2018-10-28T09:34:00Z
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
  • 0
  • 49

What advice do you have for others considering Tenable Nessus?

If you were talking to someone whose organization is considering Tenable Nessus, what would you say?

How would you rate it and why? Any other tips or advice?

39
PeerSpot user
39 Answers
MB
User at a university with 1,001-5,000 employees
Real User
Top 20
2022-10-20T11:16:14Z
Oct 20, 2022

We are just end-users and customers. I'm not sure which version of the solution we're using. I'd rate the solution eight out of ten.

Search for a product comparison
OmkarZarapkar - PeerSpot reviewer
Manager II at a insurance company with 10,001+ employees
Real User
Top 10
2022-10-13T13:19:40Z
Oct 13, 2022

The solution is a great tool for automation and reducing your team's efforts. If you have the budget and knowledgeable staff, then I recommend you use it. I rate the solution an eight out of ten.

RallisFarfarakis - PeerSpot reviewer
Principal Security Architect at NTT Security
Real User
Top 10
2022-10-11T09:54:00Z
Oct 11, 2022

I would recommend Nessus Manager and rate it at eight on a scale from one to ten.

MB
Sr. Information Security Engineer at Rewterz
Real User
2022-09-27T14:22:00Z
Sep 27, 2022

I would rate Tenable Nessus an eight on a scale of one to ten.

SD
Cyber Security Expert at Birlasoft IndiaLtd.
Real User
Top 5
2022-09-19T15:07:23Z
Sep 19, 2022

I would rate this solution as eight out of ten. For those who want to use this solution, my advice is to go to Tenable's website and read about the solution so you can properly understand its features. There are demo videos too. That will help you make a decision about whether you want to use the tool or not. I would definitely recommend this solution to others who want to use it.

Dr Trust Tshepo Mapoka - PeerSpot reviewer
Senior Cybersecurity Consultant at CIA Botswana
Real User
Top 5
2022-08-22T16:44:50Z
Aug 22, 2022

I would advise anybody thinking of implementing Nessus that they should be competent with risk management language and do some training on the solution, otherwise, they won't understand anything. I would rate Nessus ten out of ten.

Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,994 professionals have used our research since 2012.
LO
Founder & CEO at a tech services company with 1-10 employees
Real User
Top 5
2022-07-29T14:24:10Z
Jul 29, 2022

My advice to others is for them to start using the free version to get used to the solution. I rate Tenable Nessus an eight out of ten.

Md. Shahriar Hussain - PeerSpot reviewer
Cyber Security & Compliance Lead Engineer at Banglalink
Real User
Top 5Leaderboard
2022-07-29T08:07:23Z
Jul 29, 2022

I rate this solution nine out of 10.

Wessam Altoumi - PeerSpot reviewer
Chief Commercial Officer at Yamamah Information Technology & Communication Systems LLC
Real User
Top 5
2022-07-14T06:48:15Z
Jul 14, 2022

It is a very good and useful tool. I would rate it a nine out of ten.

JK
CBO at a security firm with 11-50 employees
Reseller
Top 5
2022-06-16T15:24:35Z
Jun 16, 2022

I would rate this solution 8 out of 10.

BE
Security Analyst at PJM Interconnection
Real User
Top 20
2022-05-19T17:46:25Z
May 19, 2022

Security is complicated a subject. There's a lot involved in Tenable Nessus, but the solution is easy to run and manage and we have had a lot of good success with it. I rate Tenable Nessus a nine out of ten.

MH
Information Security Engineer at a tech services company with 11-50 employees
Real User
2022-03-21T18:59:56Z
Mar 21, 2022

Tenable is the best vulnerability management product in the world, and I recommend it. I would rate this solution a nine out of ten.

JR
Information Security Manager at a transportation company with 1,001-5,000 employees
Real User
2022-02-16T17:53:17Z
Feb 16, 2022

My advice to people who are looking into implementing this product would be to just go ahead and do it. Don't be frightened about it. It is great. It does exactly what you'd expect it to do. You can use it as a stepping stone to the other Tenable products. I would rate it a nine out of 10. It is a lovely product. It just does what you need it to do, and lets you get on with your day.

