What Nessus is, and where it fits in the Tenable portfolio

Nessus is Tenable’s vulnerability scanner, and it is one piece of a larger exposure-management portfolio. Here is what it is, what it does well, and when you need the rest.

1. What Nessus is in plain terms

Nessus is a piece of software you run to find vulnerabilities on the assets you own. You point it at an IP range, a server, or a network segment, and it tells you which known weaknesses live there and how serious they are.

It is the scanning engine the whole Tenable platform is built on. Whether you buy the standalone product or the cloud platform, the engine doing the actual scanning is Nessus.

2. What Nessus actually scans and reports

Nessus checks for known vulnerabilities, missing patches, weak configuration, and policy drift against the systems you point it at. It reads the responses, matches them against a plugin database that Tenable updates daily, and produces a report.

Each finding comes with a CVE identifier when one exists, a CVSS score, and Tenable’s own Vulnerability Priority Rating (VPR) so you can sort the queue by likely real-world risk, not just severity. The output is a list you can act on: patch this server, change this setting, retire this end-of-life service.

3. The current Nessus SKUs

Tenable sells Nessus in three forms today. Pick the one that matches the work, not the badge.

Nessus Essentials is free, capped at 5 IPs, and is meant for evaluation, hobbyists, and lab use. There is a paid Essentials Plus tier at $199 a year that bumps the cap to 20 IPs and adds basic reporting. Useful for learning, not for running a business on.

Nessus Professional is the workhorse for consultants and small security teams. Unlimited IT vulnerability assessments, configuration and compliance audits, custom reporting. It runs on a workstation or server, and the licence is per-user. List price is $4,790 a year as of May 2026.

Nessus Expert is Professional plus three things: web application scanning (5 fully qualified domains, expandable), external attack surface discovery (5 domains per quarter), and infrastructure-as-code scanning for Terraform and CloudFormation via the bundled Terrascan engine. List price is $6,790 a year. The Expert tier exists for teams whose attack surface has moved beyond a flat internal network.

4. Where Nessus stops and Tenable Vulnerability Management starts

Nessus is a single-tenant scanner. You install it, you run it, you read the report. That works fine for a consultant doing point-in-time assessments or a small team scanning a single network from one location.

It runs out of room when you need continuous scanning across many sites, role-based access for a larger team, dashboards that survive past one report, or a queryable history of every finding. That is what Tenable Vulnerability Management is for. It is the cloud platform (formerly named Tenable.io) that uses Nessus as its scanning engine but adds the management layer: continuous discovery, asset inventory, ticketing integrations, multi-user roles, trend reporting over time, and risk-based prioritization across the whole estate.

The rule of thumb: Nessus answers “what is wrong on this server today.” Tenable Vulnerability Management answers “what is the state of vulnerability across our entire stack, over time, and who is fixing what.”

5. Where Tenable Vulnerability Management stops and Tenable One starts

Tenable Vulnerability Management is excellent at one job, finding and prioritizing vulnerabilities. It does not, on its own, see cloud misconfigurations, identity weaknesses, internet-exposed assets you forgot you owned, or the way those four data sets correlate.

Tenable One is the platform that pulls those streams together. It bundles Vulnerability Management, Web App Scanning, Cloud Security (CNAPP), Identity Exposure, OT Security, External Attack Surface Management, and a set of connectors that ingest data from third-party tools. The point is correlation: a missing patch on a server matters more when that server is in a Microsoft Entra ID group with privileged access, sits behind an internet-exposed load balancer, and lives in a cloud account with a misconfigured trust policy. Tenable One is where you see those four facts on one screen.

If your security model still treats vulnerability, identity, and cloud posture as separate workstreams with separate tools and separate owners, Tenable One is the case for unifying them.

6. A decision rule for which Tenable product to buy

Pick by the shape of the problem, not the size of the logo.

• Just Nessus is enough if you run a small environment, do quarterly or ad-hoc scans, and one person reads the report.
• Nessus Expert is enough if you also need to scan web apps and check internet-exposed assets, but still as a single team running point-in-time work.
• Tenable Vulnerability Management is the right product when you need continuous scanning, a queryable history, role-based access, and reporting that does not live in a PDF.
• Tenable One is the right product when vulnerability is one of several exposure surfaces, and the value is in correlating them rather than running each tool in isolation.

Most Norwegian SMBs we talk to land at Nessus Professional or Vulnerability Management. Tenable One is a larger commitment and a different conversation.

Next action

Talk to Anders in our exposure and assessments practice if you want a second view on which Tenable SKU fits the work in front of you, sized to your stack and your team. We run Tenable end-to-end, including the platform setup and the tuning, so the recommendation comes from the people who would operate it.

If you want the deeper context, read why we picked Tenable for exposure management, and the side-by-side comparison at Nessus vs Tenable Vulnerability Management vs Tenable One.

FAQ

Can I use Nessus for free?

Yes, for evaluation. Nessus Essentials is free and scans up to 5 IPs. It is the right starting point for a home lab, a student, or a one-time proof of concept. It is not a fit for production use in a business, both because of the 5-IP cap and because the licence terms restrict commercial use. For a small paid option, Essentials Plus is $199 a year and covers 20 IPs.

Do I need Tenable One if I already have Nessus?

Not automatically. Nessus answers vulnerability questions on the assets you point it at, and for many small and mid-size teams that is the whole job. Tenable One adds value when you also need to see cloud misconfiguration, identity exposure, and external attack surface in one place, with the correlations between them. If those three streams live with three different teams and three different tools today, the case for Tenable One gets stronger.

How is Nessus different from a SaaS vulnerability scanner?

Nessus Professional and Expert run on your hardware (a laptop, server, or VM), and the licence is per-user. You manage updates and storage yourself. A SaaS scanner like Tenable Vulnerability Management runs in the vendor’s cloud, scales without local infrastructure, and supports many users with role-based access. The scanning engine is the same. The difference is who runs the management plane.

Does Nessus cover web apps and cloud?

Nessus Professional does not include web application scanning or external attack surface discovery. Nessus Expert adds web app scanning (5 domains, expandable), external attack surface scans (5 domains per quarter), and infrastructure-as-code scanning for Terraform and CloudFormation. For full cloud workload and posture coverage (CSPM, CNAPP, container security), you need Tenable Cloud Security, which is part of Tenable One.

Does Tenable Vulnerability Management still use Nessus underneath?

Yes. Tenable Vulnerability Management is built on Nessus scanning technology and managed in the cloud. The engine doing the actual scanning, plugin matching, and reporting is the same Nessus you would get standalone. The difference is the management layer wrapped around it, not the engine.