Nessus, a great tool for the analysis and remediation of vulnerabilities
Tenable, in its variety of versions has a large section to train its customers, it is not a surprise that escalate positions with the passage of time and with every improvement that creates true expectations.
Within the company we have deployed Nesss and it really has been helpful to fin every vulnerability that the scans throw at us, the information is very complete from the discovery stages, we feel very satisfied, that the tool has been implemented in other infrastructure and the results are very heplful.
Nessus and its graphical interface is attractive, I would say that minimalist but punctual and charming, it is very clean, it should be applauded that in each version they improve it and include some types of scans that can bring you more complete results when you carry out an analysis. It is very remarkable that the plugins in your database are up to date and that your community generates an adequate response on time.
For now all the experience I have with Nessus has been nice, with the constancy that you have in your team working every day to improve it I know it will be a good tool for vulnerability detection.
Nessus Professional Gets The Job Done
This product does a great job of informing your IT and security groups on what may be vulnerable in your environment. Especially if your organization is looking to begin a program, start small and use this service to build up your processes and program before sinking large amounts of money into other services or products.
Nessus is still the industry leader in this arena, and the ability for the product to identify vulnerabilities accurately is still the high water mark to beat. You can be up and running in just a few minutes, and the ability to have recurring scans is a great way for this product to help you with your security program. The "Plugin Output" fields help greatly when trying to determine if tests are a false positive, and lends additional credence to your system administrators when you can show them exactly *why* something has been detected as a vulnerability.
There are no ways to track vulnerabilities or your efforts to monitor them over time; this truly is just a point-in-time view of your environment unless you upgrade to a much more expensive product.
Fully Featured Network Scanning Tool
I've more than one year industrial experience with this tool.I have used basic, advanced, compliance and patch audit features in this tool.This tool done it well with accurate results.
This is really helpful me to scan and fix the compliance and patch audit of our servers.
The ultimate result sheet is pretty good.But need more diagrams to display the final results.
The quality is OK but they should support more API call to do automation
Nessus for vulnerability scanning
After our first major client security audit, we implemented Nessus to run weekly internal and external vulnerability scans. Not only does this help satisfy our client demands, but it helps us find vulnerabilities in our systems and helps us find patches and solutions to the vulnerabilities.
Easy to set up, use and report on. We started using this application after our first major client security audit a few years ago. It's a been great tool.
Not much to dislike with Nessus. Maybe some better reports, and the cost could always be better, although it's not bad.
We use and we like it
We implemented Nessus very easy, with the support from the vendor. Good price and very good solution.
We use Nessus because is very good tool to manage you vulnerabilities. Fast scan and easy to make reports and to monitor vulnerabilities. Easy to adjust the profile scan, easy to add scan targets. Good price and a lot of features.
We did not find any problems with the Nessus vulnerability management.
Good vulnerability manager
The project was a success. I recommend Nessus.
The soft is very useful to identify and manage vulnerabilities. The implementation was fast. Easy to scan and easy to generate reports. Predefined report for the management. Also you can generate compliance reports.
We did not find problems. Nessus is working very well.
Nessus made the day easy with vulnerabilities !!!
Nessus is excellent for O/S vulnerability detection. Compared to other scanners Nessus provide less false positives. Reports needs to improve. It is better if nessus professional have option to track an assets progress over the time with vulnerability management features. Scanner is quiet faster compared to other scanners and worth for money you pay.
Nessus professional is a leading vulnerability scanner and can be easily deployed. It can be installed on both windows and Linux environments. Interfaces are simple and easy to navigate. It provides vulnerabilities and recommendation with detail descriptions. You can purchase the product according to the size of your network. Nessus professional supports integration with SIEMs . Nessus agents are doing great job and can be used to continuously monitor the network.
Nessus professional doesn't provide overall visibility of an asset with the time. No trend information available and cannot track whether asset has reduce vulnerabilities over the time. I'm not satisfied with given reports and need to improve the reports. It is better if they can fine tune the compliance reports. Web assessments area is still weak on Nessus. It can not conduct comprehensive assessments against web applications. Card data discover plugin is bit difficult to configure and we didn't get the expected results.
Worth the purchase for Vulnerability assessment
Overall the scan results are very efficient and reports generated are very effective in securing the network assets of an organization. The setup was easier and application is user-friendly once you get the hang of it.
The application is very useful in findings for vulnerabilities in the network assets and reporting them with quality reports containing where exactly the issues are found and its mitigation.