PK
Independ consultant
Consultant
2022-01-26T00:10:30Z
Jan 26, 2022

My advice to others is for them to focus on the cloud solution, and do as much as possible in the cloud. I rate Tenable Nessus an eight out of ten.

Dhananjay-Naldurgkar - PeerSpot reviewer
Senior Consultant - Cyber Security Services at Coforge
Real User
Top 10
2021-12-21T09:16:00Z
Dec 21, 2021

We have both on-premises and cloud-based deployment in our organization. The solution is good. I rate Tenable Nessus as a nine out of ten.

LO
Founder & CEO at a tech services company with 1-10 employees
Real User
Top 5
2021-12-08T22:52:56Z
Dec 8, 2021

It's important to test the solution so you know that it works for your situation. They have a trial version so it's easy to test before you purchase it. I rate this solution eight out of 10.

MK
Manager Information Security at a financial services firm with 51-200 employees
Real User
Top 5
2021-11-15T20:55:00Z
Nov 15, 2021

I would recommend Tenable Nessus. On a scale of one to ten, I would rate it an eight.

VK
Information Technology Security Specialist at a tech services company with 201-500 employees
Real User
Top 5
2021-10-06T11:18:42Z
Oct 6, 2021

On a scale from one to ten, I would give Tenable Nessus an eight.

Attila Mate Kovacs - PeerSpot reviewer
Senior Cyber Security Expert at a security firm with 11-50 employees
Real User
Top 5Leaderboard
2021-09-09T15:45:48Z
Sep 9, 2021

I would recommend this solution to others. I would rate Tenable Nessus a nine out of ten because it has many dimensions.

JV
Cyber Security Engineer at a manufacturing company with 5,001-10,000 employees
Real User
Top 5
2021-08-03T16:22:52Z
Aug 3, 2021

I rate this solution an eight out of 10.

Muhammad NavaidZafar Ansari - PeerSpot reviewer
Assistant Manager of Information Security at a pharma/biotech company with 1,001-5,000 employees
Real User
Top 10
2021-06-19T08:51:47Z
Jun 19, 2021

I am actually using the solution in three or four different organizations, including Engro and Martin Dow. There are two or three people using the solution in my organization on an ongoing basis in key dedicated positions. As Tenable Nessus lacks adequate network vulnerability scanning features, I rate it as a seven out of ten.

NagarajSheshachalam - PeerSpot reviewer
Lead Cyber Security engineer at a tech services company with 201-500 employees
Real User
Top 5
2021-05-19T12:15:00Z
May 19, 2021

There are at least ten people in our organization making use of the solution. Tenable Nessus is an appropriate solution for a small scale company, one with budgeting constraints and no complexities within the organization. It not that user-friendly. I would rate Tenable Nessus as a seven out of ten.

Kai Boon Giam - PeerSpot reviewer
Director at Data Connect Technologies Pte Ltd
Real User
Top 5
2021-04-06T11:59:58Z
Apr 6, 2021

So far, I am quite pleased with this product and don't have any complaints. I would recommend this solution to others who are interested in using it. I would rate this solution a nine out of ten.

AB
Chief Hacking Officer at a security firm with 1-10 employees
Real User
Top 20
2021-02-19T09:45:24Z
Feb 19, 2021

Ultimately, we plan to use this product less because it is something that we advise our customers to buy for themselves. They should not be using our solution. My advice for anybody who is considering Tenable Nessus is that it is easy to install, easy and straightforward to use, and not expensive. These are the reasons that we advice our customers to use it. I would rate this solution an eight out of ten.

SP
VP - Risks, Audits & InfoSec at a tech services company with 501-1,000 employees
Real User
2021-02-09T16:13:00Z
Feb 9, 2021

On a scale of one to ten, I would give Tenable Nessus an eight. What happens is Nessus keeps on updating and this becomes a showstopper. We are unable to proceed with the vulnerability scans or testing if we do not update to the latest available patch. We can understand the risk if it's maybe one version earlier, meaning, we understand something was updated with XYZ patch but there should be something which gives us an option so that not all of our deployments need to have the latest patch. This would save the deployment time because of frequent updates. I would recommend Tenable Nessus. Especially the commercial model. We operate in small and medium enterprises and for them, Nessus is becoming expensive. Because of this I may not buy Nessus this year and I might switch to Qualys, for example. Overall, Tenable Nessus is not so price pocket friendly for small and medium users.

