Nessus Description

More than 30,000 organizations around the world trust Nessus as the most widely used security technology on the planet. It is also the gold standard in vulnerability assessment. Since the beginning, we have worked closely with the security community. Nessus is continuously optimized based on community feedback in order to provide the best vulnerability assessment solution available. Twenty years later, we are still focused on community collaboration and product innovations to provide the most complete and accurate vulnerability data. This will ensure that you don't miss critical issues that could expose your organization's vulnerabilities. Today, Nessus has been trusted by over 30,000 organizations around the world as the best vulnerability assessment tool and security technology.

Pricing

Free Trial:
Yes

Integrations

Reviews - 7 Verified Reviews

Total
ease
features
design
support

Company Details

Company:
Tenable
Year Founded:
2002
Headquarters:
United States
Website:
www.tenable.com/products/nessus

Media

Nessus Screenshot 1
Recommended Products
Multi-Tenant Analytics Software Built for Development Teams Icon
Multi-Tenant Analytics Software Built for Development Teams

Qrvey is the only solution for embedded analytics with a built-in data lake.

Qrvey saves engineering teams time and money with a turnkey solution connecting your data warehouse to your SaaS application.
Try Developer Playground

Product Details

Platforms
SaaS
Windows
Customer Support
Online

Nessus Features and Options

Network Monitoring Software

Bandwidth Monitoring
Baseline Manager
Diagnostic Tools
IP Address Monitoring
Internet Usage Monitoring
Real Time Analytics
Resource Management
SLA Monitoring
Server Monitoring
Uptime Monitoring
Web Traffic Reporting

Vulnerability Management Software

Asset Discovery
Asset Tagging
Network Scanning
Patch Management
Policy Management
Prioritization
Risk Management
Vulnerability Assessment
Web Scanning

Network Security Software

Access Control
Analytics / Reporting
Firewalls
Internet Usage Monitoring
Intrusion Detection System
Threat Response
VPN
Vulnerability Scanning

Vulnerability Scanners

Asset Discovery
Black Box Scanning
Compliance Monitoring
Continuous Monitoring
Defect Tracking
Interactive Scanning
Logging and Reporting
Network Mapping
Perimeter Scanning
Risk Analysis
Threat Intelligence
Web Inspection

Nessus Lists

Nessus User Reviews

Write a Review
  • Name: Raja G.
    Job Title: Assistant Technical Manager
    Length of product use: 2+ Years
    Used How Often?: Weekly
    Role: Administrator
    Organization Size: 5,000 - 9,999
    Features
    Design
    Ease
    Pricing
    Support
    Likelihood to Recommend to Others
    1 2 3 4 5 6 7 8 9 10

    Comprehensive Vulnerability Scanning Made Easy

    Date: Nov 21 2024

    Summary: Nessus Professional is a dependable and powerful vulnerability assessment solution that provides wide scanning capabilities and detailed reports to ease security management. It supports a wide range of plugins, updates quickly, and detects vulnerabilities efficiently, making it excellent for proactive threat prevention. Overall, it is a strong option for those who are looking for a reliable solution to improve corporate security posture

    Positive: Customizable Scans
    Wide Platform Support
    Pre-built policies and Templates like PCI DSS and HIPAA
    Frequent Plugin Updates
    Active and Passive Detection
    Comprehensive Vulnerability Coverage

    Negative: Limited Automation
    Custom Scripting Complexity
    No Built-In Patch Management
    Limited Cloud Integration
    False Positives

    Read More...
  • Name: Venkateswaran J.
    Job Title: Senior Software Engineer
    Length of product use: 2+ Years
    Used How Often?: Daily
    Role: User
    Organization Size: 5,000 - 9,999
    Features
    Design
    Ease
    Pricing
    Support
    Likelihood to Recommend to Others
    1 2 3 4 5 6 7 8 9 10

    Nessus for Beginners and Experts

    Date: Nov 19 2024

    Summary: Nessus provides clear risk scores and metrics, allowing security teams to prioritize vulnerabilities effectively based on severity and impact.
    Reports generated by Nessus are highly customizable, catering to different audiences such as technical teams, management, or compliance officers, with tailored insights.

    Positive: Nessus supports a wide range of operating systems and devices, making it versatile for diverse IT environments.
    Nessus benefits from an active community of users and professional support, ensuring that users can find solutions and best practices when needed.
    Nessus provides the flexibility to perform both agent-based scans for systems that require persistent monitoring and agentless scans for systems where installing an agent is impractical.

