Tenable Nessus (arm64)

I mostly work with the cloud version of the product. Based on my customers' experience, they mostly use Microsoft Azure . My customers utilize a hybrid cloud setup where we use on-premises and cloud solutions because we have air-gapped customers who have no other option than to use on-premises. The customers who have cloud access and are open to using cloud solutions are using Tenable One, which is a cloud-based solution.

I would not personally speak to what I like about Tenable Nessus , because I think the only reason many customers are using it is because it is well-known and they have received directives from their companies or mother companies. For me, the key value is the ease of use and integration with SIEMs because it has built-in integrations with IBM QRadar  and others. Tenable Nessus  is typically a widely integrated tool within the existing security ecosystem. It is part of the security policy that customers have implemented, so it does provide positive impact and is beneficial to use Tenable Nessus.

I would not personally speak to what other features I would like to see in future updates of Tenable Nessus; this is perhaps more a question for the customers rather than for me. Based on what customers typically use, what they need to meet all requirements and security requirements is currently available. However, for some customers, they would like to have more assistance as they are becoming accustomed to AI co-pilots. An AI feature that helps them discover options without requiring them to deep dive into all features or guides them through advisory functions would be beneficial.

I have been implementing the product for four or five years.

The technical support from Tenable is adequate. When a customer opened a ticket, they did not reach out to us directly. I know that they opened the ticket but did not get back to us, so I believe the ticket was resolved; otherwise, they would have informed us.

Within the company, we have two people who are dealing with Tenable Nessus. Beyond Tenable Nessus, they are also dealing with Rapid7 scanners as we provide multiple solutions for vulnerability scanning.

It remains acceptable for us to use and sell Tenable Nessus because we can still bring in revenue, so it continues to be worthwhile.

Based on my experience, the pricing for Tenable Nessus is somewhat higher, but customers still want to pay for it, so it remains acceptable. The annual price increase of six to seven percent could potentially be lower, which would be beneficial. However, when we compare it to other solutions, it is more difficult for us to negotiate the price for Tenable Nessus than to negotiate the price with Rapid7.

We are not using Tenable Nessus internally; we are only providing it to our customers. The implementation of Tenable Nessus depends on the scenario and is straightforward for us. The implementation process does not take much time for me personally. However, it typically requires at least one day because you need to fine-tune the configuration, as it is not simply setting it up; troubleshooting and fine-tuning also take time. For a simple implementation that is not distributed or large-scale, it usually takes about one day. When we find something in Tenable Nessus, we use automation to help us with that, combining it with automation. For me, this approach is acceptable. My customers do not appear to utilize Tenable Nessus' configuration auditing feature. I have used the reporting features with Tenable Nessus where customers conduct scheduled vulnerability scans plus default scans for CVEs, and they have reporting scheduled to send all reports to the CSOs. As the partner rather than the end user, I do not deal with tickets frequently. I rate the support from Tenable at eight out of ten. I give this review an overall rating of nine out of ten.

For my use case, I will use Tenable Nessus  for my vulnerability assessment. It is a very powerful vulnerability scanning tool with comprehensive coverage, accuracy, and actionable intelligence.

I mostly use the configuration audit feature for the audit configuration as a scan policy, and I will use it for credential audit, which helps me scan credentials access such as local administrator or root access, performing a deeper and more accurate check of local configuration settings and file systems, making it a highly recommended feature.

Regarding integration capabilities, we can integrate Tenable Nessus  with SIM tools such as Splunk, IBM QRadar , and Azure Sentinel , as well as with ticketing systems such as ServiceNow , Jira , and Slack. There is no complexity as it is very easy to integrate everything.

In terms of the reporting feature, while vulnerability scanning can throw some false positives, Tenable Nessus has very few, achieving a reduction of 75% to 80% false positives with manual analysis needed. We can generate standard Nessus reports that typically include host summaries and vulnerabilities by host and plugin, alongside solutions and remediation recommendations.

The main benefits I get from Tenable Nessus are complete asset inventory and comprehensive attack surface management, allowing us to prioritize vulnerabilities based on risk, focusing on true risk and threat path analysis.

Tenable could improve by integrating Gemini or ChatGPT for deeper analysis in risk assessment, making it easier to analyze risks with a simple prompt.

I have been working with Tenable Nessus for five years.

The stability of Tenable Nessus is extraordinary, not just the best, but extraordinary.

Tenable Nessus is highly scalable, warranting a rating of 9.5 or 10 out of five.

The initial setup for Tenable Nessus is very simple compared to Greenbone , as it is based on a license. There are three kinds of licenses: essential, professional, and enterprise. After purchasing the license from tenable.com, we just download it to our system and enter the key to begin vulnerability scanning.

When comparing Tenable Nessus with competitors, I consider Rapid7 and OpenVAS from Greenbone . For web application vulnerability scanning or combined scanning, I go with Tenable Nessus, but if I only want to scan networks and servers, I definitely choose OpenVAS.

Tenable Nessus is very costly compared to OpenVAS and sits on the higher side.

My preferred purchase process for Tenable Nessus is to buy any license directly with Tenable and not through any vendor.

Tenable Nessus is famous, and everyone is using it. On a scale of one to ten, I rate Tenable Nessus a 10.

We are using Tenable Nessus  Professional . We are not using Security Center and other Tenable products. For penetration test suites, we are using Tenable Nessus  solution for the first step of our penetration testing.

