# SecurityScorecard, Whistic vs Tenable Nessus Comparison | | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Star Rating** | 4.3 out of 5 | 4.6 out of 5 | 4.5 out of 5 | | **Total Reviews** | 91 | 52 | 301 | | **Largest Market Segment** | Enterprise (48.8% of reviews) | Mid-Market (49.0% of reviews) | Mid-Market (39.4% of reviews) | | **Entry Level Price** | No pricing available | No pricing available | $3,390.00 1 License With One-Time Purchase | --- ## Top Pros & Cons ### SecurityScorecard Pros: - Security (24 reviews) - Ease of Use (17 reviews) Cons: - Lack of Clarity (4 reviews) - Limited Reporting (4 reviews) ### Whistic Pros: - Ease of Use (6 reviews) - Vendor Management (6 reviews) Cons: - Non-Intuitive Features (4 reviews) - Improvement Needed (3 reviews) ### Tenable Nessus Pros: - Vulnerability Identification (21 reviews) - Vulnerability Detection (19 reviews) Cons: - Slow Scanning (8 reviews) - Expensive (6 reviews) --- ## Ratings Comparison | Rating | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Meets Requirements** | 8.7 (76 reviews) | 9.1 (36 reviews) | 9.0 (248 reviews) | | **Ease of Use** | 9.2 (76 reviews) | 9.0 (38 reviews) | 8.9 (250 reviews) | | **Ease of Setup** | 9.2 (58 reviews) | 8.8 (30 reviews) | 8.8 (172 reviews) | | **Ease of Admin** | 8.7 (50 reviews) | 9.1 (29 reviews) | 8.9 (161 reviews) | | **Quality of Support** | 8.8 (74 reviews) | 9.5 (34 reviews) | 8.4 (229 reviews) | | **Has the product been a good partner in doing business?** | 8.8 (50 reviews) | 9.6 (27 reviews) | 8.7 (149 reviews) | | **Product Direction (% positive)** | 9.5 (75 reviews) | 10.0 (39 reviews) | 8.9 (238 reviews) | --- ## Pricing ### SecurityScorecard #### Entry-Level Pricing No pricing available #### Free Trial Yes ### Whistic #### Entry-Level Pricing No pricing available #### Free Trial Yes ### Tenable Nessus #### Entry-Level Pricing Plan: Pro - 1 Year Price: $3,390.00 1 License With One-Time Purchase Description: 1-year license of the industry-leading vulnerability assessment solution. Key Features: - Automate your vulnerability scanning process [Browse all 4 editions](https://www.g2.com/products/tenable-nessus/pricing) #### Free Trial Yes --- ## Features Comparison By Category ### Dynamic Application Security Testing (DAST) | Product | Score | Reviews | |---|---|---| | **SecurityScorecard** | N/A | N/A | | **Whistic** | N/A | N/A | | **Tenable Nessus** | N/A | N/A | #### Administration | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **API / Integrations** | Not enough data | Not enough data | Not enough data | | **Extensibility** | Not enough data | Not enough data | Not enough data | #### Analysis | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Reporting and Analytics** | Not enough data | Not enough data | Not enough data | | **Issue Tracking** | Not enough data | Not enough data | Not enough data | | **Static Code Analysis** | Not enough data | Not enough data | Not enough data | | **Vulnerability Scan** | Not enough data | Not enough data | Not enough data | | **Code Analysis** | Not enough data | Not enough data | Not enough data | #### Testing | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Manual Testing** | Not enough data | Not enough data | Not enough data | | **Test Automation** | Not enough data | Not enough data | Not enough data | | **Compliance Testing** | Not enough data | Not enough data | Not enough data | | **Black-Box Scanning** | Not enough data | Not enough data | Not enough data | | **Detection Rate** | Not enough data | Not enough data | Not enough data | | **False Positives** | Not enough data | Not enough data | Not enough data | ### Vulnerability Scanner | Product | Score | Reviews | |---|---|---| | **SecurityScorecard** | N/A | N/A | | **Whistic** | N/A | N/A | | **Tenable Nessus** | 8.2/10 | 158 | #### Performance | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Issue Tracking** | Not enough data | Not enough data | Feature Not Available | | **Detection Rate** | Not