TrustRadius: an HG Insights company

Tenable Nessus

Score8.9 out of 10

86 Reviews and Ratings

Get a Demo

What is Tenable Nessus?

Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features Tenable Nessus has to offer, as determined by TrustRadius' reviewers.
Based on 86 ratings of Tenable Nessus's features
View all features

Top Performing Features

  • IT Asset Realization

    Scans a network to identify hardware and software assets on the network.

    Category average: 8.4

  • Authentication

    Authentication of users and services within a network to prevent vulnerabilities from being introduced to the network.

    Category average: 8.1

  • Configuration Monitoring

    Constant monitoring of a network set up to identify vulnerabilities as they occur within the network or tech stack on the network.

    Category average: 8.3

Areas for Improvement

  • Web Scanning

    Specifically scans webpages for potential threats or vulnerabilities.

    Category average: 7.8

  • Automated Alerts and Reporting

    Systems in place to automatically alert, report, or notify of issues that may need timely remediation.

    Category average: 8.1

  • Automated Threat Identification

    Leveraging multiple sources of information (such as threat intelligence databases) to automatically identify threats.

    Category average: 7.8

Reviews

What users are saying about Tenable Nessus.
View all reviews

Reliable and cost effective vulnerability managements with Nessus.

Akhilesh Ghosh
VAPT-Teamlead in Information Technology at Digitaltrack Solutions (501-1000 employees employees)

Use Cases and Deployment Scope

We utilize Nessus as a primary vulnerability assessment tool to identify security weaknesses across organizations. It enables us to perform scheduled scans to comply with requirements and also helps us assess our organization's security posture. We use Nessus to scan our External and internal networks, servers, endpoints, web applications, and configurations to identify risk and compliance gaps.

Pros

  • Highly customizable Scanning.
  • Clear reporting and risk prioritization.
  • Integration capabilities.

Cons

  • Manual remediation tracking.
  • Scan preforming on large network.
  • False positive and context gaps.
  • User management and role based access.

Return on Investment

  • Reduced risk exposure.
  • Improve compliance and audit outcomes
  • Accelerate patch management
  • Require manual remediation tracking
  • Limited advanced threat analytics required

Usability

Alternatives Considered

Qualys VMDR and Rapid7 InsightVM

Other Software Used

Splunk Enterprise Security, ServiceNow IT Service Management, PortSwigger Burp Suite

Great Product.

Phil JacksonView profile
System Admin in Information Technology at a.i. solutions (201-500 employees employees)

Use Cases and Deployment Scope

We use Tenable for vulnerability management for our network and virtual machines. This helps us find configuration issues and software vulnerabilities in the software and hardware that we use. It enables us to run a virtual machine, perform scans to identify out-of-date configurations, and provides steps to resolve issues in our environment.

Pros

  • Shows you how to fix certain vulnerabilities and the commands to run.
  • Gives you the CVEs that the vulnerabilities are matched to.
  • Easy to understand the vulnerabilities list, giving reasons why the issues need to be patched or fixed.

Cons

  • No places of improvement I can find.

Return on Investment

  • It has helped us alleviate holes in our environment that we could not see before.

Usability

Other Software Used

KnowBe4 Security Awareness Training, Absolute Control

Why Nessus is such a great tool

Stephan van der MerweView profile
Cyber Security Analyst in Information Technology at SSMT IT Security (1-10 employees employees)

Use Cases and Deployment Scope

We are an MSSP and use Nessus to conduct vulnerability assessments to our smaller clients who cannot afford the larger products

Pros

  • Vulnerability assessment tool

Cons

  • I love the product only downside is that the reporting can be upgraded to make custom reporting easier

Most Important Features

  • Best Vulnerability scanning engine

Return on Investment

  • Cost effective vulnerability scanner for small companies or consultants

Alternatives Considered

Tenable.io, Tenable.sc, Tenable.cs and Tenable.ad

Other Software Used

Tenable.io, SentinelOne Singularity, Kaspersky Endpoint Security

Tenable Nessus Review

Incentivized
Verified User
Engineer in Information Technology (1001-5000 employees employees)

Use Cases and Deployment Scope

We use Tenable Nessus to scan for vulnerabilities and insecure misconfigurations to improve our security posture. Nessus identifies missing patches and firmware updates and provides basic information on the CVEs to help with remediation. I sleep better at night knowing we are proactively preventing breaches and unauthorized access. It is also valuable tool to achieve compliance and provides evidence for our auditors.

Pros

  • Identifies vulnerabilities and misconfigurations across many platforms.
  • Helps us achieve compliance with our auditors
  • Helps us prioritize remediation based on severity of the CVE/misconfiguration

Cons

  • There are some legacy systems that we are unfortunately not able to patch. There is no way to flag these so they are not in all our reports. We still need to track these but they don't need to be included in the weekly scan every time.
  • The Service Now integration is very complex.
  • We get quite a few false positives, especially when scanning network infrastructure such as siwtches and firewalls.

Return on Investment

  • Tenable Nessus has saved our security team countless hours of manually identifying security weaknesses in our infrastructure.
  • I would like to think that the remediations we have performed based on Tenable Nessus reports has prevented at least one breach of our network. If that is the case, the ROI is basically incalculable but could easily be in the tens of millions of dollars.
  • Tenable Nessus has helped our organization formalize many security practices and processes that keep our business running smoothly.

Usability

Alternatives Considered

Microsoft Defender for Endpoint and CrowdStrike Falcon

Other Software Used

Microsoft Defender for Endpoint, Palo Alto Networks WildFire

Nessus in for auditing infrastructure

Incentivized
Omar Israel Sánchez MonroyView profile
Auditor de Seguridad de la Información in Information Technology at Peñoles (5001-10,000 employees employees)

Pros

  • Vulnerabilities assessment.
  • Configuration file evaluation.
  • Reporting.

Cons

  • Interaction with some other tools like Metasploit.

Return on Investment

  • Preventing attacks.
  • Saving the time of deep analysis.
  • Saves money.

Alternatives Considered

Metasploit

Other Software Used

Frontline Vulnerability Manager, Fortinet FortiGate, Kaspersky Endpoint Security