Tenable Nessus Reviews

For my use case, I will use Tenable Nessus for my vulnerability assessment. It is a very powerful vulnerability scanning tool with comprehensive coverage, accuracy, and actionable intelligence.

I mostly use the configuration audit feature for the audit configuration as a scan policy, and I will use it for credential audit, which helps me scan credentials access such as local administrator or root access, performing a deeper and more accurate check of local configuration settings and file systems, making it a highly recommended feature.

Regarding integration capabilities, we can integrate Tenable Nessus with SIM tools such as Splunk, IBM QRadar, and Azure Sentinel, as well as with ticketing systems such as ServiceNow, Jira, and Slack. There is no complexity as it is very easy to integrate everything.

In terms of the reporting feature, while vulnerability scanning can throw some false positives, Tenable Nessus has very few, achieving a reduction of 75% to 80% false positives with manual analysis needed. We can generate standard Nessus reports that typically include host summaries and vulnerabilities by host and plugin, alongside solutions and remediation recommendations.

The main benefits I get from Tenable Nessus are complete asset inventory and comprehensive attack surface management, allowing us to prioritize vulnerabilities based on risk, focusing on true risk and threat path analysis.

Tenable could improve by integrating Gemini or ChatGPT for deeper analysis in risk assessment, making it easier to analyze risks with a simple prompt.

I have been working with Tenable Nessus for five years.

The stability of Tenable Nessus is extraordinary, not just the best, but extraordinary.

Tenable Nessus is highly scalable, warranting a rating of 9.5 or 10 out of five.

The initial setup for Tenable Nessus is very simple compared to Greenbone, as it is based on a license. There are three kinds of licenses: essential, professional, and enterprise. After purchasing the license from tenable.com, we just download it to our system and enter the key to begin vulnerability scanning.

When comparing Tenable Nessus with competitors, I consider Rapid7 and OpenVAS from Greenbone. For web application vulnerability scanning or combined scanning, I go with Tenable Nessus, but if I only want to scan networks and servers, I definitely choose OpenVAS.

Tenable Nessus is very costly compared to OpenVAS and sits on the higher side.

My preferred purchase process for Tenable Nessus is to buy any license directly with Tenable and not through any vendor.

Tenable Nessus is famous, and everyone is using it. On a scale of one to ten, I rate Tenable Nessus a 10.

We are using Tenable Nessus Professional. We are not using Security Center and other Tenable products. For penetration test suites, we are using Tenable Nessus solution for the first step of our penetration testing.

The solution provides time saving and cost saving benefits.

The integration part is not good because five years ago, Tenable Nessus had more integration capability. After that, Tenable changed their policies and strategy. They pushed users toward Security Center and disabled Tenable Nessus integration features.

This is Tenable's property. They want to sell Tenable Security Center, and they closed all the API capability for Tenable Nessus Professional. The Jira integration is good, but it does not make sense for Tenable because they want to sell Security Center, which is more expensive than Tenable Nessus.

We have been using the solution for more than ten years.

The solution is not scalable but stable.

The solution is not scalable but stable.

I am not using Tenable support. I can usually fix all of the issues myself. I don't need support for Tenable Nessus.

Neutral

The solution is not perfect, but it is okay. I am both a customer and have a partnership with Tenable. Quick scan is good and sufficient for our needs. The solution is very easy to use. We are deploying it in our organization.

On a scale from one to ten, I rate Tenable Nessus a seven out of ten.

I mostly work with the cloud version of the product. Based on my customers' experience, they mostly use Microsoft Azure. My customers utilize a hybrid cloud setup where we use on-premises and cloud solutions because we have air-gapped customers who have no other option than to use on-premises. The customers who have cloud access and are open to using cloud solutions are using Tenable One, which is a cloud-based solution.

I would not personally speak to what I like about Tenable Nessus, because I think the only reason many customers are using it is because it is well-known and they have received directives from their companies or mother companies. For me, the key value is the ease of use and integration with SIEMs because it has built-in integrations with IBM QRadar and others. Tenable Nessus is typically a widely integrated tool within the existing security ecosystem. It is part of the security policy that customers have implemented, so it does provide positive impact and is beneficial to use Tenable Nessus.