enough data | Not enough data | 8.9 (139 reviews) ✓ Verified | | **False Positives** | Not enough data | Not enough data | 6.7 (136 reviews) ✓ Verified | | **Automated Scans** | Not enough data | Not enough data | 9.0 (135 reviews) ✓ Verified | #### Network | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Compliance Testing** | Not enough data | Not enough data | 8.8 (134 reviews) ✓ Verified | | **Perimeter Scanning** | Not enough data | Not enough data | 8.8 (127 reviews) ✓ Verified | | **Configuration Monitoring** | Not enough data | Not enough data | 8.4 (110 reviews) ✓ Verified | #### Application | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Manual Application Testing** | Not enough data | Not enough data | Feature Not Available | | **Static Code Analysis** | Not enough data | Not enough data | 7.3 (83 reviews) | | **Black Box Testing** | Not enough data | Not enough data | 7.8 (102 reviews) | #### Agentic AI - Vulnerability Scanner | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | 8.1 (9 reviews) | | **Proactive Assistance** | Not enough data | Not enough data | 7.9 (8 reviews) | ### API Security | Product | Score | Reviews | |---|---|---| | **SecurityScorecard** | N/A | N/A | | **Whistic** | N/A | N/A | | **Tenable Nessus** | N/A | N/A | #### API Management | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **API Discovery** | Not enough data | Not enough data | Not enough data | | **API Monitoring** | Not enough data | Not enough data | Not enough data | | **Reporting** | Not enough data | Not enough data | Not enough data | | **Change Management** | Not enough data | Not enough data | Not enough data | #### Security Testing | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Compliance Monitoring** | Not enough data | Not enough data | Not enough data | | **API Verification** | Not enough data | Not enough data | Not enough data | | **API Testing** | Not enough data | Not enough data | Not enough data | #### Security Management | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Security and Policy Enforcement** | Not enough data | Not enough data | Not enough data | | **Anomoly Detection** | Not enough data | Not enough data | Not enough data | | **Bot Detection** | Not enough data | Not enough data | Not enough data | ### Vendor Security and Privacy Assessment | Product | Score | Reviews | |---|---|---| | **SecurityScorecard** | 8.2/10 | 21 | | **Whistic** | 8.5/10 | 32 | | **Tenable Nessus** | N/A | N/A | #### Functionality | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Customized Vendor Pages** | 8.9 (20 reviews) | 8.6 (28 reviews) | Not enough data | | **Centralized Vendor Catalog** | 8.6 (21 reviews) | 9.1 (30 reviews) | Not enough data | | **Questionnaire Templates** | 7.7 (21 reviews) | 8.9 (30 reviews) | Not enough data | | **User Access Control** | 8.7 (21 reviews) | 8.5 (31 reviews) | Not enough data | #### Risk assessment | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Risk Scoring** | 8.6 (20 reviews) | 8.6 (27 reviews) | Not enough data | | **4th Party Assessments** | 7.7 (20 reviews) | 7.6 (21 reviews) | Not enough data | | **Monitoring And Alerts** | 8.3 (20 reviews) | 8.0 (24 reviews) | Not enough data | | **AI Monitoring** | 6.7 (6 reviews) | Not enough data | Not enough data | #### Generative AI - Vendor Security and Privacy Assessment | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Text Summarization** | Not enough data | Not enough data | Not enough data | | **Text Generation** | Not enough data | Not enough data | Not enough data | ### Attack Surface Management | Product | Score | Reviews | |---|---|---| | **SecurityScorecard** | N/A | N/A | | **Whistic** | N/A | N/A | | **Tenable Nessus** | 8.3/10 | 6 | #### Asset Management | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Asset Discovery** | Not enough data | Not enough data | 6.9 (6 reviews) | | **Shadow IT Detection** | Not enough data | Not enough data | 7.5 (6 reviews) | | **Change Management** | