Anonymous UserSecurity Architect at a logistics company
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"We have a patch management solution that scans for any patches that can be applied and then applies these patches, but it doesn't hit everything. It also doesn't find all misconfigurations and things like that. Arctic Wolf Managed Risk kind of fills in the gaps and makes us aware of vulnerabilities or misconfigurations that exist out there. It does an agent scan for software versions and compares them to what CVs are out there and lets us know."
"The most valuable feature is the breadth of vulnerabilities that it finds. It's able to find across a lot of different platforms and operating systems. It's also able to combine local testing with network-based testing."
"Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully."
"It also has an executive report where you don't have to provide the client all the detail for them to sift though. But if they wish to dig through the detail they can."
"Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities."
"The most valuable feature is how it scanned and detected through its database to let us know exactly what fixes we needed to put in place for the vulnerabilities. It detects and it also gives you the way to fix it."
"Nessus gives me a good preview of vulnerabilities and good suggestions for remediation. It's easy to find a description of a given vulnerability and solutions for it."
"Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips at documentation), tests against cloud providers, database profiles, several types of telecom devices, and others highly customizable scans."
"We have done code scanning for a long period because as a company, we do DevOps as part of our development life cycle."
"It could be easier to use. They could present things in a little bit more ranked order rather than kind of giving you everything out there. It should highlight the really important stuff and make it easier to get to good rather than perfect."
"There is room for improvement in finishing the transition to the cloud. We'd like to see them keep on improving the Tenable.io product, so that we can migrate to it entirely, instead of having to keep the Tenable.sc on-prem product."
"One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that."
"We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux."
"There is room, overall, for improvement in the way it groups the workstations and the way it detects, when the vulnerability is scanned. Even when we would run a new scan, if it was an already existing vulnerability, it wouldn't put a new date on it."
"One area that has room for improvement is the reporting. I'm preparing reports for Windows and Linux machines, etc. Currently, I'm collecting three or four reports and turning them into one report. I don't know if it is possible to combine all of them in one report, but that would be helpful."
"Model OS costs (and its segregation schema for individual modules)."
"We would like to have the option of using the solution for the cloud as well as on-premises with the same license at the same time. That would be very helpful."
"It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear."
"It depends on the company size quite a bit."
"Nowadays, your vulnerability applications are going to be kind of pricey because lots of them, including Rapid7, are based upon a base price, but then they add in the nodes. That's where they get you. If you're a big network, obviously, you need to scan everything. Therefore, it's going to be costly. The risk and insurance money associated with having ransomware on my networks is going to cost me more money, time, and marketing than the price of the tool. That's why I'm speaking only as an information security officer to security operations. This is the tool that is there in my toolbox to say whether we vulnerable or not. At this point, I don't care about how much it costs my company to have it because if I wasn't able to report it and we got ransomware, then who cares? I'm probably going to be out of business because it happened. That's why I don't care about the price. I have it, and I could use it effectively and do my report. At the end of the day, even if we get ransomware, as long as I reported it, followed my protocol, and put in the change, irrespective of whether it was ignored or denied, I did my job."
"We pay approximately $2,500 on a yearly basis."
"We have a subscription, the licensing fees are paid yearly, and I am using the latest version."
"We incurred a single cost for a perpetual license, although I cannot comment on the price as this is above my management level."
"The price is reasonable."
"In general, it is extremely expensive."
Arctic Wolf Managed Risk solution continuously probes external and internal networks, and hosts for vulnerabilities, while providing other operational scans; including, discovery of connected devices, and testing industry specific security control benchmark tests.
Nessus Professional is the industry’s most widely deployed assessment solution for identifying the vulnerabilities, configuration issues, and malware that attackers use to penetrate your, or your customer's network. With the broadest coverage, the latest intelligence, rapid updates, and an easy-to-use interface, Nessus offers an effective and comprehensive vulnerability scanning package for one low cost.
Arctic Wolf Managed Risk is ranked 16th in Vulnerability Management with 1 review while Tenable Nessus is ranked 1st in Vulnerability Management with 22 reviews. Arctic Wolf Managed Risk is rated 7.0, while Tenable Nessus is rated 8.4. The top reviewer of Arctic Wolf Managed Risk writes "Makes us aware of any vulnerabilities and does a brute force external scan of all the equipment, but should be made easier to use by highlighting the really important issues". On the other hand, the top reviewer of Tenable Nessus writes "Easy to use, good support, and gives full reports of what's vulnerable per device". Arctic Wolf Managed Risk is most compared with Tenable.io Vulnerability Management, Qualys VM, Rapid7 Metasploit and Barracuda Vulnerabitlity Manager, whereas Tenable Nessus is most compared with Tenable.io Vulnerability Management, Rapid7 InsightVM, Qualys VM, Tenable SC and Rapid7 Metasploit.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.