The main use case for Tenable Nessus is to scan vulnerabilities and to detect misconfigurations in devices.
Nessus (BYOL)
Tenable, Inc.External reviews
321 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Detection of vulnerabilities becomes essential with adaptable auditing templates
What is our primary use case?
What is most valuable?
The functions or features of Tenable Nessus that I have found most valuable are vulnerability detections, which I really appreciate.
We are working with the configuration auditing feature of Tenable Nessus, and it is quite useful for my operations.
The reporting function of Tenable Nessus is useful, but it needs more features and more capabilities.
The prioritization in Tenable Nessus based on risk impact is very useful, though it's not the best capability because there are other products in Tenable that provide more detailed risk management and prioritization based on risk. However, as a standalone product, it's an interesting feature and a strong capability.
What needs improvement?
Tenable Nessus is not easy to integrate because it works alone as a standalone component, so it's not particularly important to make integrations.
As a vulnerability management tool, the only aspect that is weak in Tenable Nessus is reporting; the rest is very strong. It is the best tool that we have in the market. There is always space for improvements, mostly to have more framework configuration templates for the audit file. It can be more useful because sometimes I need to manually create a configuration file for the audit that aligns with a more specific framework. Additional frameworks templates are probably one of the features that we need.
For how long have I used the solution?
I have been working with Tenable Nessus for more than 10 years.
What do I think about the stability of the solution?
I would rate the stability of Tenable Nessus as excellent.
What do I think about the scalability of the solution?
The ability to scale Tenable Nessus as a standalone product is moderate.
How was the initial setup?
The initial setup process for Tenable Nessus is very straightforward.
Which other solutions did I evaluate?
The main competitors in the market for Tenable Nessus are Rapid7 and Qualys, with Rapid7 being the more competitive solution against Tenable Nessus.
When comparing Tenable Nessus and Rapid7, I find Tenable Nessus much better for my use case because it is very strong.
What other advice do I have?
We are using multiple products from Tenable Nessus.
I can recommend Tenable Nessus for small and mid-size enterprises, as these companies need a different solution.
On a scale of 1-10, I rate Tenable Nessus a 9.
Integration challenges observed but offers comprehensive reporting and valuable insights
What is our primary use case?
We are using Tenable Nessus for web security and scanning. We collect detailed reports that provide information regarding IT topology, such as which IP addresses have breaches. We separate our network and peripheral devices, and looking at the report helps us identify threats. Then we mitigate those threats, and our audit team monitors that we have completed it in the correct way.
We are doing vulnerability assessment and network scanning separately, and it's not integrated with our whole SOC or SOC solution. It's not fully integrated because different teams are performing different types of work.
We are using a SOC Automation System for web application scanning, which is one of the IBM products.
What is most valuable?
Vulnerability assessment is the most valuable feature in Tenable Nessus, as it provides brief details regarding the vulnerability issues we have in our network.
The reporting feature in Tenable Nessus is frequently used. We collect detailed reports that provide information regarding IT topology, such as which IP addresses have breaches. We separate our network and peripheral devices, and looking at the report helps us identify threats. Then we mitigate those threats, and our audit team monitors that we have completed it in the correct way.
What needs improvement?
Tenable Nessus provides observations but offers limited information about solutions. If they improve the solution component along with the observations, it would be much easier for anyone to implement a resolution.
For example, it informs us when a port is open or when a web browser on a specific IP has issues. However, it doesn't provide a detailed explanation on how to mitigate that particular issue. We need to use our own knowledge or tools such as Google or ChatGPT to find solutions. Some other solutions provide hints regarding issue mitigation, but Tenable Nessus doesn't provide that level of detail.
We want reporting to be improved with suggestions included. When issues are mentioned, we want them to provide the resolution or the actual cause so we can break down the issue and resolve the problem permanently across all our solutions.
For how long have I used the solution?
We have been using Tenable Nessus for about two and a half years.
What was my experience with deployment of the solution?
It was not difficult to deploy Tenable Nessus in our system. We have successfully deployed it.
How are customer service and support?
We have technical support enabled with our licensing for Tenable Nessus. We have only called twice for technical support, and the service was brilliant. We received support within one to three hours.
What about the implementation team?
We implemented it with the help of a third party.
Which other solutions did I evaluate?
We considered some IBM products, Rapid7, and a Microsoft solution before choosing Tenable Nessus. At this moment, we are accustomed to Tenable Nessus, so we don't have any plans to change it now or in the near future.
We are currently working with Tenable Nessus, and our renewal time is not close, so we haven't considered any alternatives.
I haven't considered the pricing of Tenable Nessus yet because our renewal is in about six months. We will think about that later.
