TrustRadius Insights
Accurate Vulnerability Scans: Many users have praised Nessus for its ability to perform accurate vulnerability scans and provide precise …
Starting at $2,790
View PricingOverview
What is Tenable Nessus?
Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.
Recent Reviews
Pricing
1 Year
$2,790.00
Cloud
1 Year + Advanced Support
$3,190.00
Cloud
2 Years
$5,440.00
Cloud
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Details
- About
- Tech Details
- FAQs
What is Tenable Nessus?
Tenable Nessus Video
Nessus Professional Overview
Tenable Nessus Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
Frequently Asked Questions
Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.
Reviewers rate Support Rating highest, with a score of 7.1.
The most common users of Tenable Nessus are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(76)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Pros
- Cons
- Recommendations
Accurate Vulnerability Scans: Many users have praised Nessus for its ability to perform accurate vulnerability scans and provide precise findings. They have found it to be reliable in identifying vulnerabilities and delivering accurate assessments.
Multiple Profiles/Policies: Several reviewers appreciate that Nessus offers multiple profiles/policies for different types of scans, such as PCI-DSS, malware, web application, and bad shell shock detection scans. This flexibility allows users to tailor their scanning approach based on specific needs and compliance requirements.
Risk-based Classification: Users value the fact that Nessus classifies vulnerabilities into risk-based categories, ranging from critical to informational. This feature helps prioritize remediation efforts by focusing on the most severe vulnerabilities first. It sets Nessus apart from other vulnerability scanners that may not offer this level of categorization.
Restrictions in Free Version: Some users have mentioned that the free version of Nessus has limitations, such as not allowing internal/external PCI scan policies and config audits. This has been considered a drawback by several reviewers.
Expensive Professional Version: Several users have suggested adding additional features to the free version of Nessus, as they find the professional version to be expensive and not cost-friendly for everyone.
Difficult Progress Tracking: Users have found it difficult to track the progress of a scan as the tool sometimes fails to show the in-between completion percentage. Improving the way scan status is displayed has been recommended by some reviewers.
Users highly recommend purchasing Nessus Professional for various purposes including consulting, vulnerability analysis, testing, network analysis, and development. They believe it is the industry standard for scanning vulnerabilities and offers detailed scanning capabilities with the latest security updates and vulnerabilities scans. However, they suggest that it may not be suitable for smaller enterprises. Users find Nessus Professional to be a great tool for vulnerability assessment with an easy-to-use interface, making it ideal for beginners in testing. They strongly recommend it for vulnerability scanning and securing against threats. Some users mention a lack of Indian support but still recommend using Nessus Professional to scan servers as it helps satisfy client demands, find vulnerabilities, and provide application remediation. They advise all professionals in information security, particularly IS teams, to use Nessus Professional. Users caution against generating advanced reports without tailoring single server reports first and suggest checking the reporting aspect thoroughly. To better address risk remediation, users recommend thoroughly reviewing scans and learning each vulnerability. While users appreciate the high performance and functionality of Nessus Professional, they find the default reports insufficient and custom report generation difficult. For performing PCI assessments, users consider Nessus Professional a great product that is easy to implement and use as a good appliance. Some users also recommend using other Tenable products for vulnerability scanning and configuration compliance monitoring. Users propose adding options to identify vulnerability issues by level of importance in Nessus Professional but generally agree that it does a good job finding and identifying vulnerabilities. They suggest using SecurityCenter for easier security management and great reports. Users highlight the need for improved requirements when running authenticated scans and recommend conducting multiple scans to ensure accurate results since false positives can occur at times. Overall, users recommend using Nessus Professional for experienced cybersecurity professionals to identify vulnerabilities in systems.
Attribute Ratings
Reviews
(1-5 of 5)Companies can't remove reviews or game the system. Here's why
January 30, 2020
Nessus
We use Nessus within our information security department to scan our network for vulnerabilities. Afterwards we ensure to patch the necessary vulnerabilities. We also use Nessus for PCI scanning as required for PCI compliance.
- Vulnerability scanning.
- PCI scanning.
- Could use an upgrade within reports.
- Scans can take a long time to complete. Have to break them down in small sections.
- Great vulnerability scanning tool for the price.
We looked at AlienVault since it can be a SIEM and scanner all in one. Ultimately, we decided AlienVault didn't stack up well against Nessus so we decided to purchase Nessus. Glad we did.
January 14, 2020
Nessus in for auditing infrastructure
Nessus is one of the best vulnerabilities assessment tools. We use it to evaluate, as one of our primary controls, to know how secure or insecure is our infrastructure (networks, servers, switches configurations) are and also identifying the different vulnerabilities in web applications we use. So with the help of the results (reports), we can explain to the managers and the technologies administrators the risks that exist in their software and hardware. For the company is very useful for the audit areas and security area. Those areas work together in the assessment and evaluation. We trust in the info and results gave by Nessus.
- Vulnerabilities assessment.
- Configuration file evaluation.
- Reporting.
- Interaction with some other tools like Metasploit.
- Preventing attacks.
- Saving the time of deep analysis.
- Saves money.
Sometimes when we identify a vulnerability with Nessus that has an exploit, we made a proof of concept with Metasploit in order to show to the IT managers the importance of the software/hardware hardening.