DG
CSSP Manager at a tech services company with 51-200 employees
MSP
Top 5
2021-01-13T19:38:19Z
Jan 13, 2021

We're just customers. We're end-users. We don't have a business relationship with the company. We're using the solution as what I would consider a hybrid, where the security center is managed by another group. However, we have a scanner in our network that connects back to the security center and the DOD of Azure. We're largely happy with the product. Overall, I'd rate the solution eight out of ten. If it weren't for the reporting or the scanning difficulties, I would rate it higher.

FF
IT Security Operations Analyst at a manufacturing company with 10,001+ employees
Real User
2020-12-13T06:30:07Z
Dec 13, 2020

For anyone who is interested in this solution, they should test the scan timing to see if it consumes a lot of time or not. Research the remediation information to see if it is okay, or trust proof or not. The reporting works well and it allows you to share. Also, support is important. I would rate Tenable Nesuss an eight out of ten.

MH
Owner at a tech services company with 1-10 employees
Real User
Top 5
2020-12-07T21:15:00Z
Dec 7, 2020

The advice would be definitely doing your proof of concept because that's what you're going to need for your buy-in for your upper management because it is going to cost some money. I would do a hybrid version, where your own Nessus is internal, and then you have your cloud. If you lose connection to the internet, you could still run an internal Nessus scan to save the scan and then input the scan into Tenable.sc. Do your proof of concepts, get your reports, and use your proof of concepts when you do your presentation to upper management to purchase. If you use your own nodes and your own network as your proof of concept, it gives them an eye view of, "Hey, we're vulnerable because of this, and here's the tool that did it." To me, that was a better selling point because it was real. It wasn't the demo data. Once you have purchased it and get it all set up, use it continuously, meaning include your scanned reports with your change control. This way, it shuts all the administrators who have been there over 20 years and say, "Hey, I don't want to patch right now because it takes the network down." Yes, it's going to take the network down. However, the longer you wait, the more vulnerable you are because if I'm doing change requests every week, and I'm calling on more and more risk and you start to find the same nodes in the same reports, then somebody up high is going to say to the network administrator guy to fix it. I would rate Tenable Nessus a ten out of ten right now. If you had asked me last year, Rapid7 would have been the same and on top, but now that I've been using Tenable and I'm comparing the jobs that I'm doing right now, Tenable is cut and clear to what the report is saying. My favorite report is the VPR report. Instead of just looking at CVS numbers, it has a VPR report that ranks, whereas, in Rapid7, it's just focused on CVS. It is CVS version 2 or 3, which kind of gets confusing. For example, in Tenable, I can run a scheduled scan and have my report, but let's say, for instance, I did patching in the middle before my scheduled scan. I could kick off a new scan specifically for that vulnerability and get a report, whereas, in Rapid7, you could not easily do that. Therefore, you were stuck waiting for the scan to go again and to see if your mitigation efforts fixed it.

VP
Vulnerability Management Analyst at a financial services firm with 10,001+ employees
Real User
2020-10-04T06:40:14Z
Oct 4, 2020

We are simply customers. We don't have a business relationship with Tenable. We're using the latest version of the solution. I would definitely recommend this solution. It's the best that I've used so far. On a scale from one to ten, I'd rate it at an eight overall.

MadhavanSrinivasan - PeerSpot reviewer
CEO at Screenit Labs Pvt Ltd
Real User
2020-09-21T06:33:15Z
Sep 21, 2020

In some cases, we deploy on-premises because the customer is still evaluating the readiness to go to the cloud. A few of our customers are already on the cloud, and others are migrating. We have deployed on both models. With my experience, I would definitely recommend it. This is the only tool we have used recently. I would rate this solution an eight out of ten.

Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Real User
Top 5Leaderboard
2020-08-06T15:26:00Z
Aug 6, 2020

A cost/benefit interesting tool.