I would recommend trying Tenable Nessus as it's a good solution.
I am a customer and the CIO of a financial institution.
We did not purchase our Tenable products on AWS Marketplace; we obtained it from Omega Exim Limited, one of our vendors in the Bangladesh Marketplace.
On a scale of 1-10, I rate Tenable Nessus an 8.
excellent product it identifies misconfigs and missing patches
What do you like best about the product?
i love the scheduled scans feature along with the customizable templates. we use it mostly to identify configuration mishaps and devices needing additional patching. they have an extensible coverage of plugins
What do you dislike about the product?
The licensing complexity is the biggest issue for me. there is no central management in the base product you have to upgrade to tenable sc. There also a few false positives.
What problems is the product solving and how is that benefiting you?
There are so many devices to locate tenable finds the unknows with ease. it is also highly customizable. All of devices are able to be scanned without the need of additional products,
Experience exceeds expectations with seamless integration and ease of deployment
What is our primary use case?
The typical use case for Tenable Nessus is mostly for the white-box scanner because Tenable Nessus is a vulnerability assessment and vulnerability management tool. I use it for the white-box scanner, which operates inside the firewall, not the black box.
What is most valuable?
The best features of Tenable Nessus include its compatibility with other applications such as SIEM and other apps, allowing Tenable Nessus to work smoothly with them. That's the best for Tenable Nessus, but for the speed of scanning, it falls behind Rapid7 Metasploit.
The reporting feature in Tenable Nessus is very good, and it's easier to understand than Rapid7.
What needs improvement?
The most that Tenable Nessus could improve is its speed because they might have put a lot of effort into compatibility issues that downgrade the speed. The most they could improve is the scanning speed. Compared to the big three such as Qualys and Metasploit, they are the worst.
For how long have I used the solution?
I have quite a lot of experience working with Tenable Nessus, more than 10 years.
What do I think about the stability of the solution?
Tenable Nessus is a stable solution; it is scalable and stable.
What do I think about the scalability of the solution?
Tenable Nessus is a scalable solution.
How are customer service and support?
Technical support for Tenable Nessus is very good. Based on my experience, their support deserves a rating of 8 or 9 out of 10.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing, setup cost, and licensing of Tenable Nessus is that the installation is somewhat easier, but preparing the product, such as the SKU and license options, is quite tricky. They have different options such as Tenable Base and other Tenable products, which must be chosen, and it can be complex, but the installation is easier than Rapid7.
What other advice do I have?
I work in ITSEC Asia as a Senior Security Consultant, and my email address is nuki@itsecasia.com.
On a scale of 1-10, I rate Tenable Nessus an 8.
as an industry standard software when it comes to vulnerability scanning.
What do you like best about the product?
detailed reporting, customizable export options.
What do you dislike about the product?
offline updates can be difficult and can be troublesome.
What problems is the product solving and how is that benefiting you?
providing clients with actionable vulnerability data.
Its great to use Nessus for vulnerability scan
What do you like best about the product?
It can be find mostly vulnerability for our devicess
What do you dislike about the product?
Tecnical support ticket create it can be a problem if you create one you can find a solution for pluging
What problems is the product solving and how is that benefiting you?
I am scanning vulverabilities of our devices and it can be helpfull for tacking them
Vulnerability assessment actions simplified through easy access and usability
What is our primary use case?
We use Tenable Nessus for compliance and testing known vulnerabilities from a specific set of servers that we have knowledge of as existing. We seldom use it for inventory scans, as we use other solutions like App Reviews or Outpost Scan for that purpose.
What is most valuable?
The most valuable features of Tenable Nessus include its ease of access and quick usability. We find it straightforward to use, which is beneficial for our compliance processes. While we primarily focus on results rather than creating reports, the tool's integration capabilities allow us to act on vulnerabilities, such as creating support tickets, even if the automation is not fully deployed.
What needs improvement?
The pricing point has increased significantly in recent years. The product's pricing has roughly tripled within the last couple of years, making us reconsider renewing the license for the scanner. There is also room for improvement in terms of assisted testing, such as retrieving asset lists, integrating with information, or using port flow data to automate the process for those without asset inventory management.
For how long have I used the solution?
I have been working with Tenable Nessus for over ten years.
What was my experience with deployment of the solution?
The deployment process is fairly straightforward.
What do I think about the stability of the solution?
I have no complaints about the stability of Tenable Nessus.
What do I think about the scalability of the solution?
Tenable Nessus is definitely scalable, especially for license formats designed for scalability. However, this question is not entirely applicable to my situation since we have not explored scalability in-depth.
How are customer service and support?
We have not needed to escalate support queries since we found the necessary information in manuals.
Which solution did I use previously and why did I switch?