    Negative: The basic version of Nessus is free for limited use, accessing advanced features like compliance checks and extended reporting in Nessus Professional requires a subscription, which may not suit smaller organizations with tight budgets.
    Nessus scans can consume significant network and system resources, potentially slowing down operations or affecting the performance of critical systems during scans.

    Read More...
  • Name: Maheswaran J.
    Job Title: Senior Technical Engineer
    Length of product use: 2+ Years
    Used How Often?: Daily
    Role: User, Administrator
    Organization Size: 5,000 - 9,999
    Features
    Design
    Ease
    Pricing
    Support
    Likelihood to Recommend to Others
    1 2 3 4 5 6 7 8 9 10

    Overview of Nessus as a Vulnerability Assessment Tool

    Edited: Nov 19 2024

    Summary: Nessus is designed to perform vulnerability scans efficiently, even in large networks, minimizing downtime and ensuring timely results.
    Nessus supports an extensive range of protocols, including SSH, SNMP, and HTTPS, enabling comprehensive scanning of diverse systems and environments.
    In addition to vulnerability detection, Nessus evaluates system configurations to identify potential misconfigurations that could lead to breaches.

    Positive: Nessus allows users to customize scans based on specific needs, such as targeting particular devices, IP ranges, or specific types of vulnerabilities.
    Nessus provides detailed, automated reports that include actionable recommendations, helping organizations prioritize and remediate vulnerabilities quickly.
    Nessus is lightweight and easy to deploy, making it accessible for organizations of various sizes without requiring extensive resources.

    Negative: Nessus relies on regular updates for its plugins to stay effective. Systems without consistent internet access may struggle to maintain up-to-date scanning capabilities.
    Nessus is designed for periodic vulnerability scanning rather than continuous real-time monitoring, which could leave gaps in detecting newly introduced threats.

    Read More...
  • Name: Saravanan B.
    Job Title: Senior Technical Engineer
    Length of product use: 2+ Years
    Used How Often?: Daily
    Role: Administrator
    Organization Size: 1,000 - 4,999
    Features
    Design
    Ease
    Pricing
    Support
    Likelihood to Recommend to Others
    1 2 3 4 5 6 7 8 9 10

    Nessus review

    Date: Nov 15 2024

    Summary: Nessus is a powerful and widely trusted vulnerability scanning tool known for its comprehensive coverage of security vulnerabilities, ease of use, and low false positive rate. It is particularly well-suited for small to medium-sized organizations or as part of a broader security program in larger enterprises. However, it does have some drawbacks, including being resource-intensive, lacking advanced web application security testing features, and offering no built-in patch management. Additionally, the tool can be costly for larger networks, and its free version comes with significant limitations. While Nessus is highly effective in identifying and prioritizing vulnerabilities, it may require additional tools or integrations for more specialized use cases, such as web application security or enterprise-scale vulnerability management. Despite these limitations, it remains a solid choice for vulnerability assessment and is widely regarded for its accuracy, regular updates, and strong reporting capabilities

    Positive: Nessus excels at identifying vulnerabilities in systems across a wide range of platforms, including operating systems, databases, network devices, and web applications. It checks for known vulnerabilities using both signature-based and heuristic-based scanning techniques

    Nessus can perform configuration audits by comparing system settings against industry best practices (e.g., CIS Benchmarks, DISA STIGs). This allows organizations to enforce security policies and ensure that systems are configured securely

    By providing Nessus with valid credentials (such as admin-level access), it can perform more in-depth scans and accurately identify vulnerabilities that require elevated privileges.

    Nessus can integrate with other security solutions such as SIEMs (Security Information and Event Management systems), ticketing systems (e.g., ServiceNow, Jira), and other vulnerability management tools. This helps automate workflows and streamline vulnerability remediation.

    Nessus offers an intuitive user interface with a simple setup process, making it accessible even to organizations without a dedicated security team. The interface provides easy access to scan configurations, reports, and plugin management.

