Tenable Nessus Other Advice
Be sure you have an appropriate amount of time available if you are not running an agent-based system. Pulling in results for 15,000 endpoints takes time because the solution can only fetch data for eight to ten endpoints at a time. You have to scan or you will have network traffic load issues.
I rate the solution a nine out of ten.
View full review »JT
Jerome TOUTEE
Former Employee of Orange Business Services as Head of Security Engineering at a comms service provider with 5,001-10,000 employees
People should use it because it is straightforward and simple. I would rate it seven out of ten, for the simplicity of usage and the quality of the security assessment that is done and the reporting.
View full review »It is a very good and useful tool. I would rate it a nine out of ten.
View full review »Buyer's Guide
Tenable Nessus
March 2024
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,578 professionals have used our research since 2012.
NM
reviewer1239462
CISO at a financial services firm with 201-500 employees
If I were to speak to someone who works with IBM Guardium they would probably tell me, "Ah, Nessus is too simple for me. Guardium is better." But I can recommend Nessus to anyone who wants a good product for a "small amount of money." It's the best buy.
When I speak with my colleagues we usually share our experiences. I know that some of my colleagues are thinking about Nessus for next year because they don't have any solution, but they need one, according to regulations. When I explain how it works they usually say that they will check into it. Probably, in Bosnia, there will be two more banks using Nessus in the next year.
Alem, as a company, is very friendly and that's most important. They come to our office to explain things. They spent three or four hours here with me, explaining everything about Nessus. They suggested a free trial. It's important to have that kind of support. I know that if I need something, I can ask them without any problems, at any time.
Overall, Nessus is working well.
View full review »AG
reviewer2154231
Information Security Analyst at a retailer with 1,001-5,000 employees
I rate Tenable Nessus nine out of 10. I recommend creating a Tenable Community account. Tenable uses that for support, but they also have a massive library of training videos that they call Tenable University. You can also access the Tenable Community forums where experts and general users can share information and ask questions.
View full review »The solution is a great tool for automation and reducing your team's efforts. If you have the budget and knowledgeable staff, then I recommend you use it.
I rate the solution an eight out of ten.
View full review »I recommend Tenable Nessus because it's a good solution, works properly, is not complicated to administrate, is simple to manage, and is stable.
I rate Tenable Nessus a nine out of ten.
View full review »We're using the latest version of the solution.
When you are doing a spot check, and something rescues you a lot from disaster, you really appreciate that service. The product has really worked for me.
I highly recommend the solution.
I'd suggest new users run a POC and exhaust all the functionality and test other solutions as well. At the end of the day, compare them. Don't forget to consider budgets. Ensure that it matches what your company needs and the budget that they have for that particular solution.
Make sure that functionality is taken into account. Some people only look at the budget and go for something cheaper and then do not have the functionality they require.
I'd rate the solution nine out of ten.
View full review »I rate this solution nine out of 10.
View full review »I'm a consultant.
We can deploy the solution either on-premises or on the cloud.
I'd advise potential new users to look at what the landscape is. And based on the landscape, they should be able to fit the product. You need to first consider your strategy and build towards that. We would recommend this solution to others if it seems to fit their needs.
I'd rate the solution nine out of ten.
View full review »SD
Sandip Deshmukh
Cyber Security Expert at Birlasoft IndiaLtd.
I would rate this solution as eight out of ten.
For those who want to use this solution, my advice is to go to Tenable's website and read about the solution so you can properly understand its features. There are demo videos too. That will help you make a decision about whether you want to use the tool or not.
I would definitely recommend this solution to others who want to use it.
View full review »In terms of the identification of vulnerabilities, this is a good tool. The engine it uses is accurate. However, it depends on which tool out of the stack you would use, and the scale of the infrastructure.
I rate Tenable Nessus a seven out of ten.
View full review »I'd recommend the product to others. If a company wants to use it for system analysis as part of the benchmarking of the systems or if a company wants to do security benchmarking, they can use this. They should be able to use the tool.
I'd rate the solution eight out of ten.
View full review »BE
Bryan Evans
Security Analyst at PJM Interconnection
Security is complicated a subject. There's a lot involved in Tenable Nessus, but the solution is easy to run and manage and we have had a lot of good success with it.
I rate Tenable Nessus a nine out of ten.