I would not personally speak to what other features I would like to see in future updates of Tenable Nessus; this is perhaps more a question for the customers rather than for me. Based on what customers typically use, what they need to meet all requirements and security requirements is currently available. However, for some customers, they would like to have more assistance as they are becoming accustomed to AI co-pilots. An AI feature that helps them discover options without requiring them to deep dive into all features or guides them through advisory functions would be beneficial.

I have been implementing the product for four or five years.

The technical support from Tenable is adequate. When a customer opened a ticket, they did not reach out to us directly. I know that they opened the ticket but did not get back to us, so I believe the ticket was resolved; otherwise, they would have informed us.

Within the company, we have two people who are dealing with Tenable Nessus. Beyond Tenable Nessus, they are also dealing with Rapid7 scanners as we provide multiple solutions for vulnerability scanning.

It remains acceptable for us to use and sell Tenable Nessus because we can still bring in revenue, so it continues to be worthwhile.

Based on my experience, the pricing for Tenable Nessus is somewhat higher, but customers still want to pay for it, so it remains acceptable. The annual price increase of six to seven percent could potentially be lower, which would be beneficial. However, when we compare it to other solutions, it is more difficult for us to negotiate the price for Tenable Nessus than to negotiate the price with Rapid7.

We are not using Tenable Nessus internally; we are only providing it to our customers. The implementation of Tenable Nessus depends on the scenario and is straightforward for us. The implementation process does not take much time for me personally. However, it typically requires at least one day because you need to fine-tune the configuration, as it is not simply setting it up; troubleshooting and fine-tuning also take time. For a simple implementation that is not distributed or large-scale, it usually takes about one day. When we find something in Tenable Nessus, we use automation to help us with that, combining it with automation. For me, this approach is acceptable. My customers do not appear to utilize Tenable Nessus' configuration auditing feature. I have used the reporting features with Tenable Nessus where customers conduct scheduled vulnerability scans plus default scans for CVEs, and they have reporting scheduled to send all reports to the CSOs. As the partner rather than the end user, I do not deal with tickets frequently. I rate the support from Tenable at eight out of ten. I give this review an overall rating of nine out of ten.

The reporting feature in Tenable Nessus is very good, and it's easier to understand than Rapid7.

Positive

On a scale of 1-10, I rate Tenable Nessus an 8.

Tenable Nessus's primary use case is scanning endpoints and servers for vulnerabilities, outdated patches, or services. I am using it to increase visibility and dive deep into systems. 

The tool is particularly used for scanning Linux servers to check for vulnerabilities and unwanted patches or services.

Tenable Nessus has provided increased visibility across the organization's servers. It automates the process of checking for outdated features and services across multiple servers, which would be challenging to do manually. This solution helps in detecting vulnerabilities that could go unnoticed otherwise.

The scanning and reporting features are the most valuable aspects of Tenable Nessus. The solution also provides accurate mitigations and suggestions, which have been beneficial for vulnerability management.

The user interface of Tenable Nessus feels outdated and could be more user-friendly. 

Additionally, the documentation is not well-organized, which can be confusing when searching for solutions or specific information related to Tenable Nessus Professional. The reporting feature could be improved by allowing users to create their own templates instead of relying on predefined ones.

I have been working with Tenable Nessus for more than six months, closer to eight months, but less than a year.

The solution is stable. We have not encountered any issues with missing network items or errors in API and webhook interactions. Everything works as expected.

Tenable Nessus is highly scalable. It efficiently handles increasing numbers of servers without limitations. Whether managing 50 servers today or 500 tomorrow, performance or capacity are not hindered.

The technical support is good yet could improve in terms of response time. The feedback and reply times should be faster.

Neutral

Previously, we used a Fortinet solution that also scanned source code. We switched to Tenable Nessus as our source code scanning needs had been outsourced, and we found Nessus to be fast and effective, offering remediation and mitigation components.

The installation was straightforward, with documentation guiding the process. The challenge was in configuring the server for full network access, which was not difficult but time-consuming.

The deployment and maintenance were handled by two cybersecurity engineers.

The return on investment is significant, primarily because it enhances visibility in identifying potential threats and managing them efficiently.

Tenable Nessus's pricing is adequate if it is fully utilized. The cost is justified by the value it brings in terms of features and performance.

We evaluated other vendors, likely smaller startups. I cannot recall their names as they were not as prominent.

