Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Vulnerability Assessment

CVE coverage

47,000+ CVEs – the most in the industry

< 26,000 CVEs

< 38,000 CVEs

Scanning accuracy

Industry's lowest false-positive rate – better than six-sigma accuracy1

Not published

Not published; customers report many false-positives

Speed of vulnerability check release

New vulnerability checks (plugins) released within an average of 24 hours of vuln disclosure

Not published

Not published

Pre-built scan templates

Templates for major vulnerabilities (WannaCry, Spectre & Meltdown, etc.), SCAP and OVAL auditing, and more
[click for screenshot]

No pre-built templates for WannaCry, Spectre & Meltdown, etc.

No pre-built templates for WannaCry, Spectre & Meltdown, etc.

Live Results

Live Results identifies vulnerabilities using existing scan data with new plugin updates, for real-time visibility
[click for screenshot]

Not available

Not available

Vulnerability grouping

Grouped View presents similar vulnerabilities in a single thread for ease of management
[click for screenshot]

Not available

Not available

Security Configuration Assessment/Audit (SCA)

Pre-built compliance and configuration assessment templates

700+ compliance and configuration templates (CIS, DISA STIG, HIPAA, PCI DSS, USGCB, FDCC, and more) – at no extra cost

Very limited set of configuration templates included. No support for CIS, DISA STIG, USGCB, or FDCC audits.

Limited set of configuration templates included. CIS, USGCB, FDCC, and custom policies available for an additional cost (Policy Manager license).

Reporting and User Interface

Flexible report creation

Pre-built report templates simplify report creation. Reports can be tailored based on customized views by team or client.
[click for screenshot]

Limited report templates and filtering capabilities

Pre-built report templates. Reports can be created and tailored based on customized views.

Report export formats

HTML, CSV, PDF, .Nessus XML, and Nessus DB

HTML, PDF, XML, and text

HTML, CSV, PDF, XML, and RTF/text

Branded reports

Option to add personal branding (name/logo)

Not available

Not available

Automatic email distribution of reports after scans finish

Included

Not available

Not available

Quality of user interface

Modern user interface
[click for screenshot]

Outdated user interface

Modern user interface

Security Research

Expert security research

Tenable Research provides essential vulnerability and threat intelligence and has discovered hundreds of new vulnerabilities

None

Rapid7 maintains a respected security research team

Platform Support

Supported operating systems

Debian / Kali Linux (several versions), Red Hat EL (several), CentOS (several), Oracle Linux (several), FreeBSD (several), Fedora (several), SUSE Linux Enterprise (several), Ubuntu (several), Windows Server (2008, 2008 R2, 2012, 2012 R2, 2016), Windows (7, 8, 10)

Users must build their own OpenVAS binaries from source code or use non-supported community packages.
Does not run on Windows.

Red Hat EL (several), CentOS (v7 only), Oracle Linux (v7 only), Ubuntu (several), Windows Server (2008 R2, 2012 R2, 2016), Windows (7, 8.1, 10)

Deployment options

Live USB drive, cloud, or traditional install

Traditional install

Cloud or traditional install

Total Cost of Ownership (TCO)

Cost of acquiring, operating, and supporting product

Nessus Professional subscription: <$3,000/year for unlimited IPs.
Extensive pre-built capabilities, automation, and vendor support minimize manual effort.

Free to download.2
Significant manual work required to deploy, operate, and self-support.

Nexpose subscription:
500-IP license starts at >$10,000/year and increases significantly with IPs.
Extra cost for Policy Manager.
Limited pre-built capabilities, automation, and vendor support.

Product Viability

Product investment

Tenable is investing heavily in Nessus – with 1 major release, 2 minor releases, and 9 “dot” releases in 2018 alone

OpenVAS has issued just 2 releases in the last 4 years

Rapid7 appears to be phasing out Nexpose, which is no longer listed on its Products page.

Industry Adoption

Paid customers

27,000+3

N/A

<7,1004

Cumulative downloads

Nearly 2 million

Not published

Not published

#1 market share for application VA5

No

No

1Approximately 0.32 defects per 1 million scans
2Greenbone offers a supported version of OpenVAS which starts at $6,200 for one year, for up to 300 IPs. Greenbone for 6,000 IPs costs $37,500 for one year.
3Source: https://www.tenable.com/about-tenable/about-us. Virtually all Tenable customers are using Nessus or a product built on Nessus technology.
4Source: https://www.rapid7.com/about/customers. Not all of Rapid7’s customers are using Nexpose (or InsightVM).
5According to Cybersecurity Insiders survey, August 2018: https://www.tenable.com/whitepapers/cybersecurity-insiders-2018-application-security-report
All product names, logos, and brands are property of their respective owners.

Get the power of Nessus Professional today

Try for Free Buy Now

Looking for a comprehensive vulnerability management solution?

Consider Tenable.sc (on-premises) or Tenable.io (cloud-based) for complete vulnerability management – including extensive security and compliance dashboards, agents, multi-scanner support, cloud and container scanning, and more.

Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.