• Home
  • Tenable Nessus vs. Wiz

Tenable Nessus vs Wiz comparison

Cancel
You must select at least 2 products to compare!
Tenable Logo
Tenable Nessus
Read 75 Tenable Nessus reviews
11,521 views|8,491 comparisons
98% willing to recommend
Wiz Logo
Wiz
Read 11 Wiz reviews
8,490 views|6,372 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Tenable Nessus vs. Wiz
May 2024
Executive Summary
Updated on Mar 13, 2024

Tenable Nessus excels in comprehensive vulnerability scanning, robust reporting, and flexibility in customization, but users desired better reporting capabilities, integration options, and faster scanning speeds. On the other hand, Wiz stands out for data security, exposure prevention, and focus on actionable insights, but users requires UI improvements, more customizations.

  • Features: Tenable Nessus shines with its comprehensive vulnerability scanning and customization for scans, while Wiz is praised for its intuitive interface, cloud security posture management, workload protection, vulnerability management, and agentless scanning.
  • Pricing and ROI: Tenable Nessus users find the pricing reasonable and setup cost straightforward, but wish for more flexible licensing options. In contrast, Wiz users appreciate the affordability, ease of installation, and highlighting the licensing terms. Tenable Nessus received praise for cost savings and improved security posture. Wiz was also commended for delivering value and results but lacked mentioned specifics.
  • Room for Improvement: Tenable Nessus users request better reporting capabilities, enhanced integration options, more intuitive UI, and faster scanning speeds. In comparison, Wiz users seek a smoother UI, custom visual design, clearer instructions, advanced analytics, and integration with other platforms.
  • Deployment and customer support: Wiz users reported spending more time on deployment and setup. The deployment time for Tenable ranging from a few days to over a month and the setup from one day to several weeks. Tenable offers helpful and responsive customer service. Wiz provides consistently excellent support, emphasising quick issue resolution and making users feel valued.

The summary above is based on 56 interviews we conducted recently with Tenable Nessus and Wiz users. To access the review's full transcripts, download our report.

To learn more, read our detailed Tenable Nessus vs. Wiz Report (Updated: May 2024).
Download the complete report
770,292 professionals have used our research since 2012.
Featured Review
Bryan Evans
Useful vulnerability detection, highly scalable, and good support
Tenable Nessus allows us to keep up on fixing the vulnerabilities that are either being exploited in the wild or the ones that we find most critical.
Mihir Ashar
Provides profound visibility into vulnerabilities across our cloud environment and outstanding customer support
Wiz helped us reduce blind spots in our risk detection capabilities; the older tools we previously used did not offer the same level of visibility... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature of Tenable Nessus is the support it provides for any new vulnerabilities quickly.""The most valuable features of Tenable Nessus are the scanning option. Advanced scanning is highly useful. The offline config audits and application assessments are useful.""I like its ease of use. It has the script that is pre-built in it, and you just got to know which ones you're looking for.""The solution is great for scanning servers.""Tenable Nessus streamlines the process of scanning for our organization.""The solution can scale well.""The most valuable feature of Tenable Nessus is the dashboard. They are convenient to use.""It allows me to prioritize efforts and utilize effective technical resources."

More Tenable Nessus Pros →

"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment.""The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI.""The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster.""Our most important features are those around entitlement, external exposure, vulnerabilities, and container security.""The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at.""The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address.""Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk.""The solution is very user-friendly."