For those evaluating Tenable Nessus, it is beneficial for easy detection and mitigation of security vulnerabilities. It provides comprehensive mitigations and is less time-consuming with fast scanning capabilities.

I'd rate the solution eight out of ten.

We are using Tenable Nessus for web security and scanning. We collect detailed reports that provide information regarding IT topology, such as which IP addresses have breaches. We separate our network and peripheral devices, and looking at the report helps us identify threats. Then we mitigate those threats, and our audit team monitors that we have completed it in the correct way.

We are doing vulnerability assessment and network scanning separately, and it's not integrated with our whole SOC or SOC solution. It's not fully integrated because different teams are performing different types of work.

We are using a SOC Automation System for web application scanning, which is one of the IBM products.

Vulnerability assessment is the most valuable feature in Tenable Nessus, as it provides brief details regarding the vulnerability issues we have in our network.

The reporting feature in Tenable Nessus is frequently used. We collect detailed reports that provide information regarding IT topology, such as which IP addresses have breaches. We separate our network and peripheral devices, and looking at the report helps us identify threats. Then we mitigate those threats, and our audit team monitors that we have completed it in the correct way.

Tenable Nessus provides observations but offers limited information about solutions. If they improve the solution component along with the observations, it would be much easier for anyone to implement a resolution.

For example, it informs us when a port is open or when a web browser on a specific IP has issues. However, it doesn't provide a detailed explanation on how to mitigate that particular issue. We need to use our own knowledge or tools such as Google or ChatGPT to find solutions. Some other solutions provide hints regarding issue mitigation, but Tenable Nessus doesn't provide that level of detail.

We want reporting to be improved with suggestions included. When issues are mentioned, we want them to provide the resolution or the actual cause so we can break down the issue and resolve the problem permanently across all our solutions.

We have been using Tenable Nessus for about two and a half years.

It was not difficult to deploy Tenable Nessus in our system. We have successfully deployed it.

We have technical support enabled with our licensing for Tenable Nessus. We have only called twice for technical support, and the service was brilliant. We received support within one to three hours.

Neutral

We implemented it with the help of a third party.

We considered some IBM products, Rapid7, and a Microsoft solution before choosing Tenable Nessus. At this moment, we are accustomed to Tenable Nessus, so we don't have any plans to change it now or in the near future.

We are currently working with Tenable Nessus, and our renewal time is not close, so we haven't considered any alternatives.

I haven't considered the pricing of Tenable Nessus yet because our renewal is in about six months. We will think about that later.

I would recommend trying Tenable Nessus as it's a good solution.

I am a customer and the CIO of a financial institution.

We did not purchase our Tenable products on AWS Marketplace; we obtained it from Omega Exim Limited, one of our vendors in the Bangladesh Marketplace.

On a scale of 1-10, I rate Tenable Nessus an 8.

I want to upgrade Tenable Nessus because I don't have a license, but I worked with it before. It was only for one month. We just don't have a license, but I worked for two years with this product.

I have worked with Tenable Nessus in the last month.

I used Tenable Nessus in government.

I see improvements in incident response times with Tenable Nessus. We have two ways to monitor: we can look online in real-time with system or page links, and when there is an issue, they write a report in email for me. When the system has an issue that somebody has found, Tenable Nessus alerts me via email.

The value that Tenable Nessus brings to my company is significant because we can see risks. It is also good to see the pages risk and system risks. It saves money.

Tenable Nessus allows me to set up automated scans and they do everything automatically. They also generate reports automatically for me.

I have used the Configuration Auditing feature of Tenable Nessus, which helps me by identifying security gaps. I found issues such as needed upgrades for the operating system and other things.

The integration capabilities of Tenable Nessus with my security ecosystem are friendly. It needs to be configured with a virtual machine and on-premise installation.

I face issues with Tenable Nessus sometimes due to upgrades. We must do system upgrades, and we have some issues with printing. We don't have the last updates.

Regarding improvements for Tenable Nessus, I think this tool has everything. The interface could be improved, particularly when moving between systems. It would be better to have buttons or tabs for navigating between different networks, as currently it requires multiple steps.

I have worked with Tenable Nessus in the last month.

I consulted with support about half a year ago. They connected through TeamViewer and helped me resolve the problem.

