For my use case, I will use Tenable Nessus for my vulnerability assessment. It is a very powerful vulnerability scanning tool with comprehensive coverage, accuracy, and actionable intelligence.
Nessus (BYOL)
Tenable, Inc.External reviews
321 reviews
from
and
External reviews are not included in the AWS star rating for the product.
User-Friendly and Simple, But Support Scheduling Could Be Faster
What do you like best about the product?
Like how simple it is to use, also user friendly
What do you dislike about the product?
One thing that I dislike that they takes time to schedule call for support
What problems is the product solving and how is that benefiting you?
Help to find vulnerabilities with solution
Simple and Effective, But Limited to One User in Pro Version
What do you like best about the product?
I love the simplicity of Nessus and the ease of use for securing the environment
What do you dislike about the product?
I dislike the fact that the professional version only allows one user
What problems is the product solving and how is that benefiting you?
It helps identify new Windows vulnerabilities in the environment before deploying new servers
Has enabled me to reduce false positives and perform deep credential auditing with seamless integrations
What is our primary use case?
What is most valuable?
I mostly use the configuration audit feature for the audit configuration as a scan policy, and I will use it for credential audit, which helps me scan credentials access such as local administrator or root access, performing a deeper and more accurate check of local configuration settings and file systems, making it a highly recommended feature.
Regarding integration capabilities, we can integrate Tenable Nessus with SIM tools such as Splunk, IBM QRadar, and Azure Sentinel, as well as with ticketing systems such as ServiceNow, Jira, and Slack. There is no complexity as it is very easy to integrate everything.
In terms of the reporting feature, while vulnerability scanning can throw some false positives, Tenable Nessus has very few, achieving a reduction of 75% to 80% false positives with manual analysis needed. We can generate standard Nessus reports that typically include host summaries and vulnerabilities by host and plugin, alongside solutions and remediation recommendations.
The main benefits I get from Tenable Nessus are complete asset inventory and comprehensive attack surface management, allowing us to prioritize vulnerabilities based on risk, focusing on true risk and threat path analysis.
What needs improvement?
Tenable could improve by integrating Gemini or ChatGPT for deeper analysis in risk assessment, making it easier to analyze risks with a simple prompt.
For how long have I used the solution?
I have been working with Tenable Nessus for five years.
What do I think about the stability of the solution?
The stability of Tenable Nessus is extraordinary, not just the best, but extraordinary.
What do I think about the scalability of the solution?
Tenable Nessus is highly scalable, warranting a rating of 9.5 or 10 out of five.
How was the initial setup?
The initial setup for Tenable Nessus is very simple compared to Greenbone, as it is based on a license. There are three kinds of licenses: essential, professional, and enterprise. After purchasing the license from tenable.com, we just download it to our system and enter the key to begin vulnerability scanning.
Which other solutions did I evaluate?
When comparing Tenable Nessus with competitors, I consider Rapid7 and OpenVAS from Greenbone. For web application vulnerability scanning or combined scanning, I go with Tenable Nessus, but if I only want to scan networks and servers, I definitely choose OpenVAS.
What other advice do I have?
Tenable Nessus is very costly compared to OpenVAS and sits on the higher side.
My preferred purchase process for Tenable Nessus is to buy any license directly with Tenable and not through any vendor.
Tenable Nessus is famous, and everyone is using it. On a scale of one to ten, I rate Tenable Nessus a 10.
Reliable & Thorough Vulnerability Scanner – With a Few Quirks
What do you like best about the product?
Comprehensive vulnerability detection – Covers a wide range of known CVEs, misconfigurations, and compliance issues.
Low false positive rate – Findings are generally accurate, saving time on unnecessary triage.
Regular plugin updates – Constantly updated with new vulnerabilities and checks.
Flexible scan options – Supports credentialed, uncredentialed, web app, compliance, and custom scan policies.
Actionable remediation guidance – Reports often include step-by-step fixes and CVSS scoring.
Easy setup for standard scans – Basic scans are quick to configure and run.
Widely used and trusted – Well-established reputation in cybersecurity and vulnerability management.
Nessus supports / enables a variety of integrations, mostly via its APIs, export features, and plugins. Key categories include:
Low false positive rate – Findings are generally accurate, saving time on unnecessary triage.
Regular plugin updates – Constantly updated with new vulnerabilities and checks.
Flexible scan options – Supports credentialed, uncredentialed, web app, compliance, and custom scan policies.
Actionable remediation guidance – Reports often include step-by-step fixes and CVSS scoring.
Easy setup for standard scans – Basic scans are quick to configure and run.
Widely used and trusted – Well-established reputation in cybersecurity and vulnerability management.
Nessus supports / enables a variety of integrations, mostly via its APIs, export features, and plugins. Key categories include:
What do you dislike about the product?
Costs can scale quickly – Advanced features and larger environments often require premium licensing.
UI and reporting could be better – Custom reports and dashboard features are somewhat limited.