View full review »A cost/benefit interesting tool.
View full review »JR
reviewer1266162
Information Security Manager at a transportation company with 1,001-5,000 employees
My advice to people who are looking into implementing this product would be to just go ahead and do it. Don't be frightened about it. It is great. It does exactly what you'd expect it to do. You can use it as a stepping stone to the other Tenable products.
I would rate it a nine out of 10. It is a lovely product. It just does what you need it to do, and lets you get on with your day.
View full review »LM
reviewer1541385
Cybersecurity Manager at a manufacturing company with 10,001+ employees
I would recommend making sure that the solution meets your needs for automated scans and the SCAP. If you're looking for a one-stop shop, I think it's a great tool for that. I would recommend some form of training if you don't have experience with this kind of solution. There's a bit of a learning curve involved in terms of configuring and using Nessus.
I rate this solution an eight out of 10.
DD
Dobrisa Dobrenic
Assistant Director for Computing and Network infrastructure at SRCE
I rate the overall product a nine out of ten.
View full review »VA
reviewer2075424
Head of IT security at a financial services firm with 10,001+ employees
I would rate the solution a nine out of ten. It is one of the best tools to use if compliance is your priority.
View full review »My advice to others wanting to implement this solution is they need to understand what will be scanned. For example, if they are using internal servers or something similar, and is it on the cloud, or web applications, this is something they need to know. It's a good idea to evaluate these things on their end before choosing to use the solution. This solution focuses more on the servers or the network security side. Acunetix focuses more on the web application side. This is where the buyer has to evaluate and know their use case.
I rate Tenable Nessus a nine out of ten.
View full review »I would recommend it to others. It does everything that such a solution needs to do. It can check for vulnerabilities and compliance. It is also very easy to use. It is better than its competitors, such as Rapid7.
I trust Tenable solutions. I have worked with Tenable IO a few years ago, and with Tenable Nessus, I had the same feeling that I had with Tenable IO. It is a very good solution. It is more expensive than Tenable IO, but it is a complete solution.
I would rate it a nine out of ten.
View full review »SE
reviewer2295975
Senior cybersecurity engineer at a aerospace/defense firm with 5,001-10,000 employees
I recommend the solution to others. I rate the solution a nine out of ten.
View full review »Tenable Nessus is a great tool. I believe everyone should be using Tenable Nessus since it is a tool that can be used for vulnerability assessment when companies face some vulnerabilities to find security holes or threats.
I rate the overall solution a nine out of ten.
I would recommend Nessus Manager and rate it at eight on a scale from one to ten.
MB
Mouad BOUKIR
Works at a university with 1,001-5,000 employees
We are just end-users and customers.
I'm not sure which version of the solution we're using.
I'd rate the solution eight out of ten.
View full review »I would recommend this solution to others.
I rate Tenable Nessus a seven out of ten.
View full review »ME
reviewer1043379
Chief Executive Officer at a outsourcing company with 11-50 employees
I would rate Tenable Nessus a ten out of ten.
View full review »FC
Fatjon Celaj
Network Security Delivery Manager at alascom
I rate Tenable Nessus an eight out of ten.
View full review »JK
reviewer1229910
Security Architect at a logistics company with 10,001+ employees
Leverage authenticated scans if you can. That reduces the number of false positives compared to just network-based scanning. Leverage the Tenable Agents if you can, as well, because that will help reduce the scan time and make it easier to get data from machines that are all over your network.
The solution isn't really helping to reduce our exposure over time because there are always new vulnerabilities coming out. It's helping us keep track of what's out there better.
The next part is going to be convincing external auditors that VPR is a reasonable way to actually prioritize, in terms of whatever our policy statements say for what we fix and how quickly; to get that to line up. A lot of people are still in the, "You must patch criticals with this number of days, highs with this number of days." We want to be able to turn that into a more risk-based approach but haven't really been able to do that.
The users of the solution in our organization are really just the people on our security team, so the number is under ten people. They're really just using it to look at the vulnerabilities, analyze the vulnerabilities, and figure out where our risks are and what should get patched. For deployment and maintenance of the solution we have a quarter of an FTE.
View full review »SA
reviewer2002593
Security Compliance Officer at a tech services company with 51-200 employees
It is a good tool. It's not difficult to understand. It shouldn't be an issue as long as you know what you're doing.