The tool updates are very relevant and even reports zero day vulnerabilities for particular software and technologies made use by the network asset. It covers almost all the security issues present in a network device or servers with proper credentialed scans.
The application has to be kept up to date for covering all the latest patch vulnerabilities and it lists even ssl and ssh related vulnerabilities for database servers or internal routers, so our team has to identify the necessary findings to report to customer.
Nessus Vulnerability Scanner
Its a good tool but in my personal opinion using the free version of software is enough for testing purposes.
- Ease of use for non-authenticated scans
- Trusted in case of Network Infrastructure Scanning
- Can scan almost everything on a network
- Can take a subnet or range for scanning in one go
- Needs improvement in case of web application scan and authenticated scan.
- Very difficult to schedule an authenticated scan for a web application
- There are some other tools that take login URL and landing URL. Meanwhile prevents the logout URL for session termination itself which increses ease for users
Easy to Use Vulnerability Scanner
Good canned reports and dashboards, which show where your critical risks are. Ability to export date into CSV or Excel format was welcome and made manipulating data easier.
What I like most about Nessus is that they have many plugins available for the various vulnerabilities that are out there. The ability to scan static and dynamic asset lists is great. The ability to schedule recurring scan jobs is helpful and aids in the scanning of systems. Integration with ticketing systems such as ServiceNow is also great.
It would be nice if their website had the published or revised date of their plugins. Resolving issues related to their Nessus Agents would also be nice. The UI could be improved so that queries didn't take so long. It would be nice if there was an easy way to purge old data associated with particular IPs.
One of the best vulnerability scanners
Nessus has allowed us in the company to develop a timely remediation system, since with the results of the scanners our clients can manage the remediation in a more timely manner without needing to apply more invasive policies on the client. Additionally it has helped us that the scans can be done in a short period of time in comparison to others in the market and in this way improve our service.
This product is one of the best network scanners on the market. After properly installing the server with the scanner in the network and placing the credentials of the administrator, the system works perfectly. Vulnerability scanning and compliance scanning are executed properly, all the standards included in Nessus are very useful.
The vulnerability scanner is not totally accurate in some situations and some results must be checked to verify the vulnerability. Therefore, it is possible that there are false positives. Many times the supplements are not updated in a timely manner and this hurts even more with the false positives generated.
Most comprehensive tool for security and compliance assesments
Best money/capabilities balance.
Tenable products dictates market standard for securty assesment. Nessus Profesional is part of that family. It has simillar capabilities like Tenable.io but can be run inside your datacenter as a stand alone solution. It's easy to configure, reliable and what's most importand it will give you a hint how to solve every voulnerability detected inside your infrastructure.
It misses some interesting predefined reports and usefull configuration options comparing to Tenable.io.
Best tool in the market for Vulnerability scanning
It is very much efficient than any other tools offered by the competitors in scanning.
Overall Value for money solution for VA scans in enterprise
It has up to date plugins to scan latest vulnerabilities or malwares are in the market.
Plugins are updated every week to cover latest vulnerabilities.
It can scan the scope system based on various standards like PCI DSS and HIPAA which other scanners in the market don't have.
It performs credentials scans which other scanners like Qualys,Openvas doesn’t offer.
Nessus doesn’t detect any active protection on scope system which can block the credential scan.
It cannot scan device if the 2FA is implemented on the scope system.
Nessus, Finding all those vulnerabilities!
Tenable is one of the best scanners out there to me. Easy to use and easy to hire people with experience in it
Nessus is great about releasing new plugins for vulns. It's lightweight and has an agent option or a hardware scanner option. The cost is pretty standard.
The reports that tenable can generate are lack luster at best. We use the API to pull the info we want, but that takes more work and development time than we like
Vulnerability Management from the Pioneers of VM
Vulnerabilities across the network, devices and the whole environment. Secyrity needs to be based on several systems that can consolidate data about your security posture and with NEssus is a great place to start when you do not have visibility on what is happening further that your PC and internet.
Trust on leader on VM market and movement
Plugins updated daily so, threats and breaches can be identified as they are scanned into the environment
Using Nessus Manager you can deploy scanners and agents across subnets, you can schedule multiple scans in your environment
Best in class configuration audit data base for compliance check
Credential and uncredential scans
Agents for sensitive devices or services that can be affected by an active scan or are in transit
Nessus in the Pro version is limited to one user
Not follow up or comparison between latest scan and recent
IP address Change on the network or location increase the IP count even when it is the same device
reports customizing can be difficult depending on what is expected to have
you are not aware that a specific device or service can be sensitive to Nessus untill you finish with the service stopped or the performance of a service gets compromised.
