I evaluated Qualys but the pricing scheme was different so did not go with that. Although Tenable was much more limited than Qualys.

I didn't have a lot of experience with this type of product. I heard and knew that vulnerability assessment is most important. We paid a company to do a pen-test in our bank. That was the first time I heard about vulnerability assessment and about Nessus, Qualys, and Guardium. At that moment, I started to think about it and to search for the best option for us.

In the past, it was tricky to find money for this kind of application. But recently, a new director started with our company. He understands what security actually means and that it's important for a bank. He gave me a bigger budget.

I started, one year ago, checking all products on the market for vulnerability checking and scanning. The first option was Qualys because everybody here, my colleagues, were saying that Qualys is the best. But there were two problems with Qualys for me. First, there is no on-premise version, only a cloud version. And the second issue was the price. The first issue, that Qualys is only connected to the cloud, was most important because I must prepare documents for our regulation agency in banking. With Qualys in the cloud, I would have to prepare risk assessments, etc., and that would be a lot of work for me. And then I would have to wait for that agency's approval, which could take some three months. Finally, when I started thinking, "Okay, I'll go that route and will prepare everything," when I asked about the price of Qualys here in Bosnia, I realized it was too much for us because we are a small bank.

I also checked an IBM solution, Guardium, because there are a lot of companies working with IBM here. It's easier to find solutions for IBM. The reason I didn't go with Guardium was its price.

After that, I started checking other products. Nessus was one of the options. I had a friend working for Alem Systems and spoke with him over a coffee. We spoke about solutions and he said, "Why don't you use Nessus? Nessus is good." He explained everything to me, and he showed me a demo and how it works in a particular company. I said, "Okay, if Nessus is good enough for me, who will sell it to me?" He said, "I will do that."

We are a small bank. I don't need to take care of 100 or 200 servers or many switches and routers and PCs. Nessus is easy to configure and it's easy to add additional searching and scanning for new assets, like a new router. I had seen Qualys at conferences, but I hadn't used it myself. A presenter showed how it worked, but I didn't have hands-on experience. My friend showed me Nessus and he gave me an idea of how to work with it. When I first used it by myself — I created a scheduled job for a server — when I got the report, I realized that it was easy for me, and that was great. Maybe Qualys has better graphics, but I didn't have experience with it. Nessus, now, is perfect.

Finally, I decided that the price was good enough for me and for my bosses. So I finally found a solution after six months.

I didn't need it to be something complicated, to have some NASA-level product. I needed it to work properly and simply, to show me what I need to do. I had to be able to explain to my system administrators what they should do. When I get a report I explain it and give it to my system administrators to solve the problem.

We use both the solution and Qualys which are leading tools in the industry.

Qualys is a complicated tool for users because it does not include easy-to-access instructions. It also reports more false positives. 

The solution is easier to use and includes instructions for running scans. 

Overall, the solution is a better tool than Qualys. 

I have also evaluated Qualys. There were some missing features, so we weren't able to detect vulnerabilities related to specific software, like Adobe and Java.

I have also used Tenable.sc.

We did evaluate other solutions before choosing Tenable Nessus, such as Rapid7. We choose Tenable Nessus because it was used by more customers and it seemed at the time to be more straightforward.

Several. OpenVas, Rapid7, Qualys, CORE* and Retina.

We would like to discover other solutions and do a comparison to see the better solution for our clients. We've, for example, tried to look into Cyber XM.

We also evaluated the Rapid7 Nexpose product, but it has a limitation that it supports 128 users then you have to buy another 128, but with  the Tenable Nessus enterprise edition, you have unlimited licenses to scan the device.

I have evaluated one other solution, but because of my company policies. I can't share that information.

Tenable has Tenable.io, and I believe that they have the remediation updated, but Tenable Nessus Professional does not. I don't think that they will continue to keep it available in the market. They should probably decommission it.

Remediation is better in other tools than with Nessus.

We were manually scanning before using Tenable Nessus. We looked at Rapid7 but we are satisfied with Tenable Nessus. 

In my region, our customers prefer Tenable over other products, like those offered by Qualys. They have approximately 80% of the market share.

We looked at Tenable, Qualys and Rapid7. We found Tenable was the best of all three.