We performed a comparison between SecurityScorecard and Tenable Nessus based on real PeerSpot user reviews.
Find out what your peers are saying about RSA, OneTrust, BitSight and others in IT Vendor Risk Management."With its automated approach, nothing is missed on the IPs your organization is related to."
"One of its most effective features for risk identification is its enterprise-ready automation for third-party risk measurements."
"I rate the product's initial setup phase a nine on a scale of one to ten, where one is a difficult setup phase, and ten is an easy setup process."
"The solution helps identify our environment's vulnerabilities."
"The results are not that bad, but the key selling point is that it is an affordable tool set."
"My favorite part about Nessus is that you can customize the tool to scan exactly what you want. Microsoft releases new patches monthly on Patch Tuesday, and a lot of companies track that date. I set up Nessus for the day after Patch Tuesday to see which devices have already pushed those updates from Microsoft, so we can stay updated."
"Tenable Nessus has a good performance, is very user-friendly, and is easy to use."
"The most valuable feature of Tenable Nessus is real-time monitoring."
"The most valuable features of Tenable Nessus are the scanning option. Advanced scanning is highly useful. The offline config audits and application assessments are useful."
"I like its ease of use. It has the script that is pre-built in it, and you just got to know which ones you're looking for."
"The solution can scale well."
"The solution is great for scanning servers."
"There could be more information in regards to solving problems like hints on what specifically to look for."
"SecurityScorecard's technical team's response time is an area that my company expects to be made faster."
"The tool needs to have the ability to mitigate vulnerabilities with alternative solutions."
"They could improve the process with a questionnaire module for the product."
"The price and scalability of the solution could improve."
"The tool needs to upgrade asset tracking."
"It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear."
"This is still a maturing product. Tenable is only a scanner for one ability, while other solutions like Rapid7 have more tools for verification. We still have to manually verify to see if the vulnerability is a false positive or not."
"The accuracy of the vulnerability assessment is not up to par yet, as false alarms and false positives occur often."
"You can scale Nessus to the extent that you can afford it. You need to have a license for every device you scan. As long as you can afford the increased costs, you won't have a problem scaling it."
"Model OS costs (and its segregation schema for individual modules)."
"We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux."
SecurityScorecard is ranked 5th in IT Vendor Risk Management with 4 reviews while Tenable Nessus is ranked 3rd in Vulnerability Management with 75 reviews. SecurityScorecard is rated 8.0, while Tenable Nessus is rated 8.4. The top reviewer of SecurityScorecard writes "Easy-to-deploy product with good technical support services ". On the other hand, the top reviewer of Tenable Nessus writes "Unlimited assets for one price and quick, agentless results". SecurityScorecard is most compared with Bitsight Third-Party Risk Management, Recorded Future, RiskRecon, Rapid7 InsightVM and Black Kite, whereas Tenable Nessus is most compared with Qualys VMDR, Rapid7 InsightVM, Tenable Vulnerability Management, Tenable Security Center and Pentera.
We monitor all IT Vendor Risk Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.