Anonymous UserSecurity Architect at a logistics company
DimitrisMakrisInformation Security Architect at a tech services company
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The solution is very stable."
"The most valuable feature is the breadth of vulnerabilities that it finds. It's able to find across a lot of different platforms and operating systems. It's also able to combine local testing with network-based testing."
"Nessus is good at finding out what nodes you have in place. It will then provide you a report, by node, of what the vulnerabilities are. It does it quickly and stealthfully."
"It also has an executive report where you don't have to provide the client all the detail for them to sift though. But if they wish to dig through the detail they can."
"Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities."
"The most valuable feature is how it scanned and detected through its database to let us know exactly what fixes we needed to put in place for the vulnerabilities. It detects and it also gives you the way to fix it."
"Nessus gives me a good preview of vulnerabilities and good suggestions for remediation. It's easy to find a description of a given vulnerability and solutions for it."
"Scanners and reports using CIS templates ("de-facto" standard, easy to fix and to locate correction tips at documentation), tests against cloud providers, database profiles, several types of telecom devices, and others highly customizable scans."
"Tripwire IP360 is a very stable solution."
"I would like to see an improvement in the ranking of high, medium and low vulnerability."
"There is room for improvement in finishing the transition to the cloud. We'd like to see them keep on improving the Tenable.io product, so that we can migrate to it entirely, instead of having to keep the Tenable.sc on-prem product."
"One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that."
"We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux."
"There is room, overall, for improvement in the way it groups the workstations and the way it detects, when the vulnerability is scanned. Even when we would run a new scan, if it was an already existing vulnerability, it wouldn't put a new date on it."
"One area that has room for improvement is the reporting. I'm preparing reports for Windows and Linux machines, etc. Currently, I'm collecting three or four reports and turning them into one report. I don't know if it is possible to combine all of them in one report, but that would be helpful."
"Model OS costs (and its segregation schema for individual modules)."
"We would like to have the option of using the solution for the cloud as well as on-premises with the same license at the same time. That would be very helpful."
"I am not very impressed by the technical support."
"Nowadays, your vulnerability applications are going to be kind of pricey because lots of them, including Rapid7, are based upon a base price, but then they add in the nodes. That's where they get you. If you're a big network, obviously, you need to scan everything. Therefore, it's going to be costly. The risk and insurance money associated with having ransomware on my networks is going to cost me more money, time, and marketing than the price of the tool. That's why I'm speaking only as an information security officer to security operations. This is the tool that is there in my toolbox to say whether we vulnerable or not. At this point, I don't care about how much it costs my company to have it because if I wasn't able to report it and we got ransomware, then who cares? I'm probably going to be out of business because it happened. That's why I don't care about the price. I have it, and I could use it effectively and do my report. At the end of the day, even if we get ransomware, as long as I reported it, followed my protocol, and put in the change, irrespective of whether it was ignored or denied, I did my job."
"We pay approximately $2,500 on a yearly basis."
"We have a subscription, the licensing fees are paid yearly, and I am using the latest version."
"We incurred a single cost for a perpetual license, although I cannot comment on the price as this is above my management level."
"The price is reasonable."
"I believe the price compares well within the market."
Earn 20 points
Nessus Professional is the industry’s most widely deployed assessment solution for identifying the vulnerabilities, configuration issues, and malware that attackers use to penetrate your, or your customer's network. With the broadest coverage, the latest intelligence, rapid updates, and an easy-to-use interface, Nessus offers an effective and comprehensive vulnerability scanning package for one low cost.
Tripwire IP360 delivers risk-based vulnerability assessment and asset discovery capabilities. With IP360, you get:
Tenable Nessus is ranked 1st in Vulnerability Management with 22 reviews while Tripwire IP360 is ranked 9th in Vulnerability Management with 2 reviews. Tenable Nessus is rated 8.2, while Tripwire IP360 is rated 7.6. The top reviewer of Tenable Nessus writes "Easy to use, good support, and gives full reports of what's vulnerable per device". On the other hand, the top reviewer of Tripwire IP360 writes "Helps us prioritize vulnerabilities but the dashboard and reporting need to improve". Tenable Nessus is most compared with Tenable.io Vulnerability Management, Rapid7 InsightVM, Tenable SC, Qualys VM and F-Secure Radar, whereas Tripwire IP360 is most compared with Tenable SC, Trend Micro Deep Security, Qualys VM, Qualys Web Application Scanning and Symantec Data Center Security. See our Tenable Nessus vs. Tripwire IP360 report.
See our list of best Vulnerability Management vendors.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.