More Wiz Pros →

Cons
"Consumes more system resources when it's running.""The tool needs to upgrade asset tracking.""One significant drawback we encounter is the tool's tendency to flag patched packages incorrectly. For instance, if a package is patched by Debian maintainers but not updated to a major or minor version, Nessus may still flag it as vulnerable based on its database. This discrepancy leads to false alarms and requires our developers, system admins, and DevOps teams to address them.""I think the reporting templates could be improved with Tenable Nessus.""The reporting is a bit cumbersome.""It would be better if they had application-level support for mobile devices. They don't have anything to scan mobile devices. Tenable Nessus doesn't have a mobile application vulnerability assessment. I also have issues with the false positive rates. The product has limited features.""The price could be more reasonable. I used the free Nessus version in my lab with which you can only scan 16 IP addresses. If I wanted to put it in the lab in my network at work, and I'm doing a test project that has over 30 nodes in it, I can't use the free version of Nessus to scan it because there are only 16 IP addresses. I can't get an accurate scan. The biggest thing with all the cybersecurity tools out there nowadays, especially in 2020, is that there's a rush to get a lot of skilled cybersecurity analysts out there. Some of these companies need to realize that a lot of us are working from home and doing proof of concepts, and some of them don't even offer trials, or you get a trial and it is only 16 IP addresses. I can't really do anything with it past 16. I'm either guessing or I'm doing double work to do my scans. Let's say there was a license for 50 users or 50 IP addresses. I would spend about 200 bucks for that license to accomplish my job. This is the biggest complaint I have as of right now with all cybersecurity tools, including Rapid7, out there, especially if I'm in a company that is trying to build its cybersecurity program. How am I going to tell my boss, who has no real budget of what he needs to build his cybersecurity program, to go spend over $100,000 for a tool he has never seen, whereas, it would pack the punch if I could say, "Let me spend 200 bucks for a 50 user IP address license of this product, do a proof of concept to scan 50 nodes, and provide the reason for why we need it." I've been a director, and now I'm an ISO. When I was a director, I had a budget for an IT department, so I know how budgets work. As an ISO, the only thing that's missing from my C-level is I don't have to deal with employees and budgets, but I have everything else. It's hard for me to build the program and say, "Hey, I need these tools." If I can't get a trial, I would scratch that off the list and find something else. I'm trying to set up Tenable.io to do external PCI scans. The documentation says to put in your IP addresses or your external IP addresses. However, if the IP address is not routable, then it says that you have to use an internal agent to scan. This means that you set up a Nessus agent internally and scan, which makes sense. However, it doesn't work because when you use the plugin and tell it that it is a PCI external, it says, "You cannot use an internal agent to scan external." The documentation needs to be a little bit more clear about that. It needs to say if you're using the PCI external plugin, all IP addresses must be external and routable. It should tell the person who's setting it up, "Wait a minute. If you have an MPLS network and you're in a multi-tenant environment and the people who hold the network schema only provide you with the IP addresses just for your tenant, then you are not going to know what the actual true IP address that Tenable needs to do a PCI scan." I've been working on Tenable.io to set up PCI scans for the last ten days. I have been going back and forth to the network thinking I need this or that only to find out that I'm teaching their team, "Hey, you know what, guys? I need you to look past your MPLS network. I need you to go to the edge's edge. Here's who you need to ask to give me the whitelist to allow here." I had the blurb that says the plugin for external PCI must be reachable, and you cannot use an internal agent. I could have cut a few days because I thought I had it, but then when I ran it, it said that you can't run it this way. I wasted a few hours in a day. In terms of new features, it doesn't require new features. It is a tool that has been out there for years. It is used in the cybersecurity community. It has got the CV database in it, and there are other plugins that you could pass through. It has got APIs you can attach to it. They can just improve the database and continue adding to the database and the plugins to make sure those don't have false positives. If you're a restaurant and you focus on fried chicken, you have no business doing hamburgers.""The inventory management function in this solution needs improvement."

More Tenable Nessus Cons →

"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that.""We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform.""The only thing that needs to be improved is the number of scans per day.""Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform.""One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging.""We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next.""The remediation workflow within the Wiz could be improved.""The solution's container security could be improved."

More Wiz Cons →

Pricing and Cost Advice
  • "The pricing is much more manageable versus other products."
  • "The price of Tenable Nessus is much more competitive versus other solutions on the market."
  • "I think the price is fairly affordable. It provides a license that is fair."
  • "Nowadays, your vulnerability applications are going to be kind of pricey because lots of them, including Rapid7, are based upon a base price, but then they add in the nodes. That's where they get you. If you're a big network, obviously, you need to scan everything. Therefore, it's going to be costly. The risk and insurance money associated with having ransomware on my networks is going to cost me more money, time, and marketing than the price of the tool. That's why I'm speaking only as an information security officer to security operations. This is the tool that is there in my toolbox to say whether we vulnerable or not. At this point, I don't care about how much it costs my company to have it because if I wasn't able to report it and we got ransomware, then who cares? I'm probably going to be out of business because it happened. That's why I don't care about the price. I have it, and I could use it effectively and do my report. At the end of the day, even if we get ransomware, as long as I reported it, followed my protocol, and put in the change, irrespective of whether it was ignored or denied, I did my job."
  • "We pay approximately $2,500 on a yearly basis."
  • "We have a subscription, the licensing fees are paid yearly, and I am using the latest version."
  • "We incurred a single cost for a perpetual license, although I cannot comment on the price as this is above my management level."
  • "The price is reasonable."

    • More Tenable Nessus Pricing and Cost Advice →

  • "The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."
  • "The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing."
  • "The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time."
  • "I wish the pricing was more transparent."
  • "The cost of the other solutions is comparable to Wiz."
  • "Wiz is a moderately priced solution, where it is neither cheap nor costly."

