Nessus

Pros: Customizable Scans
Wide Platform Support
Pre-built policies and Templates like PCI DSS and HIPAA
Frequent Plugin Updates
Active and Passive Detection
Comprehensive Vulnerability Coverage

Cons: Limited Automation
Custom Scripting Complexity
No Built-In Patch Management
Limited Cloud Integration
False Positives

Overall: Nessus Professional is a dependable and powerful vulnerability assessment solution that provides wide scanning capabilities and detailed reports to ease security management. It supports a wide range of plugins, updates quickly, and detects vulnerabilities efficiently, making it excellent for proactive threat prevention. Overall, it is a strong option for those who are looking for a reliable solution to improve corporate security posture

Pros: Nessus supports a wide range of operating systems and devices, making it versatile for diverse IT environments.
Nessus benefits from an active community of users and professional support, ensuring that users can find solutions and best practices when needed.
Nessus provides the flexibility to perform both agent-based scans for systems that require persistent monitoring and agentless scans for systems where installing an agent is impractical.

Cons: The basic version of Nessus is free for limited use, accessing advanced features like compliance checks and extended reporting in Nessus Professional requires a subscription, which may not suit smaller organizations with tight budgets.
Nessus scans can consume significant network and system resources, potentially slowing down operations or affecting the performance of critical systems during scans.

Overall: Nessus provides clear risk scores and metrics, allowing security teams to prioritize vulnerabilities effectively based on severity and impact.
Reports generated by Nessus are highly customizable, catering to different audiences such as technical teams, management, or compliance officers, with tailored insights.

Pros: Nessus excels at identifying vulnerabilities in systems across a wide range of platforms, including operating systems, databases, network devices, and web applications. It checks for known vulnerabilities using both signature-based and heuristic-based scanning techniques

Nessus can perform configuration audits by comparing system settings against industry best practices (e.g., CIS Benchmarks, DISA STIGs). This allows organizations to enforce security policies and ensure that systems are configured securely

By providing Nessus with valid credentials (such as admin-level access), it can perform more in-depth scans and accurately identify vulnerabilities that require elevated privileges.

Nessus can integrate with other security solutions such as SIEMs (Security Information and Event Management systems), ticketing systems (e.g., ServiceNow, Jira), and other vulnerability management tools. This helps automate workflows and streamline vulnerability remediation.

Nessus offers an intuitive user interface with a simple setup process, making it accessible even to organizations without a dedicated security team. The interface provides easy access to scan configurations, reports, and plugin management.

Cons: Nessus can be resource-heavy, especially when performing in-depth scans or scanning large environments. High network bandwidth and processing power are required to perform large-scale scans without negatively impacting system performance. In environments with limited resources, this could slow down network operations or impact system stability

While Nessus does offer some web application scanning capabilities (e.g., detecting SQL injection, XSS, etc.), it is not as specialized or comprehensive as dedicated web application security testing tools like Burp Suite or OWASP ZAP. Organizations with a heavy focus on web applications may find Nessus lacking in depth for these specific needs

Overall: Nessus is a powerful and widely trusted vulnerability scanning tool known for its comprehensive coverage of security vulnerabilities, ease of use, and low false positive rate. It is particularly well-suited for small to medium-sized organizations or as part of a broader security program in larger enterprises. However, it does have some drawbacks, including being resource-intensive, lacking advanced web application security testing features, and offering no built-in patch management. Additionally, the tool can be costly for larger networks, and its free version comes with significant limitations. While Nessus is highly effective in identifying and prioritizing vulnerabilities, it may require additional tools or integrations for more specialized use cases, such as web application security or enterprise-scale vulnerability management. Despite these limitations, it remains a solid choice for vulnerability assessment and is widely regarded for its accuracy, regular updates, and strong reporting capabilities

Pros: 1) Nessus provides in-depth vulnerability scanning across a wide range of systems, applications, and devices, helping identify potential security risks quickly and thoroughly.
2) The vulnerability database is constantly updated, ensuring that the scanner detects the latest threats and vulnerabilities, which is crucial for maintaining up-to-date security.
3) The interface is intuitive and easy to navigate, even for users who aren’t security experts. It’s simple to run scans, view results, and take action based on the findings.
4) Nessus offers flexibility with customizable scanning profiles, allowing users to tailor scans to specific needs, whether it’s targeting particular systems, vulnerabilities, or compliance requirements.
5) The reports generated by Nessus are detailed and clear, offering actionable insights and prioritizing vulnerabilities based on severity. This helps teams address the most critical issues first.

Cons: 1) While Nessus does integrate with some third-party tools, its integration options are more limited compared to some other vulnerability management platforms, which might be a drawback for larger organizations with complex IT environments.
2) Nessus can struggle with scaling up for very large, complex environments or enterprise-level networks, where more robust vulnerability management platforms might be better suited.

Overall: Nessus is a highly effective and reliable vulnerability scanning tool, offering comprehensive coverage, regular updates, and detailed reporting. It is particularly well-suited for small to mid-sized organizations or security professionals looking to identify and address security risks. However, its paid Pro version can be costly, and its complex interface and resource demands may present challenges for beginners or those with limited resources. While Nessus excels in functionality, its scalability for larger enterprise environments and occasional false positives may limit its suitability for some users. Despite these drawbacks, Nessus remains a trusted choice for vulnerability management.

Pros: In depth vulnerability scanning with very usable results in easy to read formats and reports that you can drill down into. Very detailed information for how quick the scan is.

Cons: The free trial sucked. Not only is it limited to 7 days, but you can't even try the full feature set for that 7 days. It's limited to reporting on the first 16 devices it detects. Unfortunately on my network, it didn't make it to any servers before hitting that limit, so I only got info on workstations, a printer and a credit card reader. At least give me 1 full scan of my network so I can compare workstations to servers, or give me the ability to go back and pick certain IP addresses to scan, maybe via csv file upload?

Overall: Despite how displeased I was with the free trial (they're like a crack dealer, offer you enough taste to get you hooked, then demand exorbitant amounts of cash to give you your fix) I was able to convince my organization to purchase a license. It has been immensely helpful in identifying vulnerabilities and has enabled our configuration management and system deployment standards to be much more extensive.

Pros: 2018 was a year of almost back-to-back computer security issues. First you had computer systems admins scrambling to protect against ransomware following the prior year's high profile Wannacry attacks, then you got hit with Meltdown and Spectre. With the latter two it became super important to make sure all devices were patched, which wasn't without its own headaches - the patches reduced CPU performance. Anyways, we used Nessus to scan all the devices connected to our network and identify which ones needed the patches.

Cons: It's supposed to be possible to create custom scanning rules and similar, it's called a Nessus Plugin policy, but we were shortstaffed at the time and none of us could really get it to work. So can't say it's the most intuitive.

Overall: When your enterprise has thousands of devices distributed across different business units and in different locations, you really do need something like Nessus. It can identify threats in the wild, but we mainly appreciated its ability to identify configurations.