One thing that is important for us is that when the regulation agency is asking for something. we can send them reports from Nessus and they're very satisfied. If they're satisfied, and they don't have any problem or additional requests, that's most important.

In the past, before we implemented Nessus, we used several products that were doing vulnerability assessments for different machines. For instance, we were using an antivirus/anti-malware and end-point security application for vulnerability assessments for Windows machines. We were using free tools for vulnerability checking for Linux machines. And we were \using Qualys' free version for external IP addresses, because Qualys allows you to check something like three IP addresses for free. I created a report for our regulation agency by combining three or four reports. I spent two weeks making that report. Now, I can create that report in one day. Nessus provides me reports within two to three hours for all our Windows machines. For Linux machines, it's half an hour; for the network, it takes about one hour. So in one day, I have everything ready for the agency. 

Similarly, for my upper management, it's my responsibility to provide security reports on a monthly basis about viruses, malware, attacks, etc. Now, it is easier for me to prepare that kind of report. The reports are also more lavish than before. In the past, I had to prepare tables and sheets by myself. Now, everything is prepared for me. If I want to play around with reports I can export to Excel and I can filter the report. Nessus makes everything easier than it was before.

Nessus helps us keep our software up to date to avoid security vulnerabilities. It's a good tool for auditing our vulnerability management. 

Tenable Nessus has helped us with better visibility of the current security posture of our infrastructure and helped us be proactive about remediating those findings.

Tenable Nessus allows us to keep up on fixing the vulnerabilities that are either being exploited in the wild or the ones that we find most critical.

Nessus has more plugins/add-ons, tests, and templates than previous tools (OpenVas) and it is faster and customizable using CLI/API features. It offers enough resources for an interesting cost-benefit rating (for small and medium companies) and minus false-positive events per type of asset. 

It helped us to quickly produce a QuickWin report that guided the VulnerabilityMgmt actions and plans within the company's during the next 3-5 years using the same tool/investment/team for all companies inside the de group.  

Instead of just looking at high, medium or low risk for vulnerabilities, and having to remediate all of them, we can remediate in a more effective manner. We have limited resources for remediation work and we want to spend our time on the most critical issues.

It helps us focus resources on the vulnerabilities that are most likely to be exploited. It gives a higher VPR number where the things are more likely to be exploited, instead of just using the pure severity rating as a way to prioritize and decide to remediate.

We were a lot less vulnerable after implementing the changes that the application recommended.

The solution helped limit our company's cyber exposure by pointing out every single vulnerability we had and showing us how to fix them. By following the application's directions, we were less vulnerable to attackers. By implementing what the application told us to implement, we were able to fix the holes in our network and prevent any attackers from coming in.

The solution was a great help during the pandemic for closing down all those open vulnerabilities. Continuous scanning of the infra was helpful for identification on the web applications level.

I went to a client's site and I ran the report. They had a number of fives, fours, and threes. With that information, we were able to remediate the fives, fours, and threes down to a couple of threes.

It also helps to prioritize based on risk. If it provides a notification that you have an older operating system out there, for example, obviously you would have that as a higher risk and wish to remediate that above any and all other risks. It details what that the risk is and what you should do about it.

The solution helps to limit cyber exposure. By running it on a monthly basis, you tighten the window of opportunity for any nefarious individual to get into your environment. Industry standards say that you have to do it quarterly or yearly and I do it monthly, so I think I'm in a better position to secure the environment.

The solution reduces the number of critical and high vulnerabilities which need to be patched first. In terms of a percentage reduction, it's more of a detective control, along with the preventative control. I can't give you a percentage. It reduces the risks by providing the information that you can react to, quicker than finding out that you've been breached.

Nessus has greatly improved the security of our clients' networks. The comfortable management of their systems makes it easier for engineers to use the codes for each vulnerability or compliance. Deploying the server to launch the scans is very easy, and only the necessary prerequisites for scanning should be fulfilled. Nessus has been very valuable to the company.

When we do our scans, I'm able to give full reports of what's vulnerable per device. I could group them and say, "Hey, here's a vulnerability in the infrastructure. Here's all the host that needs to be addressed," by showing the report. When I give a report or a request for change, I would include the report so that they are undisputed. Instead of the sys admins giving the excuse of, "Hey, we don't have enough time," or, "We've already done it," or some other poor excuse, now I have a report behind it that says, "Hey, you're vulnerable with this. Here's the CVE, and here's the POC of the CVE," and then if I want to be a little bit more obnoxious, I provide them the POC that I ran with the proof that the POC is there, and then I'm able to say, "Hey, you need to patch this now."

My executives now are able to say, "Hey, you know what? The ISO gave you a directive to patch this with proof. Why haven't you done it?" Because now, as we know, all C-levels are ultimately responsible. If you have an ISO that is interfacing with sys admins saying, "Hey, here's a change that you need to patch it. Here's my proof that even has POC with proof and the report," then there is no benign, "Why haven't you done it?"

Tenable Nessus has helped us visualize the security posture of acquisitions. It provides actionable recommendations to the implementation team towards security remedies.

It helps us limit our vulnerabilities and to reduce exploitations.

Tenable also helps us focus resources on the vulnerabilities that are most likely to be exploited.

We use Tenable Nessus for scanning. We find lots of vulnerabilities and then we reduce the time spent on finding inbox vulnerabilities. Of course, Tenable streamlines the process. It has been a positive experience overall.

Tenable can scan for missing patches for the endpoints. We can scan it and then, once we can support any endpoint without patching, we inform our users.

This is something that allows us to quickly get a really important information context. We can now deliver highly professional consulting using the product.