    • More Wiz Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
    See Recommendations
    770,292 professionals have used our research since 2012.
    Questions from the Community
    How would you choose between Rapid7 InsightVM and Tenable Nessus?
    Top Answer:You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid7… more »
    Read all 2 answers   →
    What's the difference between Tenable Nessus and Tenable.io Vulnerability...
    Top Answer: Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of the program is such that if a company should desire to handle the installation… more »
    Read all 2 answers   →
    What do you like most about Tenable Nessus?
    Top Answer:We have around 500 virtual machines. Therefore, we conduct monthly scans and open tickets for our developers to address identified vulnerabilities. These scans cover the servers, other network… more »
    Read all 53 answers   →
    How would you compare Wiz vs Lacework?
    Top Answer:Wiz and Lacework sucks... Buy Orca. 
    AWS Cloud Security Posture tool - has anyone used either Wiz or Ermetic ...
    Top Answer:Whether or not the cost of third-party Cloud Security tools is justified would depend on your specific needs and budget. Suppose you are looking for a comprehensive Cloud Security solution that can… more »
    What do you like most about Wiz?
    Top Answer:With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment.
    Read all 7 answers   →
    Ranking
    3rd
    out of 111 in Vulnerability Management
    Views
    11,521
    Comparisons
    8,491
    Reviews
    29
    Average Words per Review
    429
    Rating
    8.4
    4th
    out of 111 in Vulnerability Management
    Views
    8,490
    Comparisons
    6,372
    Reviews
    11
    Average Words per Review
    1,370
    Rating
    9.2
    Comparisons
    Learn More
    Tenable
    Wiz
    Overview

    Tenable Nessus is a vulnerability management solution that aims to empower organizations to be aware of threats that both they and their customers face. It is the most deployed scanner in the vulnerability management industry. Organizations that use this product have access to the largest continuously updated global library of vulnerability and configuration checks. They can stay ahead of threats that Tenable Nessus’s competitors may be unable to spot. Additionally, Tenable Nessus supports a greater number of technologies than its competitors.

    Tenable Nessus Benefits

    Some of the ways that organizations can benefit by deploying Tenable Nessus include:

    • Ease of use. Tenable Nessus is designed with security administrators in mind. It is built so that users can manipulate it intuitively without having to undergo special systems training. Users can create security policies with the greatest level of ease and can initiate scans of their entire networks with only a few clicks.
    • Support and resources. Tenable Nessus has both a support system of clarification resources and technical support for users to rely on. The solution has a resource center that contains guides and tips that can clarify things that confuse users and can aid them in gaining the maximum level of value. Additionally, users can reach out to Tenable Nessus’s technical support team, which is available around the clock and is reachable via a number of methods. This makes it simple for users to get help if they need it.
    • Reduction of threat vectors. Tenable Nessus provides users with the ability to reduce the number of potential threat vectors that a hacker can exploit. It enables users to find where the vulnerabilities in their networks are so their security won’t be compromised. They can then quickly address those weak points and head off issues before any have the chance to arise.

    Tenable Nessus Features

    • Report customization. Tenable Nessus enables users to customize the security reports that their system produces. They are able to set Tenable Nessus to generate reports that contain the information that is most relevant to their business objectives. Users can also utilize these report customization capabilities to customize the formats of their reports.
    • Vulnerability triage capability. Included in the Tenable Nessus security suite is a feature that enables users to conduct a triage of their vulnerabilities. The solution can apply one of five ratings to vulnerabilities that it detects. This makes it possible for organizations to work on addressing issues by order of severity.
    • Scaling. Tenable Nessus can scale to meet an organization’s needs by migrating the network that it is connected to, to other Tenable solutions. Users can scale up their systems as their security demands increase. It is capable of reaching hundreds of thousands of systems.

    Reviews from Real Users

    Tenable Nessus is a solution that stands out when compared to many of its competitors. Two major advantages it offers are its ease of use and its vulnerability scanning feature.

    Rallis F., the principal security architect at a technology vendor, writes, “The ease of use is the primary valuable feature. This specific version is very straightforward. I like the ability to modify it and configure it based on the different policies.”

    Sandip D., a cyber security expert at Birlasoft India Ltd, writes, “The vulnerability scanner is the most valuable feature. It's an important feature for us. We use the plugin output for that. It shows us the exact version of Nessus and what is needed for remediation. Based on that, we decide what should be remediated first to get the best result for security.”

    Wiz is a highly efficient solution for data security posture management (DSPM), with a 100% API-based approach that provides quick connectivity and comprehensive scans of platform configurations and workloads. The solution allows companies to automatically correlate sensitive data with relevant cloud context, such as public exposure, user identities, entitlements, and vulnerabilities.This integration enables them to understand data accessibility, configuration, usage, and movement within their internal environments.