    Negative: Nessus can be resource-heavy, especially when performing in-depth scans or scanning large environments. High network bandwidth and processing power are required to perform large-scale scans without negatively impacting system performance. In environments with limited resources, this could slow down network operations or impact system stability

    While Nessus does offer some web application scanning capabilities (e.g., detecting SQL injection, XSS, etc.), it is not as specialized or comprehensive as dedicated web application security testing tools like Burp Suite or OWASP ZAP. Organizations with a heavy focus on web applications may find Nessus lacking in depth for these specific needs

    Read More...
  • Name: Naveen B.
    Job Title: Technical Engineer
    Length of product use: 1-2 Years
    Used How Often?: Daily
    Role: User, Administrator
    Organization Size: 1,000 - 4,999
    Features
    Design
    Ease
    Pricing
    Support
    Likelihood to Recommend to Others
    1 2 3 4 5 6 7 8 9 10

    Powerful Vulnerability Scanning with Comprehensive Coverage and Easy Integration

    Date: Nov 13 2024

    Summary: Nessus is a highly effective and reliable vulnerability scanning tool, offering comprehensive coverage, regular updates, and detailed reporting. It is particularly well-suited for small to mid-sized organizations or security professionals looking to identify and address security risks. However, its paid Pro version can be costly, and its complex interface and resource demands may present challenges for beginners or those with limited resources. While Nessus excels in functionality, its scalability for larger enterprise environments and occasional false positives may limit its suitability for some users. Despite these drawbacks, Nessus remains a trusted choice for vulnerability management.

    Positive: 1) Nessus provides in-depth vulnerability scanning across a wide range of systems, applications, and devices, helping identify potential security risks quickly and thoroughly.
    2) The vulnerability database is constantly updated, ensuring that the scanner detects the latest threats and vulnerabilities, which is crucial for maintaining up-to-date security.
    3) The interface is intuitive and easy to navigate, even for users who aren’t security experts. It’s simple to run scans, view results, and take action based on the findings.
    4) Nessus offers flexibility with customizable scanning profiles, allowing users to tailor scans to specific needs, whether it’s targeting particular systems, vulnerabilities, or compliance requirements.
    5) The reports generated by Nessus are detailed and clear, offering actionable insights and prioritizing vulnerabilities based on severity. This helps teams address the most critical issues first.

    Negative: 1) While Nessus does integrate with some third-party tools, its integration options are more limited compared to some other vulnerability management platforms, which might be a drawback for larger organizations with complex IT environments.
    2) Nessus can struggle with scaling up for very large, complex environments or enterprise-level networks, where more robust vulnerability management platforms might be better suited.

    Read More...
  • Name: Terry I.
    Job Title: IT Specialist
    Length of product use: Less than 6 months
    Used How Often?: Daily
    Role: User, Administrator, Deployment
    Organization Size: 100 - 499
    Features
    Design
    Ease
    Pricing
    Support
    Likelihood to Recommend to Others
    1 2 3 4 5 6 7 8 9 10

    Amazing, but pricey for small organizations

    Date: Dec 30 2020

    Summary: Despite how displeased I was with the free trial (they're like a crack dealer, offer you enough taste to get you hooked, then demand exorbitant amounts of cash to give you your fix) I was able to convince my organization to purchase a license. It has been immensely helpful in identifying vulnerabilities and has enabled our configuration management and system deployment standards to be much more extensive.

    Positive: In depth vulnerability scanning with very usable results in easy to read formats and reports that you can drill down into. Very detailed information for how quick the scan is.

    Negative: The free trial sucked. Not only is it limited to 7 days, but you can't even try the full feature set for that 7 days. It's limited to reporting on the first 16 devices it detects. Unfortunately on my network, it didn't make it to any servers before hitting that limit, so I only got info on workstations, a printer and a credit card reader. At least give me 1 full scan of my network so I can compare workstations to servers, or give me the ability to go back and pick certain IP addresses to scan, maybe via csv file upload?

    Read More...
  • Name: Anonymous (Verified)
    Job Title: Information Security Analyst
    Length of product use: 6-12 Months
    Used How Often?: Weekly
    Role: User
    Organization Size: 100 - 499
    Likelihood to Recommend to Others
    1 2 3 4 5 6 7 8 9 10

    Helps ensure all your enterprise devices are within compliance

    Date: Aug 22 2020

    Summary: When your enterprise has thousands of devices distributed across different business units and in different locations, you really do need something like Nessus. It can identify threats in the wild, but we mainly appreciated its ability to identify configurations.

    Positive: 2018 was a year of almost back-to-back computer security issues. First you had computer systems admins scrambling to protect against ransomware following the prior year's high profile Wannacry attacks, then you got hit with Meltdown and Spectre. With the latter two it became super important to make sure all devices were patched, which wasn't without its own headaches - the patches reduced CPU performance. Anyways, we used Nessus to scan all the devices connected to our network and identify which ones needed the patches.

    Negative: It's supposed to be possible to create custom scanning rules and similar, it's called a Nessus Plugin policy, but we were shortstaffed at the time and none of us could really get it to work. So can't say it's the most intuitive.

    Read More...
  • Previous
  • You're on page 1
  • Next