We just raised a $30M Series A: Read our story
LM
Cybersecurity Manager at a manufacturing company with 10,001+ employees
Real User
Top 20
Excellent at identifying vulnerabilities and accessing information related to that

Pros and Cons

  • "Ease of reviewing scores, identifying vulnerabilities, and getting information on them."
  • "Scans aren't done properly and some devices aren't pinged."

What is most valuable?

The valuable feature for me is being able to ping the computers to do the automated scan and to come back and be able to see everything. That's definitely a huge plus, but then there's also the ease of reviewing the scores, identifying vulnerabilities, and getting the information on the vulnerabilities; the ability to review all that within one tool has been phenomenal. When we're reviewing those Nessus scores, the solution works well.

What needs improvement?

I think there's still some things that need to be ironed out to ensure that we can have a one-stop shop to do both ACAS, SCAP automated assessments in. We've been trying to do that and they say you can, the capability is integrated into the system. But in most instances, especially when you're dealing with some systems that are standalone or a network that we built ourselves, we find that some devices aren't pinged and the scans aren't done properly. That also comes down to the hardening of the systems where the password or the privileges weren't taken, so therefore it didn't do the scan properly. 

For how long have I used the solution?

I've been using this solution for the past six or seven years. 

What do I think about the stability of the solution?

The solution is stable. We haven't run into any issues other than some passwords that don't take, but that's the way we set up the system. If it's set up properly and configured appropriately, there won't be any issues.

What do I think about the scalability of the solution?

We could definitely make the adjustment to scale it left, right, up and down, depending on what we're using it for and we haven't run into any issues on that. It's pretty flexible.

How was the initial setup?

The setup itself is pretty straightforward. Because these are standalone systems, there are some additional steps that the IT team needs to do, but they pretty much have it down to where they could install the tools pretty easily and have it running reasonably quickly. 

What other advice do I have?

I would recommend making sure that the solution meets your needs for automated scans and the SCAP. If you're looking for a one-stop shop, I think it's a great tool for that. I would recommend some form of training if you don't have experience with this kind of solution. There's a bit of a learning curve involved in terms of configuring and using Nessus. 

I rate this solution an eight out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
FA
Senior Consultant at a tech services company with 11-50 employees
Real User
Top 5
Good vulnerability management and easy to set up but needs more integration capabilities

Pros and Cons

  • "The initial setup is very straightforward."
  • "We'd like to see more integration potential within the solution."

What is our primary use case?

We primarily use the solution for vulnerability management.

When it comes to servers and scanners, or servers and endpoints, you can discover the vulnerabilities that might be on the other end. You can see, for example, if
you have a gap in vulnerabilities in specific servers or specific endpoints, and you if have to close the. You can really see the risks that might be encountered within your environment.

What is most valuable?

The solution is very good at vulnerability management. It gives you great visibility of visibilities.

The solution is stable. 

The initial setup is very straightforward.

What needs improvement?

We'd like to see more integration potential within the solution.

They tend to do a new release every quarter, and will ultimately continue to add more features.

For how long have I used the solution?

We've been using the solution for two months. We've been looking into it over that time.

What do I think about the stability of the solution?

The solution is pretty stable. There are no bugs or glitches. It doesn't crash or freeze. Its performance is very reliable. 

What do I think about the scalability of the solution?

I can't speak to the scalability. We have never tried to scale the solution.

I'm the only person in my organization that uses the solution. I don't have plans to increase usage at this time.

How are customer service and technical support?

I can't speak of technical support's knowledgeability or helpfulness. I haven't used them before and therefore couldn't really evaluate them very well.

How was the initial setup?

The solution is very straightforward and pretty simple. There isn't too much complexity or difficulty involved. A company shouldn't have any issues with the initial setup.

What about the implementation team?

I handled the installation myself. I didn't need the assistance of a consultant or integrator.

What's my experience with pricing, setup cost, and licensing?

We pay a yearly licensing fee.

I can't speak to the exact pricing. It's not an aspect of the solution I directly deal with.

What other advice do I have?

We're using the latest version of the solution. I can't speak to the exact version number.

I'd rate the solution at a seven out of ten. It's pretty great at vulnerability management, however, there are always ways to improve it.

I'd recommend the solution to other users.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,676 professionals have used our research since 2012.
Attila Mate Kovacs
Senior Cyber Security Expert at a security firm with 11-50 employees
Real User
Top 5Leaderboard
Easy to install, reliable, helpful support, and has a good assessment tool

Pros and Cons

  • "Tenable Nessus is one of the best vulnerability assessment tools, that I know."
  • "They need more flexible pricing."

What is our primary use case?

We use this solution for information gathering and as an assessment tool.

What is most valuable?

Tenable Nessus is one of the best vulnerability assessment tools, that I know.

What needs improvement?

The price could be improved. They need more flexible pricing.

If they had a very creative idea, maybe they could add a special feature. Even extending functions, or exploring new areas. If they were able to integrate it with the existing solution, that would be fine.

I would like to see more integrations, more ideas or services, and functions offered.

