ManageEngine Vulnerability Manager Plus vs. Nmap vs. Tenable Nessus

ManageEngine Vulnerability Manager Plus is highly effective for organizations prioritizing ease of use, cost-effectiveness, and a single pane of glass for both vulnerability detection and patching. It is well-suited for organizations needing to manage a diverse, yet traditional, on-premise IT infrastructure (servers, workstations, laptops). It is good at securing remote endpoints by using an agent to scan, detect and patch workstations. It is good for both scanning and remediating vulnerabilities through the built-in patching tools. It is ideal for a smaller to mid sized environment using Active Directory.

Incentivized

If you're a sysadmin, or anyone who's had to deploy network services, you've almost certainly had to use Nmap at some point or other. Need to see what devices are on your LAN? Nmap can tell you that. Want to check which ports your web server has open to the internet? Nmap is your friend.

Nmap is a powerful command-line tool and has many options that require some reading of documentation to get the best out of (although generally straightforward). If the thought of working at the command-line scares you (presumably not if you're reading this review), then you may want a much simpler tool, or at least check out Zenmap GUI.

Incentivized

It is an excellent tool for scanning servers, workstations, and network devices to identify missing patches and misconfiguration; we regularly use it to confirm patch effectiveness after the update; it also helps us for preparing audits such as iso 27001, and regulatory requirements, it also helps us to identify open ports and services that violate security.

• Patch detection
• Patch application
• History and inventory.

• NMap provides a very fast and a very thorough network "sweep" that allows you to quickly map out exactly what's on your network.
• NMap is highly configurable. The "canned" choices are very good in most instances, but using various switches and options, you can create a very specific scan and get exactly the results you're looking for.
• NMap is easy to use. Even a new administrator will be able to use the graphical version (Zenmap) with efficiency right away.

Incentivized

• Nessus is best at performing vulnerability scans, in fact, it gives findings and moreover accurate findings of the assessments. It does not do penetration testing or exploit the vulnerabilities because it is concerned about scanning the systems/applications.
• In fact, Nessus has multiple profiles/policies to perform different types of scans such as, scans oriented for PCI-DSS, malware scans, web application scans, bad shell shock detection scan to name a few.
• Nessus has the ability to classify the vulnerabilities into risk-based categories from critical to even informational which I think is one of the things that separates Nessus from other vulnerability scanners.

Incentivized

• Better integration with third-party tools.
• Licenses for budget-friendly customers

Incentivized

• The GUI version on Nmap could use some improvement with the options that are available to do scans. For example, they could make it easier to select options for the different types of scanning for people who are beginners
• There are no abilities to schedule a scan in the Nmap tool.
• An intensive scan sometimes takes too much time to complete.

Incentivized

• The tool has lots of options for setting up before scanning any device, this methodology could be simplified further with default configuration for various devices predefined, anyhow we can use this technique by making use of policies.
• For advanced users we cannot disable the plugins inside the plugin groups, we can enable the whole set of plugins at a time, for few hundreds its ok, but thousands of plugins are of waste of resource and time.

Incentivized

We're already on our third renewal.

Nessus is best and easy to use application for Vulnerabilities finding and reporting, it has multiple platforms and wide scope covering almost all devices for security improvement so far, thus we are very likely to continue its services.

Incentivized

Its usable for system patchig

Incentivized

Nmap uses are very practical and I don't think there is a better tools for what Nmap does. It is open-sources that therefore there is no cost to use it. It offers a number of benefits, including but not limited to network mapping, port scanning and more. It is very reliable as a network scanning tool.

Incentivized

Tenable Nessus is a great product and provides a lot of value, but it is difficult to set up and use and the amount of data it generates can be overwhelming. It does help us prioritize based on the severity of the detection, however there are sometimes mitigating factors that we have implemented that Nessus does not account for, which causes lots of noise in the reports.

Incentivized

There is a very large support community and a robust selection of add-ons and scripts. Once you get the use down this is one of the most powerful tools and you can find anything you are looking for as far as examples on the web. While not having official support its not lacking by any means.

Incentivized

I haven't needed to contact support yet. But issues are easily solved with a quick internet search which means support and by extension, the larger community are involved and knowledgeable.

Incentivized

I chose Vulnerability because it is very easy to use and analyzes threats effectively. I previously used Microsoft System Center; however, due to its complexity and lack of transparency, we decided to remove it from our company and keep only Vulnerability.

Incentivized

Alternatives to Nmap (other IP scanners) are often much more limited in what they can do; They often only allow you to scan a specific subset of ports or a limited number of IP addresses in one command. Nmap is unrestricted in that regard. What makes Nmap stand out above the rest, is the complete network analysis package you get with it. It allows IP scanner, network deep-dives, hardware analysis, vulnerability analysis, encryption detailing, and so much more, in one free application

Incentivized

Sometimes when we identify a vulnerability with Nessus that has an exploit, we made a proof of concept with Metasploit in order to show to the IT managers the importance of the software/hardware hardening.

Incentivized

• By automating the scanning, assessment, and patch management process, VMP has helped reduce the time to patch for us by 40%.
• It has provided continuous visibility into device health and overall patch state. This has helped reduce the amount of time manually checking and updating.
• By prioritizing the list of vulnerabilities the tool has helped our staff stay focused on the high-impact risks and ensure that critical assets are patched first.

Incentivized

• Nmap with Wireshark is free, so it's been a great combo team to gather info and test.
• It's allowed us to avoid fines from false positives and to fix actual issues ourselves.
• Great for finding hosts, helps keep the network secure.

Incentivized

• Nessus certainly has a positive impact while me while performing my job, either as security research, or performing vulnerability assessments for clients. It gives a lot of information about the system/application after performing scans. The number of false positives is also less compared to other vulnerability scanners.
• The professional edition is very useful as policy templates available in this edition are very handy and useful even to perform compliance scan like PCI DSS scan.
• Also, the ability to export the scan results into reports in formats like HTML, PDF is very useful which could be for performing system/application reviews.

Incentivized