Nessus (BYOL)
Tenable, Inc. | 8.14.0Linux/Unix, Amazon Linux 2018.03 - 64-bit Amazon Machine Image (AMI)
External reviews
External reviews are not included in the AWS star rating for the product.
Product scan
What do you like best?
auto update of plugins and the representation
What do you dislike?
Nothing as of now but in case if i see anything in future i'll update Nessus team
What problems are you solving with the product? What benefits have you realized?
identifies all the vulnerabilities present in our product due to 3rd party software
- Leave a Comment |
- Mark review as helpful
Nessus is the gold standard for vulnerability scanning.
What do you like best?
Nessus offers great support for the platform and the documentation is thorough for an easy implementation and configuration.
What do you dislike?
The pricing model has changed and some features now require a larger financial commitment or maintaining older versions, which is obviously not desirable for a security and compliance tool.
What problems are you solving with the product? What benefits have you realized?
Nessus allows us to set and forget the majority of our vulnerability scans and provides all the details we need to ensure our environments are not opening drastic new security holes. This allows us to focus on more critical security issues, while also maintaining our compliance information without user interaction.
Recommendations to others considering the product:
Definitely read the documentation before you get started, it will save a lot of time and make sure everything is configured correctly.
De Facto Standard in Vulnerbility Scanners - Best Vulnerbility Scanner for the price.
What do you like best?
Nessus Professional is an Intelligent and highly customizable security product. Our team gets very accurate scan results. The security plugins are always current. The compliance templates provided can be customized to reflect the our regulatory and security needs.
What do you dislike?
Improve the Web GUI:
The Nessus Web GUI does take some getting used to. Additionally, advanced configuration settings could be better organized and contextual help should be added / improved when navigating the web GUI. More report customization would aid in providing better management reporting. Disk space utilization and system health should be added to the web GUI as this would help to alert administrators and users if and when system logs require pruning or to proactively clean old scan jobs that are consuming disk space.
Security Compliance:
The security compliance templates are very useful but the compliance templates could be expanded to cover more vendor products and the compliance templates should be maintained at current levels to reflect changing compliance standards.
Mobile App:
There are times when I am away from my desk and we would like to have a mobile version that would run on a portable platform such as a Android phone or tablet.
The Nessus Web GUI does take some getting used to. Additionally, advanced configuration settings could be better organized and contextual help should be added / improved when navigating the web GUI. More report customization would aid in providing better management reporting. Disk space utilization and system health should be added to the web GUI as this would help to alert administrators and users if and when system logs require pruning or to proactively clean old scan jobs that are consuming disk space.
Security Compliance:
The security compliance templates are very useful but the compliance templates could be expanded to cover more vendor products and the compliance templates should be maintained at current levels to reflect changing compliance standards.
Mobile App:
There are times when I am away from my desk and we would like to have a mobile version that would run on a portable platform such as a Android phone or tablet.
What problems are you solving with the product? What benefits have you realized?
With respect to patch management, we use Nessus to validate new server and network appliance builds. As a government organization, we are required to adhere to security policies pertaining to security compliance and cyber security. To us, Nessus definitely fills are security compliance needs.
Recommendations to others considering the product:
Must be comfortable with customizations. Should have a strong understanding of networking technologies.
Enterprise User
What do you like best?
The Nessus web interface is very intuitive.
What do you dislike?
There is not much to dislike in Nessus today.
What problems are you solving with the product? What benefits have you realized?
Discovery, vulnerability, and compliance scanning.
Great tool for self-assessments and scanning new deployments
What do you like best?
Great interface, portable (I run it on a laptop), and the reporting format has been great for developing a methodology with which I can track my organization's security posture over time.
What do you dislike?
Very little to dislike here. I think the only thing I'd like to see is a summary interface that does some of my reporting work for me, instead of me having to review the reports and create totals for each vulnerability category (critical, high, etc.).
What problems are you solving with the product? What benefits have you realized?
I can scan new systems before they go into production, I can monitor our security posture over time as new threats emerge and we deal with existing ones, and I have used the data from the reports to track our security for over four years running now.
Recommendations to others considering the product:
You should consider this a must-have in your security toolbox. You can use it to self-assess as well as a check against third party assessments.
Nessus is a great value
What do you like best?
We have been using Nessus for several years, performing professional pen-testing and vulnerability assessments. This has been an invaluable tool for our business. It has helped us bring security solutions to many clients.
What do you dislike?
Unfortunately, the pricing has been steadily increasing year over year. Within the next couple years, other tools may prove to be a better value.
What problems are you solving with the product? What benefits have you realized?
Nessus helps us identify security risks and determine a path to remediation. It doesn't provide remediation instructions, but the details are very helpful for us to plan remediation.
Recommendations to others considering the product:
Be cognizant of increasing renewal prices
Director of IT/Operations
What do you like best?
Real-Time vulnerability check and sensitive data searches
What do you dislike?
Plugins and using reports are a bit challenging.
What problems are you solving with the product? What benefits have you realized?
Primarily for security compliance
Great Product
What do you like best?
I like the user friendliness of the interface
What do you dislike?
I'm not sure I like the new vulnerability grouping that shows for each host (purple color)
What problems are you solving with the product? What benefits have you realized?
We mostly use Nessus to see what known security patches have not been applied yet. This allows us to enforce patching of all systems (Windows and Linux). This has allowed us to have a monthly dashboard highlighting vulnerable systems and has enabled us to ensure that all systems have all known security patches within a 60 day window.
Fantastic Vulnerability Scanner
What do you like best?
I liked the simplicity of the readout from the vulnerability scanner
What do you dislike?
Unfortunately, the only thing I had an issue with was the pricing model. It is priced lower than most, but I am working in a non profit organization where budget is extremely tight.
What problems are you solving with the product? What benefits have you realized?
Vulnerability of business systems
Recommendations to others considering the product:
n/a
Nessus Pro/Manager on-prem review
What do you like best?
Configuration is simple. There aren't a ton of little-used features crowding UIs. Scans are fast.
What do you dislike?
Some plugins are still validating CVE resolution by looking for daemon banner version #s. With a lot of linux distros, the banner versions never line up with the backported security patches. Thus, some packages will seem vulnerable for months and months even though the vendor has patched the CVE.
What problems are you solving with the product? What benefits have you realized?
Infrastructure vulnerability scans
showing 161 - 170