I would rate Tenable Nessus a seven out of ten.
View full review »I would recommend Tenable Nessus.
On a scale of one to ten, I would rate it an eight.
View full review »NS
NagarajSheshachalam
Lead Cyber Security engineer at a tech services company with 201-500 employees
There are at least ten people in our organization making use of the solution.
Tenable Nessus is an appropriate solution for a small scale company, one with budgeting constraints and no complexities within the organization. It not that user-friendly.
I would rate Tenable Nessus as a seven out of ten.
View full review »JK
John-Kang
Senior Systems Administrator at Government Scientific Source, Inc.
Know that it's only a detection tool and that it has limitations as a detection tool, but the deployment can be pretty scalable.
The solution didn't reduce the number of critical and high vulnerabilities we needed to patch first. It tells you what the critical vulnerabilities are that you need to patch, but it didn't reduce anything. It doesn't patch it for you.
I would give Nessus a seven out of ten, as it doesn't automatically resolve the vulnerabilities. There are tools out there that give you an option: "Hey, do you want me to patch that vulnerability?" You just hit "yes" and it automatically does it. Nessus doesn't do that. And, as I said, the grouping could be a little bit better.
View full review »I would recommend others use this solution.
I rate Tenable Nessus a nine out of ten.
View full review »JF
reviewer1818828
Security Engineer at a media company with 10,001+ employees
I would advise others that if this solution fits your use case then I would try it out. Different environments require different solutions.
I rate Tenable Nessus an eight out of ten.
View full review »MC
reviewer1691895
Senior Partner
Zoom is a great solution. I did appreciate during the pandemic they offered it for free for a certain amount of callers. I thought that gesture was really great.
I rate Zoom a ten out of ten.
View full review »AM
Attila Mate Kovacs
Senior Cyber Security Expert at a security firm with 11-50 employees
I would recommend this solution to others.
I would rate Tenable Nessus a nine out of ten because it has many dimensions.
View full review »I give the solution an eight out of ten.
We have 100 workstations that all use the solution.
View full review »NK
Nilanjan Karmakar
Deputy Manager at a consultancy with 501-1,000 employees
We are currently trying to procure Tenable.io from Nessus.
I would definitely recommend Tenable Nessus to those who are operating in small environments, with like-sized infrastructure.
When it comes to a big company we should look towards OpenView. Tenable Nessus is not feasible for a large company. For a team comprising 1,000 people, it would be too unstable. Instead, Tenable.io. would be the appropriate choice since it contains a completely different infra.
I rate Tenable Nessus as an eight out of ten.
View full review »I rate Tenable Nessus nine out of 10. Nessus isn't suitable for everyone. It depends on the case. If you need reporting for the COs and stuff, Rapid7 is better. However, if you are implementing it as part of an ongoing VA or retention operation, you should probably use Tenable.
View full review »JK
reviewer1785186
CBO at a security firm with 11-50 employees
I would rate this solution 8 out of 10.
View full review »DN
Dhananjay-Naldurgkar
Senior Consultant - Cyber Security Services at a computer software company with 10,001+ employees
We have both on-premises and cloud-based deployment in our organization.
The solution is good.
I rate Tenable Nessus as a nine out of ten.
View full review »MZ
Muhammad NavaidZafar Ansari
Assistant Manager of Information Security at a pharma/biotech company with 1,001-5,000 employees
I am actually using the solution in three or four different organizations, including Engro and Martin Dow.
There are two or three people using the solution in my organization on an ongoing basis in key dedicated positions.
As Tenable Nessus lacks adequate network vulnerability scanning features, I rate it as a seven out of ten.
View full review »MB
MuhammadBilal4
Sr. Information Security Engineer at Rewterz
I would rate Tenable Nessus an eight on a scale of one to ten.
View full review »So far, I am quite pleased with this product and don't have any complaints. I would recommend this solution to others who are interested in using it.
I would rate this solution a nine out of ten.
View full review »FF
reviewer1387677
IT Security Operations Analyst at a manufacturing company with 10,001+ employees
For anyone who is interested in this solution, they should test the scan timing to see if it consumes a lot of time or not.
Research the remediation information to see if it is okay, or trust proof or not.
The reporting works well and it allows you to share. Also, support is important.
