete deployment and start-up, it takes only a few hours.

In some cases, we deploy on-premises because the customer is still evaluating the readiness to go to the cloud. 

A few of our customers are already on the cloud, and others are migrating. We have deployed on both models.

With my experience, I would definitely recommend it. This is the only tool we have used recently.

I would rate this solution an eight out of ten.

It is used for vulnerability management. We used Nessus to scan our machines to see how they were vulnerable, for patches or security. The CVE numbers is what we looked at, the security vulnerability, and tried to figure out what we were vulnerable to.

We monitored Windows Servers, Windows workstations, Linux servers, firewalls, switches, VMware equipment, and Cisco UCS hardware through the application.

We were a lot less vulnerable after implementing the changes that the application recommended.

The solution helped limit our company's cyber exposure by pointing out every single vulnerability we had and showing us how to fix them. By following the application's directions, we were less vulnerable to attackers. By implementing what the application told us to implement, we were able to fix the holes in our network and prevent any attackers from coming in.

The most valuable feature is how it scanned and detected through its database to let us know exactly what fixes we needed to put in place for the vulnerabilities. It detects and it also gives you the way to fix it.

The product's VPR did a great job in prioritizing and giving the highs versus the mediums; it did a great job providing the different ratings and priorities.  

The Nessus predictive prioritization feature is very nice, the way it displays. The interface could look better, but it has everything it needs. It could do a better grouping of the workstations and run a better schedule. But it was sufficient in what it provided.

There is room, overall, for improvement in the way it groups the workstations and the way it detects, when the vulnerability is scanned. Even when we would run a new scan, if it was an already existing vulnerability, it wouldn't put a new date on it.

I used Nessus for about three years.

It was very stable. We didn't have any outages or downtime during its use.

The scalability was very good. We were able to deploy it into multiple remote sites using the scanners. You can deploy separate scanner VMs into remote locations where you don't have access. They have Tenable.io in the cloud, which allows you to do all that.

I used it in a very large environment. Just in my sector, we had about 5,000 workstations along with about 150 servers. So it was a pretty sizable environment. The company was using it for a much bigger purpose. It had between about 50,000 and 100,000 workstations and about 10,000 servers.

In my environment we had about seven users logging into it. The company as a whole had about 150 users. They were security engineers, security administrators, system administrators, and system engineers. For maintenance of Nessus, there was only a team of about 15 people.

I rarely had to call technical support. There was one time when we were troubleshooting a VMware scan. They got on and were helpful, but they weren't able to provide a solution quickly enough. I would give them a three out of five.

I found the setup to be simple. The interface was very intuitive. It was simple yet functional.

Without Nessus, we would have had a lot more vulnerabilities which would have opened the doors to potential attacks. And attacks would have cost the company a lot more money.

Know that it's only a detection tool and that it has limitations as a detection tool, but the deployment can be pretty scalable.

The solution didn't reduce the number of critical and high vulnerabilities we needed to patch first. It tells you what the critical vulnerabilities are that you need to patch, but it didn't reduce anything. It doesn't patch it for you.

I would give Nessus a seven out of ten, as it doesn't automatically resolve the vulnerabilities. There are tools out there that give you an option: "Hey, do you want me to patch that vulnerability?" You just hit "yes" and it automatically does it. Nessus doesn't do that. And, as I said, the grouping could be a little bit better.

We mainly use it for scanning for vulnerability on our hosts, like network devices and servers; to find the vulnerabilities and do remediation. We monitor Windows and Linux workstations.

It helps us limit our vulnerabilities and to reduce exploitations.

Tenable also helps us focus resources on the vulnerabilities that are most likely to be exploited.

Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities. I can export reports to Excel to adjust them and it's a convenient way to send them to my manager. We actually use the report feature to identify all the vulnerabilities on all the hosts.

• The prioritization is done quickly and is good.
• Their VPR is good.
• I'm also able to find its features easily.

We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux.

Also, Agent scanning is more efficient than credential scanning but Agent scanning is more expensive than credential scanning. I prefer, mainly, the Agent scan over the credential scan, it's better. But we will continue to use the credential scan. I would like to see Tenable make some improvements to the credential scanning; more vulnerabilities, because most of the problems have occurred on Windows Server. We have some scanning issues.

We have been using Tenable for just over a year.

It's always working, no crashes.

We can add more scanners to the scan zone. We can also create different organizations in terms of scanning, so I think the scalability is good.

We use Tenable on 300 servers. In our office we have two or three people using the solution who are network security engineers. Two or three people are enough to take care of deployment and maintenance of Tenable.

We have plans to increase our usage. We want to increase our licenses up to about 1,000.

Technical support is good. I get responses quickly and they provide quick resolution. I can look at their community to find questions or the problem. The support is good.

Before Tenable, our global team used Qualys, but I myself didn't use that. The switch to Tenable was decided on by our U.S. team. It was a global strategy to move to Tenable.

The initial setup was good, not complex. We had the guides from Tenable to guide us through the setup. It took us two days, but one day should be good enough for the initial deployment.

Originally, we wanted to scan all our servers from multiple clouds and also on-premises, to scan the local network.

Tenable mainly works on vulnerability scanning and prioritizing.