Nessus

Avantages

facile a installer et a utiliser dans un centre SOC

Inconvénients

parfois il y a des faux positifs qu'il faut les separer manuellement

Avantages

Sa facilité d'installation et d'utilisation.

Inconvénients

Certains paramètres essentiels sont manquants ou mal documentés

Avantages

I like how you get an alert promptly when nessus detects an attack on any of your systems. I also like the wide variety of plug ins made available by nessus for specific vulnerabilities. I'm also impressed with how nessus allows you to create your own tests related to you company. I like how it is always releasing updates on new vulnerabilities which you can check in your systems. Nessus provides suggestions for alleviating detected vulnerabilities in your systems.

Inconvénients

Nessus still has the issue of false positives which is common in most vulnerability scanners whereby nessus detects vulnerabilities that are not present. It is not user friendly in terms of costs since it is expensive if you want to access more features through the paid versions. Aside from that, I am certain that we have been able to get the best from this tool.

Avantages

Ease of use and variety of dashboards we can make.

Inconvénients

UI can be improved a bit features like customizing themes, colors/tool bars can be added more frequently.

Avantages

Nessus is easy to use and easy to deploy vulnerability assessment solution available. One of the best features is nessus can be easily deployed to air gapped environments without much changes to the environment.

Inconvénients

Nessus has limited reporting and vulnerability management features as compared to other tools.

Avantages

Nessus and its graphical interface is attractive, I would say that minimalist but punctual and charming, it is very clean, it should be applauded that in each version they improve it and include some types of scans that can bring you more complete results when you carry out an analysis. It is very remarkable that the plugins in your database are up to date and that your community generates an adequate response on time.

Inconvénients

For now all the experience I have with Nessus has been nice, with the constancy that you have in your team working every day to improve it I know it will be a good tool for vulnerability detection.

Avantages

First, it was free for us to use since we a government entity, and I was able to get training on the product.
It is relatively easy to use once everything is set up, and it can scan just about anything.

Inconvénients

The initial setup can be a chore. Adding scan zones and repositories, as well as having to update plugins on a regular basis. Also, sometimes scans fail with very little information as to why.

Avantages

- Ease of use for non-authenticated scans
- Trusted in case of Network Infrastructure Scanning
- Can scan almost everything on a network
- Can take a subnet or range for scanning in one go

Inconvénients

- Needs improvement in case of web application scan and authenticated scan.
- Very difficult to schedule an authenticated scan for a web application
- There are some other tools that take login URL and landing URL. Meanwhile prevents the logout URL for session termination itself which increses ease for users

Avantages

Trust on leader on VM market and movement
Plugins updated daily so, threats and breaches can be identified as they are scanned into the environment
Using Nessus Manager you can deploy scanners and agents across subnets, you can schedule multiple scans in your environment
Best in class configuration audit data base for compliance check
Credential and uncredential scans
Agents for sensitive devices or services that can be affected by an active scan or are in transit

Inconvénients

Nessus in the Pro version is limited to one user
Not follow up or comparison between latest scan and recent
IP address Change on the network or location increase the IP count even when it is the same device
reports customizing can be difficult depending on what is expected to have
invasive scan.
you are not aware that a specific device or service can be sensitive to Nessus untill you finish with the service stopped or the performance of a service gets compromised.

Avantages

It supports from simple host discovery scans to detailed vulnerability scans like malware scan, credential path audit. This tool can also perform scan to test the latest vulnerabilities like Meltdown and Spectre and WannaCry ransomware etc.

This vulnerability scanner has almost up-to-date plugins. The plugins are updated almost daily to weekly to scan the latest vulnerabilities in the market.

Nessus scanner can perform the vulnerability scan for various operating systems like: Windows, Amazon linux, CentOS, FreeBSD, MacOS, Redhat, Debian etc

It also supports vulnerability scan for various compliance standards like PCI DSS.

This scanner can also perform credential based scan on the target machine.

The major advantage is, this scanner gives the most accurate vulnerability details about the machine with very few false positives which other scanners in the market fails to do.

Inconvénients

The professional version of this tool is very costly.

It yet doesn’t support credential based scan for machines which have 2 factor authentication implemented on it.

Avantages

Very easy to use. Very easy to configure a scan. Very easy to export a report and data about a scan. Very easy to customize scan templates. You can also create your own audit templates, so you can customize this tool for the specific policies of the organization. If you get to know the ins and outs of the scanner, you can get the most value from it.

Inconvénients

Most of the time the documentation is incomplete if you get picky with the use cases. Support via Tenable Support Portal has been very slow lately, it seems like if they had a single person to handle all the support cases they have everyday. It used to be slow, but that's been improved a lot in the latest version I've used (7.0.2).