I would rate Tenable Nesuss an eight out of ten.
View full review »VP
reviewer1392108
Vulnerability Management Analyst at a financial services firm with 10,001+ employees
We are simply customers. We don't have a business relationship with Tenable.
We're using the latest version of the solution.
I would definitely recommend this solution. It's the best that I've used so far.
On a scale from one to ten, I'd rate it at an eight overall.
View full review »KC
Keith S. Crumpton
President and Sr CISO Consultant at Micro Strategies
If you're going to employ this product, it's the better one for smaller to medium businesses because of the executive documentation. I would not try to sell it as a technical tool for a technical group. As a consultant it would be best for you to run it and manage it for clients. With that, you're a one-stop shop for them. I would remind clients that most auditing requirements state that you need a third-party individual to do an assessment of your environment. As a consultant you would do that for them. Keep it in-house. I wouldn't sell it.
The priority rating is an industry-standard rating, so it's not like it pulls it out of a hat. It's a known rating, so that's good.
View full review »RT
Rachel TSAI
IT Manager at a educational organization with 1,001-5,000 employees
I rate Tenable Nessus an eight out of ten.
View full review »MH
Miguel Angel Hernández Armas
Implementation Engineer at GFx Soluciones
Scans using agents are very useful, and taking advantage of them is the best way to take advantage of the tool.
View full review »MS
MadhavanSrinivasan
CEO at Screenit Labs Pvt Ltd
In some cases, we deploy on-premises because the customer is still evaluating the readiness to go to the cloud.
A few of our customers are already on the cloud, and others are migrating. We have deployed on both models.
With my experience, I would definitely recommend it. This is the only tool we have used recently.
I would rate this solution an eight out of ten.
View full review »I recommend Tenable Nessus to others and rate it a seven out of ten.
View full review »I work with different products, e.g. firewalls, PAM technology, antivirus, WAF, and proxy. I'm handling information security in the government, not as a consultant. I deal with government procedures.
We deployed this solution on hardware, on VM.
We have 10 users of Tenable Nessus, and they are a mix of engineers and managers.
I'm scoring Tenable Nessus a ten out of ten.
MH
reviewer1397976
Owner at a tech services company with 1-10 employees
The advice would be definitely doing your proof of concept because that's what you're going to need for your buy-in for your upper management because it is going to cost some money. I would do a hybrid version, where your own Nessus is internal, and then you have your cloud. If you lose connection to the internet, you could still run an internal Nessus scan to save the scan and then input the scan into Tenable.sc. Do your proof of concepts, get your reports, and use your proof of concepts when you do your presentation to upper management to purchase. If you use your own nodes and your own network as your proof of concept, it gives them an eye view of, "Hey, we're vulnerable because of this, and here's the tool that did it." To me, that was a better selling point because it was real. It wasn't the demo data. Once you have purchased it and get it all set up, use it continuously, meaning include your scanned reports with your change control. This way, it shuts all the administrators who have been there over 20 years and say, "Hey, I don't want to patch right now because it takes the network down." Yes, it's going to take the network down. However, the longer you wait, the more vulnerable you are because if I'm doing change requests every week, and I'm calling on more and more risk and you start to find the same nodes in the same reports, then somebody up high is going to say to the network administrator guy to fix it.
I would rate Tenable Nessus a ten out of ten right now. If you had asked me last year, Rapid7 would have been the same and on top, but now that I've been using Tenable and I'm comparing the jobs that I'm doing right now, Tenable is cut and clear to what the report is saying. My favorite report is the VPR report. Instead of just looking at CVS numbers, it has a VPR report that ranks, whereas, in Rapid7, it's just focused on CVS. It is CVS version 2 or 3, which kind of gets confusing. For example, in Tenable, I can run a scheduled scan and have my report, but let's say, for instance, I did patching in the middle before my scheduled scan. I could kick off a new scan specifically for that vulnerability and get a report, whereas, in Rapid7, you could not easily do that. Therefore, you were stuck waiting for the scan to go again and to see if your mitigation efforts fixed it.
View full review »I would tell potential users that Tenable Nessus is suitable for device security.
On a scale from one to ten, I would give Tenable Nessus a seven.