Positive

Setting up Tenable Nessus is easy. It took about three hours to deploy Tenable Nessus, with approximately 30 minutes for downloading and another two hours for configuration and installation.

I use Tenable Nessus on-premise because we have a special network, and we use it for on-premise because some systems cannot go online. I don't want external parties to know about these issues.

I scan with Tenable Nessus and get information about issues, then send it to IT people for confirmation and repair.

Tenable Nessus is a scalable solution for my environment. We had two users working with Tenable Nessus.

My rating for technical support is 10 out of 10.

I can recommend Tenable Nessus as an issue-finding tool.

I have not evaluated any other tools before working with Tenable Nessus for vulnerability management.

My overall rating for Tenable Nessus is 10 out of 10.

Neutral

The main use case for Tenable Nessus is to scan vulnerabilities and to detect misconfigurations in devices.

The functions or features of Tenable Nessus that I have found most valuable are vulnerability detections, which I really appreciate.

We are working with the configuration auditing feature of Tenable Nessus, and it is quite useful for my operations.

The reporting function of Tenable Nessus is useful, but it needs more features and more capabilities.

The prioritization in Tenable Nessus based on risk impact is very useful, though it's not the best capability because there are other products in Tenable that provide more detailed risk management and prioritization based on risk. However, as a standalone product, it's an interesting feature and a strong capability.

Tenable Nessus is not easy to integrate because it works alone as a standalone component, so it's not particularly important to make integrations.

As a vulnerability management tool, the only aspect that is weak in Tenable Nessus is reporting; the rest is very strong. It is the best tool that we have in the market. There is always space for improvements, mostly to have more framework configuration templates for the audit file. It can be more useful because sometimes I need to manually create a configuration file for the audit that aligns with a more specific framework. Additional frameworks templates are probably one of the features that we need.

I have been working with Tenable Nessus for more than 10 years.

I would rate the stability of Tenable Nessus as excellent.

The ability to scale Tenable Nessus as a standalone product is moderate.

The initial setup process for Tenable Nessus is very straightforward.

The main competitors in the market for Tenable Nessus are Rapid7 and Qualys, with Rapid7 being the more competitive solution against Tenable Nessus.

When comparing Tenable Nessus and Rapid7, I find Tenable Nessus much better for my use case because it is very strong.

We are using multiple products from Tenable Nessus.

I can recommend Tenable Nessus for small and mid-size enterprises, as these companies need a different solution.

On a scale of 1-10, I rate Tenable Nessus a 9.

We do infrastructure audits in the state, and we have a lot of organizations and customers for which we do security assessments.

Nessus assists you to complete the job in a shorter period of time. It discovers all the assets and identifies existing vulnerabilities in the environment. 

You can then direct your team to create a report on the discovered vulnerabilities. Basically, you can use Tenable to shorten the activity and get faster results.

Tenable Nessus could include a broader range of IT assets. Nowadays, IT is not limited to laptops and desktops. It can be any environment in the organization, such as iOS or Android mobile phones. 

Apart from that, organizations use APIs and specific tools. We would like Tenable to cover every aspect of IT infrastructure, not just generic systems like laptops, desktops, switches, or servers. It should include every kind of device, like Raspberry Pi. This small chunk of devices acts as sensors in several organizations. 

We would like to be able to scan every device in the network, and the solution should present vulnerabilities within their system.

I've been working with it for ten years.

Tenable is a stable solution. I would rate the stability a ten out of ten. 

Tenable's scalability is good. I would rate the scalability a seven out of ten. 

We have no issues with support.

Positive

We had used some open-source solutions previously.

We made a switch to Tenable Nessus because of the vulnerability coverage. It has a huge scope.

Nessus is quite easy. It is quite easy to deploy, quite easy for my team to use this software for vulnerability scanning. So it is very easy. 

I would rate my experience with the initial setup a nine out of ten, with ten being easy. 

It took one to two hours.

We do this in-house. We, ourselves, deployed this solution. 

Sometimes we take assistance from the OEM or the reseller, but generally, we make it an in-house activity.

There is a ROI in terms of cost savings, time savings and more. 

We have one user license at present. The price is okay. I would give it a seven out of ten, where one is cheap and ten is expensive.

I would recommend it to others. It's a good solution. Overall, I would rate it an eight out of ten. In every aspect, it is good.