NM
CISO at a financial services firm with 201-500 employees
Real User
2019-11-27T05:42:00Z
Nov 27, 2019

If I were to speak to someone who works with IBM Guardium they would probably tell me, "Ah, Nessus is too simple for me. Guardium is better." But I can recommend Nessus to anyone who wants a good product for a "small amount of money." It's the best buy. When I speak with my colleagues we usually share our experiences. I know that some of my colleagues are thinking about Nessus for next year because they don't have any solution, but they need one, according to regulations. When I explain how it works they usually say that they will check into it. Probably, in Bosnia, there will be two more banks using Nessus in the next year. Alem, as a company, is very friendly and that's most important. They come to our office to explain things. They spent three or four hours here with me, explaining everything about Nessus. They suggested a free trial. It's important to have that kind of support. I know that if I need something, I can ask them without any problems, at any time. Overall, Nessus is working well.

JH
Network Security Engineer at a construction company with 1,001-5,000 employees
MSP
2019-11-18T07:22:00Z
Nov 18, 2019

Tenable mainly works on vulnerability scanning and prioritizing.

Keith S. Crumpton - PeerSpot reviewer
President and Sr CISO Consultant at CISO Consulting Inc.
Consultant
2019-11-14T06:34:00Z
Nov 14, 2019

If you're going to employ this product, it's the better one for smaller to medium businesses because of the executive documentation. I would not try to sell it as a technical tool for a technical group. As a consultant it would be best for you to run it and manage it for clients. With that, you're a one-stop shop for them. I would remind clients that most auditing requirements state that you need a third-party individual to do an assessment of your environment. As a consultant you would do that for them. Keep it in-house. I wouldn't sell it. The priority rating is an industry-standard rating, so it's not like it pulls it out of a hat. It's a known rating, so that's good.

JK
Security Architect at C. H. Robinson Worldwide, Inc.
Real User
2019-11-13T05:29:00Z
Nov 13, 2019

Leverage authenticated scans if you can. That reduces the number of false positives compared to just network-based scanning. Leverage the Tenable Agents if you can, as well, because that will help reduce the scan time and make it easier to get data from machines that are all over your network. The solution isn't really helping to reduce our exposure over time because there are always new vulnerabilities coming out. It's helping us keep track of what's out there better. The next part is going to be convincing external auditors that VPR is a reasonable way to actually prioritize, in terms of whatever our policy statements say for what we fix and how quickly; to get that to line up. A lot of people are still in the, "You must patch criticals with this number of days, highs with this number of days." We want to be able to turn that into a more risk-based approach but haven't really been able to do that. The users of the solution in our organization are really just the people on our security team, so the number is under ten people. They're really just using it to look at the vulnerabilities, analyze the vulnerabilities, and figure out where our risks are and what should get patched. For deployment and maintenance of the solution we have a quarter of an FTE.

JK
Senior Systems Administrator at Government Scientific Source
Real User
2019-11-07T10:35:00Z
Nov 7, 2019

Know that it's only a detection tool and that it has limitations as a detection tool, but the deployment can be pretty scalable. The solution didn't reduce the number of critical and high vulnerabilities we needed to patch first. It tells you what the critical vulnerabilities are that you need to patch, but it didn't reduce anything. It doesn't patch it for you. I would give Nessus a seven out of ten, as it doesn't automatically resolve the vulnerabilities. There are tools out there that give you an option: "Hey, do you want me to patch that vulnerability?" You just hit "yes" and it automatically does it. Nessus doesn't do that. And, as I said, the grouping could be a little bit better.

SD
Senior Infrastructure Project Manager at a energy/utilities company with 501-1,000 employees
Real User
2019-09-08T09:50:00Z
Sep 8, 2019

My advice to others would be to include post-implementation support for six months from the vendor to help with the fine-tuning. I rate this solution an eight out of ten. In the future, I would like to see better reporting for high impact vulnerabilities.

Miguel Angel Hernández Armas - PeerSpot reviewer
Implementation Engineer at GFx Soluciones
Real User
2019-01-16T20:28:00Z
Jan 16, 2019

Scans using agents are very useful, and taking advantage of them is the best way to take advantage of the tool.