September 20, 2019
Without a doubt, one of the best vulnerability scanners on the market
I have used Nessus for performing the vulnerability scans largely. It is largely used for doing vulnerability assessments and penetration testing activities. No matter if you are a security researcher or a security consultant working for some organization, Nessus is known to everyone and is a really helpful tool.
- Nessus is best at performing vulnerability scans, in fact, it gives findings and moreover accurate findings of the assessments. It does not do penetration testing or exploit the vulnerabilities because it is concerned about scanning the systems/applications.
- In fact, Nessus has multiple profiles/policies to perform different types of scans such as, scans oriented for PCI-DSS, malware scans, web application scans, bad shell shock detection scan to name a few.
- Nessus has the ability to classify the vulnerabilities into risk-based categories from critical to even informational which I think is one of the things that separates Nessus from other vulnerability scanners.
- Starting with the cost of Nessus, though it is available for free also it has some restrictions for the free version. Nessus essential which is a free version does not allow to perform internal/external PCI scan policies, config audits which I think is a drawback. As many security researchers, small organizations use this tool for vulnerability scans I think some additional features should be added into free version as Nessus professional version is not cost-friendly for everyone.
- I think Nessus can improve the way it shows scan status while the scan is ongoing. Once scans are started and running, it sometimes failed to show exactly how much percent of scan is completed, for example, it shows scan status from 0% completed to 100% completed directly without showing the in-between completion percentage.
- Nessus certainly has a positive impact while me while performing my job, either as security research, or performing vulnerability assessments for clients. It gives a lot of information about the system/application after performing scans. The number of false positives is also less compared to other vulnerability scanners.
- The professional edition is very useful as policy templates available in this edition are very handy and useful even to perform compliance scan like PCI DSS scan.
- Also, the ability to export the scan results into reports in formats like HTML, PDF is very useful which could be for performing system/application reviews.
Tools like Qualys, Rapid7 stack up well against Nessus, but I think Nessus is superior overall when compared to them, given the features it has.
August 28, 2019
A great, easy-to-use security application!
I use Nessus to conduct periodic vulnerability scans of our primary production servers and plan to implement scheduled scans of all nodes in batches at some point in the future.
- Identifying known vulnerabilities.
- Scoring discovered vulnerabilities appropriately.
- Presenting vulnerabilities and remediation recommendations on an easy to read format.
- While it is easy to use, it assumes a certain level of knowledge from the user, therefore, it could explain things a little better as the user moved through the program.
- It has helped identify security flaws in our infrastructure that has helped better secure our client's data. It did so quickly and efficiently so I was able to move on to other tasks.
Nessus is much easier to use.
August 14, 2019
Secure information of organization, easy recognition of vulnerability and its assessment.
Our company personnel are mostly depending on Nessus for performing vulnerability assessment on servers and Network Devices of clients, most of our clients are banking networks, government bodies looking for securing their networks and compliance in accordance with information security standards. Nessus is very advanced tool for mainly highlighting server's configuration level, software level issues and missing security patches and for network devices it lists any configuration issues, outdated practice or patches required for improvement of information security.
- With Nessus we can find the missing critical patches for a server or workstations.
- Nessus points out any vulnerable or outdated software Technologies used in the system, thus eliminating any chances for security flaws being turned up.
- Nessus typically points any configuration level issues in accordance with the OWASP guidelines. Even the configuration of SSL related which are most of the time handled by some vendors or 3rd parties.
- Nessus not only lists out these Vulnerabilities but describes clearly the vulnerabilities in details with its thousands of plugins updated regularly, the tool also recommends solution with practical details of easy implementation.
- The tool has lots of options for setting up before scanning any device, this methodology could be simplified further with default configuration for various devices predefined, anyhow we can use this technique by making use of policies.
- For advanced users we cannot disable the plugins inside the plugin groups, we can enable the whole set of plugins at a time, for few hundreds its ok, but thousands of plugins are of waste of resource and time.
- Very positive, infact most of our work is dependent on Nessus tool for consulting best practices to organizations with computer and information technology operations.
- Qualys Cloud Platform (formerly Qualysguard)
Nessus is standard vulnerabilities assessment tool, i would recommend for mid or higher level organization to have their personalised tool from Nessus for day to day managing of their network security with continuous improvements.
50
Network security consulting for various business sectors like banking, egovernance, marketing etc,.
Anyone who has understanding of application installations and system configuration can support for Nessus workflow.
- Servers internal level configuration issues have been identified and fixed
- Regular missing patches check being performed
- Application level issues have been reported, like multiple Vulnerabilities of older version applications
- We make use of the product for multiple platforms by integrating it into a single VM.
- We are currently making use of Nessus for almost all types of computer and network devices, to go on further any newer operating systems of linux based develops we'll include those plugins for respective vulnerability Assessment
No
- Price
- Product Features
- Product Usability
- Product Reputation
- Prior Experience with the Product
- Analyst Reports
- Third-party Reviews
The product features are vivid and covers most of our needs during assessment so far, the application usage was also familiar with our organization decision makers.
I would recommend Nessus to use if i started to evaluate again, because of its features and so much of reputation and community vide scope.
- Perform Servers Scan, windows preferably
- Running automated scans on network devices
- Some older switches are difficult to configure for credentialed scans
- Proxy servers credentialed scan takes peculiar configuration knowledge for right scan
No