Tenable Nessus Room for Improvement

CISO at a financial services firm with 201-500 employees
One area that has room for improvement is the reporting. I'm preparing reports for Windows and Linux machines, etc. Currently, I'm collecting three or four reports and turning them into one report. I don't know if it is possible to combine all of them in one report, but that would be helpful. If the scans which I have already prepared could be used to combine the results into one report, it would save me additional work. Also, when a new machine is brought into the domain, when it's first connected by the system administrator, it would be good to have some kind of automatic, basic vulnerability scan. Of course, I would have to enter my credentials if I wanted something additional, but it would be useful if, the first time, if that basic process happened. Otherwise, it can be problematic for me when, for example, a new Oracle Database is brought on. I may only be notified after 10 days that it has been connected and only then can I do a vulnerability assessment and I may find a lot of vulnerabilities. It would be better to know that before they put it into production. It would be great to have something automatically recognize a new server, a new PC, and do a basic vulnerability assessment. View full review »
Security Architect at a logistics company with 10,001+ employees
There is room for improvement in finishing the transition to the cloud. We'd like to see them keep on improving the Tenable.io product, so that we can migrate to it entirely, instead of having to keep the Tenable.sc on-prem product. There is also room for improvement in some of the reporting and the role-based access. They have a pretty defined roadmap. They know where the gaps are, but it's a totally different product and so there's a lot of work that they have to do to get it to match. View full review »
Keith S. Crumpton
President and Sr CISO Consultant at CISO Consulting Inc.
One area with room for improvement is instead of there just being a PDF format for output, I'd like the option of an Excel spreadsheet, whereby I could better track remediation efforts and provide reporting off of that. Or, if they change the product itself for you to add comments of remediation efforts and allow you to sort on that and report on it, that would be helpful. Most of us would rather not have that information out in the cloud. We'd rather have it in-house. It would be better if you could provide it in an Excel spreadsheet for us to work with. View full review »
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,850 professionals have used our research since 2012.
Senior Systems Administrator at Government Scientific Source
The Nessus predictive prioritization feature is very nice, the way it displays. The interface could look better, but it has everything it needs. It could do a better grouping of the workstations and run a better schedule. But it was sufficient in what it provided. There is room, overall, for improvement in the way it groups the workstations and the way it detects, when the vulnerability is scanned. Even when we would run a new scan, if it was an already existing vulnerability, it wouldn't put a new date on it. View full review »
Jairo Willian Pereira
Information Security Manager at a financial services firm with 501-1,000 employees
- Add the possibility to customize attributes that define the assets critical level based on the company's "business sense". - Improve integration and tests for OT platforms, OT application, OT hardware, and non-Ethernet protocols. - Improve the exchange of info/insights/attributes with RM (Risk Management) domain. - Offer a more flexible strategic and high-level dashboards based on previous comments (minus technical and more business-oriented) - Model OS costs (and its segregation schema for individual modules). View full review »
CEO at Screenit Labs Pvt Ltd
Some of our customers are operating on the cloud as well as on-premises. We would like to have the option of using the solution for the cloud as well as on-premises with the same license at the same time. That would be very helpful. View full review »
Network Security Engineer at a construction company with 1,001-5,000 employees
We use credentialed scans. They need more permissions and more changes or settings on Windows and Linux. Also, Agent scanning is more efficient than credential scanning but Agent scanning is more expensive than credential scanning. I prefer, mainly, the Agent scan over the credential scan, it's better. But we will continue to use the credential scan. I would like to see Tenable make some improvements to the credential scanning; more vulnerabilities, because most of the problems have occurred on Windows Server. We have some scanning issues. View full review »
Vulnerability Management Analyst at a financial services firm with 10,001+ employees
It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear. We find that the solution causes several issues due to the fact that it runs even before it calculates, the asset in prevention. I can't think of any features that are lacking. View full review »
Miguel Angel Hernández Armas
Implementation Engineer at GFx Soluciones
* I think that the next versions could improve the graphical interface to make more intuitive the management of the reports. * Additionally, it could include better features in the vulnerability scan at the language level. View full review »
Thomas Kung
Senior Consultant at a tech company with 1,001-5,000 employees
This is still a maturing product. Tenable is only a scanner for one ability, while other solutions like Rapid7 have more tools for verification. We still have to manually verify to see if the vulnerability is a false positive or not. View full review »
Security Professional at a tech services company with 10,001+ employees
The reporting functionality needs improvement. I think it would be beneficial to have a high level explanation for a particular user. View full review »
Senior Infrastructure Project Manager at a energy/utilities company with 501-1,000 employees
I would like to see an improvement in the ranking of high, medium and low vulnerability. View full review »
Ladislav Solc
Managing partner at a tech services company with 51-200 employees
From my point of view, the solution basically is not for large enterprises. I also think there should be built-in plugins for the public cloud vendors. View full review »
Learn what your peers think about Tenable Nessus. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,850 professionals have used our research since 2012.