Thomas Kung - PeerSpot reviewer
Senior Consultant at Foris
MSP
2018-10-28T09:34:00Z
Oct 28, 2018

I would suggest that people considering this solution should choose the cloud-based solution versus the on-premise version.

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Dec 15, 2021
Which is better and why?
See 1 answer
Janet Staver - PeerSpot reviewer
Tech Blogger
Dec 15, 2021
The thing I like most about Tenable Nessus is its ease of use. I also like that it has highly customizable scans. Compared to other tools I have used in the past, Nessus has more plugins/add-ons, tests, and templates. In addition to being easy to set up, it provides you with the ability to safely migrate applications to the cloud. Tenable Nessus scales well with good VPR scores too, and so far I haven’t experienced any challenges. Another feature I really like about it is the plug-in text information, which I find to be quite useful. Overall, from what I can tell, the solution is also very stable and fast. One downside is that I feel the technical support has been quite disappointing. Qualys VM is excellent. It successfully provides continuous monitoring, it is simple to install, easy to maintain, good for scaling, and has very helpful technical support. Qualys VM also includes asset tagging and asset grouping, which I really like. Their dashboard is also flexible, allowing you to customize it any way you need to. While Qualys VM is a great solution and is reasonably steady, it also has a lot of room for improvement. Although their dashboard is customizable, it would be better if it had different tabs that allowed you to see trending vulnerabilities so that the trend analysis is easier. It does not have any features for scanning SCADA, Industrial Control Systems, and IoT. And the solution itself is pretty generic and could benefit from the addition of more assets. Conclusion: Tenable Nessus was the right choice for me because it fulfilled my business requirements, but also because I felt Qualys VM still has a long way to go.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 24, 2021
Which do you use and why?
See 2 answers
Dovid Gelber - PeerSpot reviewer
Tech blogger
Nov 7, 2021
Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of the program is such that if a company should desire to handle the installation themselves, they would be able to do so. The updates that the program requires to keep up-to-date take up a large portion of the setup time. Tenable Nessus can be deployed in under an hour. The speed of an organization’s internet can impact how quickly the deployment will go. Furthermore, once it has been set up, only a small management team is necessary for maintenance. Tenable Nessus is an incredibly important program that provides businesses and organizations with robust protection. This ease of deployment and management gives it an edge over the competition. Tenable.io Vulnerability Management is basically comparable to Tenable Nessus in regards to setup and management. It is relatively straightforward to set up. A single person could deploy it in a non-business setting in a matter of hours. The setup can be handled without requiring a business to rely on the help of outside consultants. As with Tenable Nessus, a small team of two or three people is all that is necessary to manage the solution. Organizations can save a great deal of time and resources by choosing to utilize this solution. Tenable Nessus is a solution with good scalability. This can be accomplished with relative ease. However, the load that it can handle makes it a poor fit for larger organizations. At a certain point, the farther up you scale it, the more the solution quality diminishes. Tenable.io Vulnerability Management is able to offer a much higher level of scalability. It is typically used without trouble by organizations with many thousands of users. As with Tenable Nessus, the process is relatively simple. Conclusion: The actual difference in time and ease as far as deploying Tenable Nessus versus Tenable.io Vulnerability Management is negligible and cannot truly set one apart from the other. Ease of management is another area where these two solutions are very similar. A major difference between them is their scalability. While both can be scaled relatively easily, Tenable.io Vulnerability Management is able to handle a higher level of scalability, with the diminishment of quality being a far lesser concern than is the case with Tenable Nessus.
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Nov 24, 2021
Both, but I prefer Nessus Pro (costs and you can define out-of-band your better presentation/xLAP platform). Tenable.io has its facilities and extra plugins/views/analytics, but nothing that can't be externally performed by another ETL/presentation tool (for a fraction of cost, sometimes using free toolings like Pentaho, OpenRefine, OBIEE and others).
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 7, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 5 Vulnerability Management Tools to ...
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 7, 2022
Top 5 Vulnerability Management Tools in 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Tenable Nessus Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
655,994 professionals have used our research since 2012.