Great vulnerability assessment tool
Very good tool to perform vulnerability assessment for home users to business users.
It supports from simple host discovery scans to detailed vulnerability scans like malware scan, credential path audit. This tool can also perform scan to test the latest vulnerabilities like Meltdown and Spectre and WannaCry ransomware etc.
This vulnerability scanner has almost up-to-date plugins. The plugins are updated almost daily to weekly to scan the latest vulnerabilities in the market.
Nessus scanner can perform the vulnerability scan for various operating systems like: Windows, Amazon linux, CentOS, FreeBSD, MacOS, Redhat, Debian etc
It also supports vulnerability scan for various compliance standards like PCI DSS.
This scanner can also perform credential based scan on the target machine.
The major advantage is, this scanner gives the most accurate vulnerability details about the machine with very few false positives which other scanners in the market fails to do.
The professional version of this tool is very costly.
It yet doesn’t support credential based scan for machines which have 2 factor authentication implemented on it.
Nessus An Excellent Tool For The Vulnerability Management Process Of Any Company.
Nessus it’s an excellent tool for the vulnerability management process of any company. Its super easy to use and implement on any network, and the tenable university and the community it’s a plus that make it even easier. There are many way how to export the result of any scan, but the best are in HTML and PDF, because are easy to understand and explain to any person. I really like it and going to continue using it
That it was really easy to implement and use
The reports are very basic and need to improve.
Great audit tool
After comparing it with other tools, in relation to quality / price it is a great tool beating its competitors in price
A very low false positive rate and a very intuitive interface
It would be desirable to make comparisons possible between different audits over time
Enterprise-grade vulnerability scanner
Nessus provides me with an in-depth overview of the vulnerabilities of every asset in the organization. The vulnerability management system integrated with it makes prioritization very easy, so you can quick work progressively towards a secure environment.
Very easy to use. Very easy to configure a scan. Very easy to export a report and data about a scan. Very easy to customize scan templates. You can also create your own audit templates, so you can customize this tool for the specific policies of the organization. If you get to know the ins and outs of the scanner, you can get the most value from it.
Most of the time the documentation is incomplete if you get picky with the use cases. Support via Tenable Support Portal has been very slow lately, it seems like if they had a single person to handle all the support cases they have everyday. It used to be slow, but that's been improved a lot in the latest version I've used (7.0.2).
It is very useful for sever scanning for protecting user information. In addition, Nessus will give clear devices scanning for data base scanning and firewall scanning. This is very ideal for security auditors and cyber security analysts. Nessus tool gives recommendation for fixe the bug.
Nessus is a vulnerability Scanning tool helps to identify Known Vulnerabilities, Malware, Patches and etc. There is a free trial version every use can use. Nessus can work under any OS version. It is very helpful to protect our PC and Servers from any fraud or threat. Simply it’s very effective and compliance with user preference.
In the paid version includes more features than trial one but license cost is higher. It takes too much time to scan security devices.
Nessus Professional On Premise
I currently use it to perform vulnerability assessments towards the customers' targets.
The results are usually accurate but it's always better to evaluate them manually to confirm/deny their existence.
The readability of the results is much easier through the Nessus interface than via the exported reports (PDF or HTML).
Very frequent vulnerability database updates
Easy to use
Some false positives
Some false negatives
Running it in a virtual machine in NAT configuration sometimes does not give results as good as in bridge mode
The reporting phase could be much better and should be more customizable
Great product and easy to set up and use.
It did what it was advertised to do and did it well. The updates to the plugins were done regularly and it found everything out there that was a vulnerability
Lacked reporting module that helped show more of the picture for non technical people and pretty graphs. To get those you needed to move to Tenable.io or SecurityCenter.
Scanning for vulnerabilities
Even though it is time consuming when a scan is running, the end result is pretty amazing. It's great using Nessus.
I use this scanner often to scan web application and also to run other scans. It provides the best results and it is really helpful as this also saves some time. There's are variety of scanning types available in this scanner and after scanning it gives a full report including the url when scanning a web application.
It takes a really long time when doing a scan but
THE vulnerability scanning software to beat
Nessus is the gold standard of vulnerability scanning. A robust solution, highly customizable for every organization with cloud, on prem and client install options.
Without the local client or group policy that shuts off wifi when your on wired you may get hit with 2 licenses per device because it sees both the wireless and wired instance. Something to know going into it if you are buying.