View full review »TM
Dr Trust Tshepo Mapoka
Senior Cybersecurity Consultant at CIA Botswana
I would advise anybody thinking of implementing Nessus that they should be competent with risk management language and do some training on the solution, otherwise, they won't understand anything. I would rate Nessus ten out of ten.
View full review »PK
reviewer1768575
Independ consultant
My advice to others is for them to focus on the cloud solution, and do as much as possible in the cloud.
I rate Tenable Nessus an eight out of ten.
View full review »PD
ParveshDhurmea
Assistant Engineer at Harel Mallac Technologies Ltd
I would recommend this solution to others.
I rate Tenable Nessus a nine out of ten.
View full review »LO
Reviewer843121
Founder & CEO at a tech services company with 1-10 employees
My advice to others is for them to start using the free version to get used to the solution.
I rate Tenable Nessus an eight out of ten.
View full review »Tenable mainly works on vulnerability scanning and prioritizing.
View full review »FA
reviewer1596903
Senior Consultant at a tech services company with 11-50 employees
We're using the latest version of the solution. I can't speak to the exact version number.
I'd rate the solution at a seven out of ten. It's pretty great at vulnerability management, however, there are always ways to improve it.
I'd recommend the solution to other users.
View full review »AB
reviewer1496742
Chief Hacking Officer at a security firm with 1-10 employees
Ultimately, we plan to use this product less because it is something that we advise our customers to buy for themselves. They should not be using our solution.
My advice for anybody who is considering Tenable Nessus is that it is easy to install, easy and straightforward to use, and not expensive. These are the reasons that we advice our customers to use it.
I would rate this solution an eight out of ten.
View full review »TK
Thomas Kung
Senior Consultant at a tech company with 1,001-5,000 employees
I would suggest that people considering this solution should choose the cloud-based solution versus the on-premise version.
View full review »JV
reviewer1642203
Cyber Security Engineer at a manufacturing company with 5,001-10,000 employees
I rate this solution an eight out of 10.
View full review »DG
reviewer1453023
CSSP Manager at a tech services company with 51-200 employees
We're just customers. We're end-users. We don't have a business relationship with the company.
We're using the solution as what I would consider a hybrid, where the security center is managed by another group. However, we have a scanner in our network that connects back to the security center and the DOD of Azure.
We're largely happy with the product. Overall, I'd rate the solution eight out of ten. If it weren't for the reporting or the scanning difficulties, I would rate it higher.
View full review »SD
Infraprojman67
Senior Infrastructure Project Manager at a energy/utilities company with 501-1,000 employees
My advice to others would be to include post-implementation support for six months from the vendor to help with the fine-tuning. I rate this solution an eight out of ten. In the future, I would like to see better reporting for high impact vulnerabilities.
View full review »LO
Reviewer843121
Founder & CEO at a tech services company with 1-10 employees
It's important to test the solution so you know that it works for your situation. They have a trial version so it's easy to test before you purchase it.
I rate this solution eight out of 10.
VK
reviewer1687830
Information Technology Security Specialist at a tech services company with 201-500 employees
On a scale from one to ten, I would give Tenable Nessus an eight.
View full review »SP
reviewer1502784
VP - Risks, Audits & InfoSec at a tech services company with 501-1,000 employees
On a scale of one to ten, I would give Tenable Nessus an eight.
What happens is Nessus keeps on updating and this becomes a showstopper. We are unable to proceed with the vulnerability scans or testing if we do not update to the latest available patch. We can understand the risk if it's maybe one version earlier, meaning, we understand something was updated with XYZ patch but there should be something which gives us an option so that not all of our deployments need to have the latest patch. This would save the deployment time because of frequent updates.
I would recommend Tenable Nessus. Especially the commercial model. We operate in small and medium enterprises and for them, Nessus is becoming expensive. Because of this I may not buy Nessus this year and I might switch to Qualys, for example. Overall, Tenable Nessus is not so price pocket friendly for small and medium users.
View full review »KS
reviewer1157040
CyberSecurity Specialist at a tech services company with 11-50 employees
MH
reviewer1389510
Information Security Engineer at a tech services company with 11-50 employees
Tenable is the best vulnerability management product in the world, and I recommend it.
I would rate this solution a nine out of ten.
View full review »Buyer's Guide
Tenable Nessus
March 2024
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,578 professionals have used our research since 2012.