How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
We usually use the solution for infrastructure level and web application scanning, although mostly for the former. This is what we are doing at present. We were using the web application portion of Tenable Nessus for several months before switching to Veracode.
We use Tenable Nessus when we are preparing our audit where we need to do an initial scan of our customers' platform to see if they have any critical issues.
Our use cases are pretty straightforward. We primarily use it for conducting vulnerability scans.
I primarily use the solution for vulnerability scanning within our organization.
I have been using Tenable Nessus for my personal use. It works well. I am using this solution for testing.
We use it for vulnerability management. We have the latest version because we're using it in the cloud right now. I have a public cloud and a private cloud version.
We use Tenable Nessus to provide service to our bank. I use it to provide our main service related to our big management. Other than providing information security to our clients, it is our information security provider, service provider — we manage it. Using Nessus, we are able to scan and locate any potential vulnerabilities that our clients may have and point them out to them. I am not sure how many users we have using this solution, but we have more than 100,000 assets distributed between roughly 40 clients.
We primarily use the solution for vulnerability management. We also use it during our IP scans.
We are a company that provides cloud migration services. We help companies to migrate to the public cloud. When our customers want to migrate applications, they're worried about the security aspect in the cloud. So we are trying to see how the application security that is on-premises can be migrated to the cloud. We don't have any particular solution, we are working with a few options. The customer selects what best suits their needs. If we have a program, we work with that. It's not specific to what we are working with.
Over 15.000 active assets|inside 10 companies belonging to the group, the biennium recurrent project mapped the real situation, in parallel with photography of IT/Security maturity through three main domains: processes, people, and technology. 5 TOEs: Infrastructure, Databases (SQL and Oracle in deep), AWS Cloud, Connectivity (Routers, Switches, and Firewalls against/based CIS) and Web Application instances (partial tests).
We use it for servers, domain controllers, application servers, Oracle servers, SQL servers, as well as network devices, like routers. For PCs that are used for services such as credit cards and ATMs, we usually do a vulnerability assessment, including Windows Servers, Linux servers, SQL servers, and database servers. We scan everything except basic PCs because it would require a lot of time to check all those reports. Our system administrators use another solution to check regular PCs for Windows and MS updates. We're checking things every month. We created a schedule and it checks automatically. From time to time, we'll use it to check things if something unusual has happened. For example, if a stranger was on a computer, we'll check if is there a vulnerability there. We also use it to prepare reports when the agency asks for them.
We mainly use it for scanning for vulnerability on our hosts, like network devices and servers; to find the vulnerabilities and do remediation. We monitor Windows and Linux workstations.
I use it for performing vulnerability scans for both my environment and for clients. I provide fractional CISO consulting services. As such, I will perform a vulnerability scan on an environment before I say "yes." Everybody has to have a vulnerability scan. You should do them periodically which, to me, is monthly. It's just good practice to perform that scan monthly and whenever there's a major change, to make sure that you don't have any open environment. I monitor web servers, database servers, app servers, desktops; everything you'd find on a network, besides switches and routers. I don't have that, but I monitor any Windows- and Linux-based nodes.
We use it for internal and external vulnerability scans.
It is used for vulnerability management. We used Nessus to scan our machines to see how they were vulnerable, for patches or security. The CVE numbers is what we looked at, the security vulnerability, and tried to figure out what we were vulnerable to. We monitored Windows Servers, Windows workstations, Linux servers, firewalls, switches, VMware equipment, and Cisco UCS hardware through the application.
Our primary use case of this solution is scanning of our external websites.
Nessus was used to scan vulnerabilities and compliances in our clients' networks and with this, carry out the remediation process through constant cycles in time until threats to the network are considerably reduced. The environments are small business networks (less than 50 employees), and so far there have been no major impediments in the scans performed.
Primarily, I use this for assessment and administration testing.
My primary use case of this solution is for scanning internal networks.
I use Tenable Nessus to evaluate the security posture of multiples acquisitions before integrating them to our network.
I'm a Senior System Engineer at a mid-sized enterprise. I am comparing Qualys VM and Tenable Nessus:
Let the community know what you think. Share your opinions now!