We previously used ExtraHop for network monitoring but transitioned to different solutions such as Suricata, Zeek, and NetFlow analysis.
How was the initial setup?
The initial setup is absolutely simple and straightforward.
What's my experience with pricing, setup cost, and licensing?
The pricing for Tenable Nessus has increased significantly, tripling over the last few years. We have not renewed the separate scanner due to the high cost.
Which other solutions did I evaluate?
We evaluated Qualys, Outpost Scan, and Rapid7 as competitors in the market.
What other advice do I have?
I rate Tenable Nessus an eight. It is usable in any organization that needs a vulnerability assessment tool. However, the pricing increases have made us reconsider renewing it. The tool could benefit from features that allow for more automation and integration, especially in retrieving asset lists and port flow data. Overall, I give it a rating of 8 out of 10.
AL2 based AMI Image
this help us to deploy via Service Catalog.
that is very helpful.
but currently, AMI image is build based on AL2, not 2023.
AL2 is no longer supported after July 2025.
so we want Tenable to provide AL2023 based nessus AMI.
Provided increased visibility across the organization's servers
What is our primary use case?
Tenable Nessus's primary use case is scanning endpoints and servers for vulnerabilities, outdated patches, or services. I am using it to increase visibility and dive deep into systems.
The tool is particularly used for scanning Linux servers to check for vulnerabilities and unwanted patches or services.
How has it helped my organization?
Tenable Nessus has provided increased visibility across the organization's servers. It automates the process of checking for outdated features and services across multiple servers, which would be challenging to do manually. This solution helps in detecting vulnerabilities that could go unnoticed otherwise.
What is most valuable?
The scanning and reporting features are the most valuable aspects of Tenable Nessus. The solution also provides accurate mitigations and suggestions, which have been beneficial for vulnerability management.
What needs improvement?
The user interface of Tenable Nessus feels outdated and could be more user-friendly.
Additionally, the documentation is not well-organized, which can be confusing when searching for solutions or specific information related to Tenable Nessus Professional. The reporting feature could be improved by allowing users to create their own templates instead of relying on predefined ones.
For how long have I used the solution?
I have been working with Tenable Nessus for more than six months, closer to eight months, but less than a year.
What do I think about the stability of the solution?
The solution is stable. We have not encountered any issues with missing network items or errors in API and webhook interactions. Everything works as expected.
What do I think about the scalability of the solution?
Tenable Nessus is highly scalable. It efficiently handles increasing numbers of servers without limitations. Whether managing 50 servers today or 500 tomorrow, performance or capacity are not hindered.
How are customer service and support?
The technical support is good yet could improve in terms of response time. The feedback and reply times should be faster.
Which solution did I use previously and why did I switch?
Previously, we used a Fortinet solution that also scanned source code. We switched to Tenable Nessus as our source code scanning needs had been outsourced, and we found Nessus to be fast and effective, offering remediation and mitigation components.
How was the initial setup?
The installation was straightforward, with documentation guiding the process. The challenge was in configuring the server for full network access, which was not difficult but time-consuming.
What about the implementation team?
The deployment and maintenance were handled by two cybersecurity engineers.
What was our ROI?
The return on investment is significant, primarily because it enhances visibility in identifying potential threats and managing them efficiently.
What's my experience with pricing, setup cost, and licensing?
Tenable Nessus's pricing is adequate if it is fully utilized. The cost is justified by the value it brings in terms of features and performance.
Which other solutions did I evaluate?
We evaluated other vendors, likely smaller startups. I cannot recall their names as they were not as prominent.
What other advice do I have?
For those evaluating Tenable Nessus, it is beneficial for easy detection and mitigation of security vulnerabilities. It provides comprehensive mitigations and is less time-consuming with fast scanning capabilities.
I'd rate the solution eight out of ten.
Has individual options available for web servers
What is our primary use case?
We have clients, and we are a vendor. We have deployed Tenable Nessus users with the help of the Principal on the client's environment. I have experience with the deployment and the scanning.
What is most valuable?
The features I personally like include host discovery. For web servers, there are individual options available. There are many options that are useful to us.
What needs improvement?
Sometimes, the categorization for clients was tricky at first, however, they eventually got used to it.
What do I think about the stability of the solution?
I haven't faced any issues as of now. It has been stable with no critical issues, technical issues, or downtimes.
How are customer service and support?
The support has been really cooperative. Whenever any issue arises, we contact the support, and they are always there for us. The support is pretty good.
What about the implementation team?
The deployment was done by the Tenable team, and I was part of this process.
What other advice do I have?
I definitely recommend Tenable Nessus for network scanning and other tasks.
I'd rate the solution eight out of ten.
showing 11 - 20