The solution provides time saving and cost saving benefits.

The integration part is not good because five years ago, Tenable Nessus had more integration capability. After that, Tenable changed their policies and strategy. They pushed users toward Security Center and disabled Tenable Nessus integration features.

This is Tenable's property. They want to sell Tenable Security Center , and they closed all the API capability for Tenable Nessus Professional . The Jira  integration is good, but it does not make sense for Tenable because they want to sell Security Center, which is more expensive than Tenable Nessus.

We have been using the solution for more than ten years.

The solution is not scalable but stable.

The solution is not scalable but stable.

I am not using Tenable support. I can usually fix all of the issues myself. I don't need support for Tenable Nessus.

The solution is not perfect, but it is okay. I am both a customer and have a partnership with Tenable. Quick scan is good and sufficient for our needs. The solution is very easy to use. We are deploying it in our organization.

On a scale from one to ten, I rate Tenable Nessus a seven out of ten.

The main use case for Tenable Nessus  is to scan vulnerabilities and to detect misconfigurations in devices.

The functions or features of Tenable Nessus  that I have found most valuable are vulnerability detections, which I really appreciate.

We are working with the configuration auditing feature of Tenable Nessus, and it is quite useful for my operations.

The reporting function of Tenable Nessus is useful, but it needs more features and more capabilities.

The prioritization in Tenable Nessus based on risk impact is very useful, though it's not the best capability because there are other products in Tenable that provide more detailed risk management and prioritization based on risk. However, as a standalone product, it's an interesting feature and a strong capability.

Tenable Nessus is not easy to integrate because it works alone as a standalone component, so it's not particularly important to make integrations.

As a vulnerability management tool, the only aspect that is weak in Tenable Nessus is reporting; the rest is very strong. It is the best tool that we have in the market. There is always space for improvements, mostly to have more framework configuration templates for the audit file. It can be more useful because sometimes I need to manually create a configuration file for the audit that aligns with a more specific framework. Additional frameworks templates are probably one of the features that we need.

I have been working with Tenable Nessus for more than 10 years.

I would rate the stability of Tenable Nessus as excellent.

The ability to scale Tenable Nessus as a standalone product is moderate.

The initial setup process for Tenable Nessus is very straightforward.

The main competitors in the market for Tenable Nessus are Rapid7 and Qualys, with Rapid7 being the more competitive solution against Tenable Nessus.

When comparing Tenable Nessus and Rapid7, I find Tenable Nessus much better for my use case because it is very strong.

We are using multiple products from Tenable Nessus.

I can recommend Tenable Nessus for small and mid-size enterprises, as these companies need a different solution.

On a scale of 1-10, I rate Tenable Nessus a 9.

We are using Tenable Nessus  for web security and scanning. We collect detailed reports that provide information regarding IT topology, such as which IP addresses have breaches. We separate our network and peripheral devices, and looking at the report helps us identify threats. Then we mitigate those threats, and our audit team monitors that we have completed it in the correct way.

We are doing vulnerability assessment and network scanning separately, and it's not integrated with our whole SOC or SOC solution. It's not fully integrated because different teams are performing different types of work.

We are using a SOC Automation System for web application scanning, which is one of the IBM products.

Vulnerability assessment is the most valuable feature in Tenable Nessus , as it provides brief details regarding the vulnerability issues we have in our network.

The reporting feature in Tenable Nessus is frequently used. We collect detailed reports that provide information regarding IT topology, such as which IP addresses have breaches. We separate our network and peripheral devices, and looking at the report helps us identify threats. Then we mitigate those threats, and our audit team monitors that we have completed it in the correct way.

Tenable Nessus provides observations but offers limited information about solutions. If they improve the solution component along with the observations, it would be much easier for anyone to implement a resolution.

For example, it informs us when a port is open or when a web browser on a specific IP has issues. However, it doesn't provide a detailed explanation on how to mitigate that particular issue. We need to use our own knowledge or tools such as Google or ChatGPT to find solutions. Some other solutions provide hints regarding issue mitigation, but Tenable Nessus doesn't provide that level of detail.

We want reporting to be improved with suggestions included. When issues are mentioned, we want them to provide the resolution or the actual cause so we can break down the issue and resolve the problem permanently across all our solutions.

We have been using Tenable Nessus for about two and a half years.

It was not difficult to deploy Tenable Nessus in our system. We have successfully deployed it.

We have technical support enabled with our licensing for Tenable Nessus. We have only called twice for technical support, and the service was brilliant. We received support within one to three hours.

We implemented it with the help of a third party.

We considered some IBM products, Rapid7, and a Microsoft solution before choosing Tenable Nessus. At this moment, we are accustomed to Tenable Nessus, so we don't have any plans to change it now or in the near future.

We are currently working with Tenable Nessus, and our renewal time is not close, so we haven't considered any alternatives.

I haven't considered the pricing of Tenable Nessus yet because our renewal is in about six months. We will think about that later.

I would recommend trying Tenable Nessus as it's a good solution.

I am a customer and the CIO of a financial institution.

We did not purchase our Tenable products on AWS Marketplace ; we obtained it from Omega Exim Limited, one of our vendors in the Bangladesh Marketplace.

On a scale of 1-10, I rate Tenable Nessus an 8.