Steep learning curve for advanced use – Complex scans (e.g., with credentials or web app auth) require deeper technical knowledge.
Authenticated and web app scanning can be finicky – May need fine-tuning to work correctly with complex login flows.
Not ideal for full lifecycle VM – Lacks built-in asset management or long-term trend analysis unless integrated with Tenable.io or Tenable.sc.
Performance overhead on large networks – Can slow down scanning or miss things if not properly resourced.
UI and reporting could be better – Custom reports and dashboard features are somewhat limited.
Steep learning curve for advanced use – Complex scans (e.g., with credentials or web app auth) require deeper technical knowledge.
Authenticated and web app scanning can be finicky – May need fine-tuning to work correctly with complex login flows.
Not ideal for full lifecycle VM – Lacks built-in asset management or long-term trend analysis unless integrated with Tenable.io or Tenable.sc.
Performance overhead on large networks – Can slow down scanning or miss things if not properly resourced.
What problems is the product solving and how is that benefiting you?
The Problem Nessus Solves-
Unpatched Vulnerabilities
Misconfigurations
Compliance Gaps
Lack of Visibility into Network Assets
Manual Security Workflows
Benifits--
Reduced exposure to attacks by fixing vulnerabilities before they’re exploited.
Faster, more confident patching thanks to prioritized and verified vulnerability data.
Audit-ready reporting for security and compliance frameworks.
Improved collaboration between security and IT with actionable reports.
Better resource allocation by focusing on real risks, not just raw vulnerability counts.
Time savings through automation and integration with other tools.
Peace of mind — knowing that your environment is continuously being checked against the latest threats.
Unpatched Vulnerabilities
Misconfigurations
Compliance Gaps
Lack of Visibility into Network Assets
Manual Security Workflows
Benifits--
Reduced exposure to attacks by fixing vulnerabilities before they’re exploited.
Faster, more confident patching thanks to prioritized and verified vulnerability data.
Audit-ready reporting for security and compliance frameworks.
Improved collaboration between security and IT with actionable reports.
Better resource allocation by focusing on real risks, not just raw vulnerability counts.
Time savings through automation and integration with other tools.
Peace of mind — knowing that your environment is continuously being checked against the latest threats.
Essential Tool for Network Security Assessments
What do you like best about the product?
Nessus is easy to use, fast, and highly accurate. I like its wide vulnerability coverage, regular updates, and clear, detailed reports.
What do you dislike about the product?
The user interface can feel a bit outdated, and initial setup or scan tuning may be complex for beginners. Also, advanced features require a paid license.
What problems is the product solving and how is that benefiting you?
Nessus helps us identify and remediate vulnerabilities across our network before they can be exploited. It improves our security posture, supports compliance efforts, and saves time with automated scans and detailed reporting.
Tenable Nessus Professional
What do you like best about the product?
Its easy to setup and config for first time and tenable support is very good. we are using it every quaterly for the infra scan to make sure our infra is safe from vulnrabilities.
What do you dislike about the product?
in reporting for the same vulnerability it will show mutliple cve in differnt rows while exporting which is creating manual effort to clean
What problems is the product solving and how is that benefiting you?
it helps to identfy the vulnerabilities in the infra so that we can protect the data
Audio clarity issues need addressing
What is our primary use case?
We are using Tenable Nessus Professional. We are not using Security Center and other Tenable products. For penetration test suites, we are using Tenable Nessus solution for the first step of our penetration testing.
What is most valuable?
The solution provides time saving and cost saving benefits.
What needs improvement?
The integration part is not good because five years ago, Tenable Nessus had more integration capability. After that, Tenable changed their policies and strategy. They pushed users toward Security Center and disabled Tenable Nessus integration features.
This is Tenable's property. They want to sell Tenable Security Center, and they closed all the API capability for Tenable Nessus Professional. The Jira integration is good, but it does not make sense for Tenable because they want to sell Security Center, which is more expensive than Tenable Nessus.
For how long have I used the solution?
We have been using the solution for more than ten years.
What do I think about the stability of the solution?
The solution is not scalable but stable.
What do I think about the scalability of the solution?
The solution is not scalable but stable.
How are customer service and support?
I am not using Tenable support. I can usually fix all of the issues myself. I don't need support for Tenable Nessus.
What other advice do I have?
The solution is not perfect, but it is okay. I am both a customer and have a partnership with Tenable. Quick scan is good and sufficient for our needs. The solution is very easy to use. We are deploying it in our organization.
On a scale from one to ten, I rate Tenable Nessus a seven out of ten.
Detection of vulnerabilities becomes essential with adaptable auditing templates
What is our primary use case?
The main use case for Tenable Nessus is to scan vulnerabilities and to detect misconfigurations in devices.
What is most valuable?
The functions or features of Tenable Nessus that I have found most valuable are vulnerability detections, which I really appreciate.
We are working with the configuration auditing feature of Tenable Nessus, and it is quite useful for my operations.
The reporting function of Tenable Nessus is useful, but it needs more features and more capabilities.
