Nessus (BYOL)

I mostly work with the cloud version of the product. Based on my customers' experience, they mostly use Microsoft Azure . My customers utilize a hybrid cloud setup where we use on-premises and cloud solutions because we have air-gapped customers who have no other option than to use on-premises. The customers who have cloud access and are open to using cloud solutions are using Tenable One, which is a cloud-based solution.

I would not personally speak to what I like about Tenable Nessus , because I think the only reason many customers are using it is because it is well-known and they have received directives from their companies or mother companies. For me, the key value is the ease of use and integration with SIEMs because it has built-in integrations with IBM QRadar  and others. Tenable Nessus  is typically a widely integrated tool within the existing security ecosystem. It is part of the security policy that customers have implemented, so it does provide positive impact and is beneficial to use Tenable Nessus.

I would not personally speak to what other features I would like to see in future updates of Tenable Nessus; this is perhaps more a question for the customers rather than for me. Based on what customers typically use, what they need to meet all requirements and security requirements is currently available. However, for some customers, they would like to have more assistance as they are becoming accustomed to AI co-pilots. An AI feature that helps them discover options without requiring them to deep dive into all features or guides them through advisory functions would be beneficial.

I have been implementing the product for four or five years.

The technical support from Tenable is adequate. When a customer opened a ticket, they did not reach out to us directly. I know that they opened the ticket but did not get back to us, so I believe the ticket was resolved; otherwise, they would have informed us.

Within the company, we have two people who are dealing with Tenable Nessus. Beyond Tenable Nessus, they are also dealing with Rapid7 scanners as we provide multiple solutions for vulnerability scanning.

It remains acceptable for us to use and sell Tenable Nessus because we can still bring in revenue, so it continues to be worthwhile.

Based on my experience, the pricing for Tenable Nessus is somewhat higher, but customers still want to pay for it, so it remains acceptable. The annual price increase of six to seven percent could potentially be lower, which would be beneficial. However, when we compare it to other solutions, it is more difficult for us to negotiate the price for Tenable Nessus than to negotiate the price with Rapid7.

We are not using Tenable Nessus internally; we are only providing it to our customers. The implementation of Tenable Nessus depends on the scenario and is straightforward for us. The implementation process does not take much time for me personally. However, it typically requires at least one day because you need to fine-tune the configuration, as it is not simply setting it up; troubleshooting and fine-tuning also take time. For a simple implementation that is not distributed or large-scale, it usually takes about one day. When we find something in Tenable Nessus, we use automation to help us with that, combining it with automation. For me, this approach is acceptable. My customers do not appear to utilize Tenable Nessus' configuration auditing feature. I have used the reporting features with Tenable Nessus where customers conduct scheduled vulnerability scans plus default scans for CVEs, and they have reporting scheduled to send all reports to the CSOs. As the partner rather than the end user, I do not deal with tickets frequently. I rate the support from Tenable at eight out of ten. I give this review an overall rating of nine out of ten.