    Wiz's Security Graph delivers automated alerts whenever risks emerge, allowing teams to prioritize and address the most critical issues before they escalate into breaches. Furthermore, Wiz ensures rapid and agentless visibility into critical data across various repositories, enabling organizations to easily determine the location of their data assets.

    Wiz Features

    Wiz provides various features in the following categories:

    • Agentless Scanning: The solution can scan every layer of a cloud environment without requiring agents, managing the entire process and providing comprehensive visibility.

    • Workflow Integration: Users can create customized workflows within Wiz to identify and assign actions based on urgency, integrating them with ticketing systems for quick and efficient remediation.

    • Vulnerability Management: Wiz's vulnerability management modules provide detailed analytics and visibility across cloud systems, streamlining the manual process of vulnerability discovery. The automated attack path analysis helps identify risks and trace potential points of exposure, allowing users to understand and mitigate them effectively and proactively.

    • CSPM (Cloud Security Posture Management): Wiz's CSPM module offers instant visibility into high-level risks to an enterprise’s cloud environment, covering all accounts without the need for agents.

    • Out-of-the-Box Reporting and Custom Queries: The service supports comprehensive reporting with asset context, allowing users to perform complex custom queries on the solution’s user-friendly interface.

    • Automation Roles and Dashboards: The solution facilitates automation by providing essential roles and dedicated dashboards that enable teams to understand security information quickly, even those with limited expertise.

    • Contextual Risk Evaluation: The service contextualizes the various components contributing to an issue, providing a risk evaluation framework that helps prioritize remediation efforts.

    • Security Graph and Visibility: Wiz's security graph offers visibility across the entire organization, even with multiple accounts, enabling users to understand their environment and assets effectively.

    The Benefits of Wiz

    Wiz offers the following benefits:


    • Comprehensive agentless scanning

    • Effective identification and mitigation of vulnerabilities

    • Streamlined vulnerability management

    • Robust reporting capabilities and customizable queries

    • Enhanced automation and role-based access control

    • Prioritized risk evaluation for efficient remediation

    • Security posture across multiple accounts

    Reviews from Real Users

    Kamran Siddique, VP Information Security at boxed.com, remarks his company has seen a ROI while using Wiz, as it simplifies the process by integrating multiple useful tools into one solution.

    According to a Senior Security Architect at Deliveroo, Wiz has given their company a fresh approach to vulnerability management, as Wiz's native integrations are extremely useful and paramount to the operational success of their platform.



    Get a demo | Wiz

    Sample Customers
    Bitbrains, Tesla, Just Eat, Crosskey Banking Solutions, Covenant Health, Youngstown State University
    Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog  Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz
    Top Industries
    REVIEWERS
    Computer Software Company14%
    Financial Services Firm12%
    Security Firm9%
    Manufacturing Company9%
    VISITORS READING REVIEWS
    Educational Organization35%
    Computer Software Company11%
    Government7%
    Financial Services Firm7%
    REVIEWERS
    Computer Software Company38%
    Retailer13%
    Outsourcing Company13%
    Manufacturing Company13%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm14%
    Manufacturing Company9%
    Government6%
    Company Size
    REVIEWERS
    Small Business40%
    Midsize Enterprise22%
    Large Enterprise38%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise43%
    Large Enterprise41%
    REVIEWERS
    Small Business17%
    Midsize Enterprise25%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise65%
    Buyer's Guide
    Tenable Nessus vs. Wiz
    May 2024
    Free Report: Tenable Nessus vs. Wiz
    Find out what your peers are saying about Tenable Nessus vs. Wiz and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    770,292 professionals have used our research since 2012.

    Tenable Nessus is ranked 3rd in Vulnerability Management with 75 reviews while Wiz is ranked 4th in Vulnerability Management with 11 reviews. Tenable Nessus is rated 8.4, while Wiz is rated 9.2. The top reviewer of Tenable Nessus writes "Unlimited assets for one price and quick, agentless results". On the other hand, the top reviewer of Wiz writes "Multiple features help us prioritize remediation, and agentless implementation reduces overhead". Tenable Nessus is most compared with Qualys VMDR, Rapid7 InsightVM, Tenable Security Center, Tenable Vulnerability Management and Fortra Tripwire IP360, whereas Wiz is most compared with Prisma Cloud by Palo Alto Networks, Orca Security, Microsoft Defender for Cloud, AWS Security Hub and Lacework. See our Tenable Nessus vs. Wiz report.

    See our list of best Vulnerability Management vendors.

    We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.