Skip to main content
TrustRadius
Tenable Nessus

Tenable Nessus

Overview

What is Tenable Nessus?

Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.

Read more

Learn from top reviewers

Return to navigation

Pricing

View all pricing

1 Year

$2,790.00

Cloud

1 Year + Advanced Support

$3,190.00

Cloud

2 Years

$5,440.00

Cloud

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Details

What is Tenable Nessus?

Tenable Nessus Video

Nessus Professional Overview

Tenable Nessus Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.

Reviewers rate Support Rating highest, with a score of 7.1.

The most common users of Tenable Nessus are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

(1-5 of 7)

Why Nessus is such a great tool

Rating: 10 out of 10
April 14, 2023
We are an MSSP and use Nessus to conduct vulnerability assessments to our smaller clients who cannot afford the larger products
  • Vulnerability assessment tool
Cons
  • I love the product only downside is that the reporting can be upgraded to make custom reporting easier
Nessus is perfect for smaller companies and consultants. As the its a annual license to scan unlimited amount of IP's

Nessus in for auditing infrastructure

Rating: 9 out of 10
January 14, 2020
Nessus is one of the best vulnerabilities assessment tools. We use it to evaluate, as one of our primary controls, to know how secure or insecure is our infrastructure (networks, servers, switches configurations) are and also identifying the different vulnerabilities in web applications we use. So with the help of the results (reports), we can explain to the managers and the technologies administrators the risks that exist in their software and hardware. For the company is very useful for the audit areas and security area. Those areas work together in the assessment and evaluation. We trust in the info and results gave by Nessus.
  • Vulnerabilities assessment.
  • Configuration file evaluation.
  • Reporting.
Cons
  • Interaction with some other tools like Metasploit.
When you want to know about how strong the hardening of your software is. Also, when installing a router, switch or another network device, Nessus helps you by indicating if the configuration has some vulnerabilities or maybe if it requires some other options to make a strong configuration and avoid attacks.

Without a doubt, one of the best vulnerability scanners on the market

Rating: 8 out of 10
September 20, 2019
TG
Vetted Review
Verified User
Tenable Nessus
1 year of experience
I have used Nessus for performing the vulnerability scans largely. It is largely used for doing vulnerability assessments and penetration testing activities. No matter if you are a security researcher or a security consultant working for some organization, Nessus is known to everyone and is a really helpful tool.
  • Nessus is best at performing vulnerability scans, in fact, it gives findings and moreover accurate findings of the assessments. It does not do penetration testing or exploit the vulnerabilities because it is concerned about scanning the systems/applications.
  • In fact, Nessus has multiple profiles/policies to perform different types of scans such as, scans oriented for PCI-DSS, malware scans, web application scans, bad shell shock detection scan to name a few.
  • Nessus has the ability to classify the vulnerabilities into risk-based categories from critical to even informational which I think is one of the things that separates Nessus from other vulnerability scanners.
Cons
  • Starting with the cost of Nessus, though it is available for free also it has some restrictions for the free version. Nessus essential which is a free version does not allow to perform internal/external PCI scan policies, config audits which I think is a drawback. As many security researchers, small organizations use this tool for vulnerability scans I think some additional features should be added into free version as Nessus professional version is not cost-friendly for everyone.
  • I think Nessus can improve the way it shows scan status while the scan is ongoing. Once scans are started and running, it sometimes failed to show exactly how much percent of scan is completed, for example, it shows scan status from 0% completed to 100% completed directly without showing the in-between completion percentage.
Nessus is perfectly suitable for performing comprehensive vulnerability assessment scans being a vulnerability scanner. It is less appropriate for performing penetration testing since it is not a penetration testing tool, it does not have the ability and modules to exploit the vulnerabilities of the system.

Secure information of organization, easy recognition of vulnerability and its assessment.

Rating: 9 out of 10
August 14, 2019
SZ
Vetted Review
Verified User
Tenable Nessus
2 years of experience
Our company personnel are mostly depending on Nessus for performing vulnerability assessment on servers and Network Devices of clients, most of our clients are banking networks, government bodies looking for securing their networks and compliance in accordance with information security standards. Nessus is very advanced tool for mainly highlighting server's configuration level, software level issues and missing security patches and for network devices it lists any configuration issues, outdated practice or patches required for improvement of information security.
  • With Nessus we can find the missing critical patches for a server or workstations.
  • Nessus points out any vulnerable or outdated software Technologies used in the system, thus eliminating any chances for security flaws being turned up.
  • Nessus typically points any configuration level issues in accordance with the OWASP guidelines. Even the configuration of SSL related which are most of the time handled by some vendors or 3rd parties.
  • Nessus not only lists out these Vulnerabilities but describes clearly the vulnerabilities in details with its thousands of plugins updated regularly, the tool also recommends solution with practical details of easy implementation.
Cons
  • The tool has lots of options for setting up before scanning any device, this methodology could be simplified further with default configuration for various devices predefined, anyhow we can use this technique by making use of policies.
  • For advanced users we cannot disable the plugins inside the plugin groups, we can enable the whole set of plugins at a time, for few hundreds its ok, but thousands of plugins are of waste of resource and time.
Nessus is quite suitable foe any network devices like switches, routers, firewalls or proxy, for different servers also the tool is very operable, it has plugins for almost every operating system and managed devices, only thing is before using on to the intended device the tool should be updated which takes much time to compile plugins.

Nessus - Always stay compliant

Rating: 8 out of 10
August 13, 2021
Vetted Review
Verified User
Tenable Nessus
3 years of experience
Nessus vulnerability tool is being used by IT Admin team to scan for vulnerabilities in the workstations and servers, routers, and switches which are planted all over the network both in LAN as well as WAN. Nessus helps to secure the network by running scans on outdated patch versions as well as it helps to implement best practices.
  • Vulnerability scanning
  • Implement Best Practices
Cons
  • Slowness when scanning large datasets and applications
  • Consumes more resources when scans deep
As an organization which is PCIDSS complied, keeping all IT infrastructure up to date is mandatory. Before Nessus was implemented, it was really hard to monitor the updates continuously. Automated Nessus scans run vulnerability assessments and sends emails with all the vulnerabilities. The reports are also highly customizable and can be exported to PDFs, HTMLs, XMLs etc.
Return to navigation