It's about wider functionality and not a question of integration. It's more a question of, creativity. If they have other ideas such as what could be added to the vulnerability management. 

For how long have I used the solution?

I have been using Tenable Nessus for five years.

What do I think about the stability of the solution?

Tenable Nessus is a stable product.

What do I think about the scalability of the solution?

It's a scalable solution.

Nessus we either use Nessus for projects for ourselves in many situations, and they also deliver Nessus as a solution for at least five clients. We also have approximately 10 users in our organization.

How are customer service and technical support?

My experience with technical support is very positive.

How was the initial setup?

The installation was easy.

It took approximately six hours to install and deploy.

We need two for the deployment and maintenance, we have two or three people.

What's my experience with pricing, setup cost, and licensing?

In general, it is extremely expensive. If they have a higher price, that's fine, but if there were one or two solutions where you can buy something for a cheaper price then that would make sense for many users.

I understand why it's expensive, but it would be good to have a limited solution with cheaper prices.

There are different solutions for purchasing Nessus, which is not possible with Datadog.

What other advice do I have?

I would recommend this solution to others.

I would rate Tenable Nessus a nine out of ten because it has many dimensions.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
AB
Chief Hacking Officer at a security firm with 1-10 employees
Real User
Top 20
Easy to set up and use, reasonably-priced, and works well out of the box

Pros and Cons

  • "Out of the box, the product works well for us, so it's not a tool that we need to customize very much."
  • "The reports are okay, but the interface is a bit difficult to navigate in some cases."

What is our primary use case?

Our use cases are pretty straightforward. We primarily use it for conducting vulnerability scans.

What is most valuable?

Out of the box, the product works well for us, so it's not a tool that we need to customize very much.

What needs improvement?

The reporting interface is in need of improvement. The reports are okay, but the interface is a bit difficult to navigate in some cases.

Nessus is not very good at identifying web application vulnerabilities, which means that we need to buy another product like Acunetix or EMC Networker to handle that part. This is an area that could be enhanced because we would prefer to have these capabilities in one application.

For how long have I used the solution?

I have been using Tenable Nessus for more than 10 years.

What do I think about the stability of the solution?

Tenable is a reliable solution.

What do I think about the scalability of the solution?

We have not had any use cases that required scaling.

Our installation is a single tenant.

How are customer service and technical support?

We haven't had the need to contact technical support.

Which solution did I use previously and why did I switch?

Many years ago, we tried Nexpose by Rapid7.

How was the initial setup?

The initial setup was easy and very straightforward.

It took about half an hour to deploy, including all of the updates. It is the updates that take time to complete.

What's my experience with pricing, setup cost, and licensing?

We pay approximately $2,500 on a yearly basis. We do not pay any fees in addition to the standard licensing costs.

What other advice do I have?

Ultimately, we plan to use this product less because it is something that we advise our customers to buy for themselves. They should not be using our solution.

My advice for anybody who is considering Tenable Nessus is that it is easy to install, easy and straightforward to use, and not expensive. These are the reasons that we advice our customers to use it.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
MK
Manager Information Security at a financial services firm with 51-200 employees
Real User
Top 20
Anyone can deploy it, even the managers, the technical teams, and the engineers

Pros and Cons

  • "With the Tenable Nessus enterprise edition, you have unlimited licenses to scan the device."
  • "The reporting feature needs to be improved."

What is our primary use case?

We are using it to find out the vulnerabilities in our critical servers and to patch them.

We are using the latest version.

What is most valuable?

Tenable Nessus is good. It's the best vulnerability solution in the industry. Most organizations are using it.

What needs improvement?

In terms of what could be improved, I would say that the reporting feature needs to be improved.

Additionally, although it has the features, the enterprise edition is very limited. They need to add multiple reporting features in the enterprise edition.

For how long have I used the solution?

I have been using Tenable Nessus for the last two years.

What do I think about the stability of the solution?

It is a stable product.

What do I think about the scalability of the solution?

Tenable Nessus is a vulnerability product. We have two to three users who are running it, but in terms of the end devices, because it's intended for vulnerabilities scanning and you have to scan your end devices, we have around hundred devices who are scanning with it.

It is a scalable solution.

How are customer service and support?

We contacted support for some scenarios, like upgrades, new security patches, and for some customized reports.

We were satisfied with the speed of the answers. It is good support.

How was the initial setup?

The initial setup is very easy.

Anyone can deploy it, even the managers, the technical teams, the engineers.

I think it took five minutes.

What about the implementation team?

We installed with the help of a consultant. You can do it one time and then you will learn it very easily.

What's my experience with pricing, setup cost, and licensing?

We have an annual subscription.

Which other solutions did I evaluate?

We also evaluated the Rapid7 Nexpose product, but it has a limitation that it supports 128 users then you have to buy another 128, but with  the Tenable Nessus enterprise edition, you have unlimited licenses to scan the device.

What other advice do I have?

I would recommend Tenable Nessus.

On a scale of one to ten, I would rate it an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
DG
CSSP Manager at a tech services company with 51-200 employees
MSP
Top 5
Largely problem-free with good scanning capabilities and a good interface

Pros and Cons

  • "The automatic scanner and scheduler are pretty cool."
  • "The reporting is a bit cumbersome."