The prioritization in Tenable Nessus based on risk impact is very useful, though it's not the best capability because there are other products in Tenable that provide more detailed risk management and prioritization based on risk. However, as a standalone product, it's an interesting feature and a strong capability.
What needs improvement?
Tenable Nessus is not easy to integrate because it works alone as a standalone component, so it's not particularly important to make integrations.
As a vulnerability management tool, the only aspect that is weak in Tenable Nessus is reporting; the rest is very strong. It is the best tool that we have in the market. There is always space for improvements, mostly to have more framework configuration templates for the audit file. It can be more useful because sometimes I need to manually create a configuration file for the audit that aligns with a more specific framework. Additional frameworks templates are probably one of the features that we need.
For how long have I used the solution?
I have been working with Tenable Nessus for more than 10 years.
What do I think about the stability of the solution?
I would rate the stability of Tenable Nessus as excellent.
What do I think about the scalability of the solution?
The ability to scale Tenable Nessus as a standalone product is moderate.
How was the initial setup?
The initial setup process for Tenable Nessus is very straightforward.
Which other solutions did I evaluate?
The main competitors in the market for Tenable Nessus are Rapid7 and Qualys, with Rapid7 being the more competitive solution against Tenable Nessus.
When comparing Tenable Nessus and Rapid7, I find Tenable Nessus much better for my use case because it is very strong.
What other advice do I have?
We are using multiple products from Tenable Nessus.
I can recommend Tenable Nessus for small and mid-size enterprises, as these companies need a different solution.
On a scale of 1-10, I rate Tenable Nessus a 9.
Integration challenges observed but offers comprehensive reporting and valuable insights
What is our primary use case?
We are using Tenable Nessus for web security and scanning. We collect detailed reports that provide information regarding IT topology, such as which IP addresses have breaches. We separate our network and peripheral devices, and looking at the report helps us identify threats. Then we mitigate those threats, and our audit team monitors that we have completed it in the correct way.
We are doing vulnerability assessment and network scanning separately, and it's not integrated with our whole SOC or SOC solution. It's not fully integrated because different teams are performing different types of work.
We are using a SOC Automation System for web application scanning, which is one of the IBM products.
What is most valuable?
Vulnerability assessment is the most valuable feature in Tenable Nessus, as it provides brief details regarding the vulnerability issues we have in our network.
The reporting feature in Tenable Nessus is frequently used. We collect detailed reports that provide information regarding IT topology, such as which IP addresses have breaches. We separate our network and peripheral devices, and looking at the report helps us identify threats. Then we mitigate those threats, and our audit team monitors that we have completed it in the correct way.
What needs improvement?
Tenable Nessus provides observations but offers limited information about solutions. If they improve the solution component along with the observations, it would be much easier for anyone to implement a resolution.
For example, it informs us when a port is open or when a web browser on a specific IP has issues. However, it doesn't provide a detailed explanation on how to mitigate that particular issue. We need to use our own knowledge or tools such as Google or ChatGPT to find solutions. Some other solutions provide hints regarding issue mitigation, but Tenable Nessus doesn't provide that level of detail.
We want reporting to be improved with suggestions included. When issues are mentioned, we want them to provide the resolution or the actual cause so we can break down the issue and resolve the problem permanently across all our solutions.
For how long have I used the solution?
We have been using Tenable Nessus for about two and a half years.
What was my experience with deployment of the solution?
It was not difficult to deploy Tenable Nessus in our system. We have successfully deployed it.
How are customer service and support?
We have technical support enabled with our licensing for Tenable Nessus. We have only called twice for technical support, and the service was brilliant. We received support within one to three hours.
What about the implementation team?
We implemented it with the help of a third party.
Which other solutions did I evaluate?
We considered some IBM products, Rapid7, and a Microsoft solution before choosing Tenable Nessus. At this moment, we are accustomed to Tenable Nessus, so we don't have any plans to change it now or in the near future.
We are currently working with Tenable Nessus, and our renewal time is not close, so we haven't considered any alternatives.
I haven't considered the pricing of Tenable Nessus yet because our renewal is in about six months. We will think about that later.
I would recommend trying Tenable Nessus as it's a good solution.
I am a customer and the CIO of a financial institution.
We did not purchase our Tenable products on AWS Marketplace; we obtained it from Omega Exim Limited, one of our vendors in the Bangladesh Marketplace.
On a scale of 1-10, I rate Tenable Nessus an 8.
excellent product it identifies misconfigs and missing patches
What do you like best about the product?
i love the scheduled scans feature along with the customizable templates. we use it mostly to identify configuration mishaps and devices needing additional patching. they have an extensible coverage of plugins
What do you dislike about the product?
The licensing complexity is the biggest issue for me. there is no central management in the base product you have to upgrade to tenable sc. There also a few false positives.
What problems is the product solving and how is that benefiting you?
There are so many devices to locate tenable finds the unknows with ease. it is also highly customizable. All of devices are able to be scanned without the need of additional products,
showing 11 - 20