Avantages

It's Simplicity of use to the user, great tool for vulnerability scanning for any enterprise. the reports are detailed and easy to understand

Inconvénients

So far there is not much but if it has the function to record the previous records it will be better

Avantages

Among the strong points of Nessus we can certainly mention its user-friendliness, the easy deployment, and the very accurate reporting.

Inconvénients

The only flaw of Nessus is that if you don't purchase the "Tenable Web App Scanning" subscription, doing authenticated scans on web apps (especially if they implement authentication mechanisms such as SSO) presents problems, since even specifying credentials (or cookies) it can happen that Nessus fails to authenticate.

Avantages

This software is great for new bees and profressionals in network penetration testing. I would like to share some highlights and good points I feel:
1. The UI is really good and easy to use.
2. The results are shown in an organized manner.
3. Reports can be easily shared with excel exports.
4. Vulebrabilities are prioritized for you with Critical, High, Medium and Low. (CVEs results)
5. Scheduling time and date.
6. Sharing it with the team - nice access management.

Inconvénients

With the product proven to be great, some drawbacks of this product are:
1. False Positives are present, and its not your only tool to rely for a pentest.
2. It is not a web application scanner, its mainly a network scan. So if you are expecting to work like any other web app OWASP scanner, its not.

Avantages

vulnerability scans and classification is nice with poc

Inconvénients

vulnerability management is not included in nessus pro, only io or sc has it

Avantages

Tenable products dictates market standard for securty assesment. Nessus Profesional is part of that family. It has simillar capabilities like Tenable.io but can be run inside your datacenter as a stand alone solution. It's easy to configure, reliable and what's most importand it will give you a hint how to solve every voulnerability detected inside your infrastructure.

Inconvénients

It misses some interesting predefined reports and usefull configuration options comparing to Tenable.io.

Avantages

I used Nessus everyday and the UI is very friendly and easy to use.

Inconvénients

It took Tenable after placing the order and while to get the license key. It took abit of back and forth to get an admin account but once created it was easy to use and set up team members

Avantages

Nessus is a vulnerability Scanning tool helps to identify Known Vulnerabilities, Malware, Patches and etc. There is a free trial version every use can use. Nessus can work under any OS version. It is very helpful to protect our PC and Servers from any fraud or threat. Simply it’s very effective and compliance with user preference.

Inconvénients

In the paid version includes more features than trial one but license cost is higher. It takes too much time to scan security devices.

Avantages

Nessus gives you scan presets that are designed for each compliance body such as PCI, HIPAA, NIST etc. Administrators can easily select the patch level and run the vulnerability assessments. And even you can customize it as per your requirement too.

Inconvénients

Nessus scanner becomes bit laggy when it comes to scanning of nodes with large data sets and applications.

Avantages

Nessus allows you to perform both authenticated and unauthenticated scans for a list of hosts within your network to check for potential vulnerabilities and missing patches, out dated software etc. The post presentation so nicely done and all referrals are there to plan out the remediation process if there are any.

Inconvénients

You have to have a powerful rig to get the most out of this software since it's a bit CPU hungry. It'll get days to run a scan for 100 hosts if you have low end system.

Avantages

The price. Dashboards. Very fast scans and very detailed reports.

Inconvénients

User group management can be more efficient.

Alternatives envisagées 

Pourquoi passer à Nessus

Avantages

Nessus is very unique and has a user-friendly interface. Also, the deployment is very easy and we can update plugins by using GUI.

Inconvénients

As per my 2+ years of experience with the Nessus tool, sometimes it contains false-positive results. Therefore, we need to manually go through all results before submitting them to our customers.

Avantages

Nessus is very easy to use and it houses a lot of known vulnerabilities. Reporting from a scan couldn't be easier. Timely updates are also necessary for any vulnerability scanner worth its salt, and Nessus updates regularly to cover any emerging threats in a timely manner.

Inconvénients

For the paid version its pricey but you can't put a price tag on keeping things secure. My experience lies in the free version that is available for home use. It requires you to request a key, which is fine but it took close to 3 days for the email to be sent with the key. I'm hoping this was a fluke but it was unfortunate.

Occasional bugs have also occurred, but what software doesn't have the occasional bug.

Avantages

Very frequent vulnerability database updates
Easy to use
Good pricing

Inconvénients

Some false positives
Some false negatives
Running it in a virtual machine in NAT configuration sometimes does not give results as good as in bridge mode
The reporting phase could be much better and should be more customizable

Avantages

Rich set of plugins and scan templates
Frequent updates
Ease of use
Fair pricing
Free version available

Inconvénients

Not the best tool for scanning web applications
Free version is quite limited (e.g. does not allow CIS benshmark scanning)