What is our primary use case?

I primarily use the solution for vulnerability scanning within our organization.

What is most valuable?

The automatic scanner and scheduler are pretty cool. 

The interface is excellent. It makes it very user friendly and easy to navigate for the most part.

It's a pretty solid product. I pretty much like almost all of it. 

The product is pretty problem-free. We don't have any real issues with it.

What needs improvement?

The reporting is a bit cumbersome. 

A lot of times you have got to, if you want to test things, go in and then back all the way out, and then try something else, and that just becomes cumbersome. 

The testing functionality could be better.

The way they had set up the scan sometimes is difficult as well. It's partly due to how it's set up where I am. It's not necessarily a Tenable thing, however, the user, how they assign users and roles, is strange. Sometimes if a coworker sets up a scan, I can't start it or stop it. That's just something that may be an issue on our set-up and not a Tenable issue.

For how long have I used the solution?

I've been using the solution for a while. I've probably been using the solution since 2015. It's been over five years at this point.

What other advice do I have?

We're just customers. We're end-users. We don't have a business relationship with the company.

We're using the solution as what I would consider a hybrid, where the security center is managed by another group. However, we have a scanner in our network that connects back to the security center and the DOD of Azure.

We're largely happy with the product. Overall, I'd rate the solution eight out of ten. If it weren't for the reporting or the scanning difficulties, I would rate it higher.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
NK
Deputy Manager at a consultancy with 501-1,000 employees
Real User
Geared for use in small environments

Pros and Cons

  • "Tenable Nessus is an absolutely stable and fantastic product."
  • "Tenable Nessus is not feasible for a large company."

What needs improvement?

While Nessus produces good software, I would like it to allow me to better utilize my homepage. The report structures should be more gradual and effective. Also, other components, such as certain vulnerabilities and Malware detection, should better reflect on the console or dashboard. Nessus does not make this available as there is no centralized dashboard. So too, I require a cloud-based Tenable product, not the one available, which is on-premises.

We have already entered an agreement with Nessus for Tenable.io., following contact I established with South Boston.

Once a person takes part in the demo offered by Tenable.io, we are talking about, more or less, VAS software. The VAS feature is absolutely nice. We have already addressed the coming roadmap with Nessus and it will not include these features. Consequently, perhaps Tenable.io will be the next step. Users such as ourselves will definitely be looking at a different application.

For how long have I used the solution?

I have been using the solution for the past four years. 

What do I think about the stability of the solution?

Tenable Nessus is an absolutely stable and fantastic product. As a customer I would give it a 90 percent out of 100 rating.  This is because we have been really satisfied with its use over the past four years. The company and market standards are growing and the margin standard is going up.

Tenable Nessus is competitively slower than Tenable.io.

What other advice do I have?

We are currently trying to procure Tenable.io from Nessus.

I would definitely recommend Tenable Nessus to those who are operating in small environments, with like-sized infrastructure.

When it comes to a big company we should look towards OpenView. Tenable Nessus is not feasible for a large company. For a team comprising 1,000 people, it would be too unstable. Instead, Tenable.io. would be the appropriate choice since it contains a completely different infra.

I rate Tenable Nessus as an eight out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Muhammad NavaidZafar Ansari
Assistant Manager of Information Security at a pharma/biotech company with 1,001-5,000 employees
Real User
Top 20
Great scanning capabilities for servers, but limited when it comes to networks

Pros and Cons

  • "The solution is great for scanning servers."
  • "The features are limited when it comes to scanning network devices for vulnerabilities."

What is our primary use case?

As new upgrades to the software come out periodically, I am currently using the latest version. 

What is most valuable?

I feel comfortable with the solution's vulnerability scanning capabilities.

What needs improvement?

While the solution is great for scanning servers, its features are limited when it comes to scanning network devices for vulnerabilities. 

For how long have I used the solution?

I have been using Tenable Nessus since 2015. 

How are customer service and technical support?

I can say that I am satisfied with Tenable Nessus' support and customer relations, which is why I'm still with the solution.

Technical support is very user-friendly. Upon entering their forum I can easily find the answers I seek, which I feel to be understandable and helpful. I have not any issues with the software that would have given me reason to engage technical support. 

Which solution did I use previously and why did I switch?

I did not use an alternate solution prior to Tenable Nessus and have been using it since the inception of my career in information security. 

How was the initial setup?

The installation of the solution was extremely easy. 

What about the implementation team?

There was no need for me to involve my system administrator in the installation process, as I was able to handle it on my own. It is easy to install the solution on any server. 

What's my experience with pricing, setup cost, and licensing?

The price is reasonable. 

What other advice do I have?

I am actually using the solution in three or four different organizations, including Engro and Martin Dow. 

There are two or three people using the solution in my organization on an ongoing basis in key dedicated positions. 

As Tenable Nessus lacks adequate network vulnerability scanning features, I rate it as a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Vulnerability Management
Buyer's Guide
Download our free Tenable Nessus Report and get advice and tips from experienced pros sharing their opinions.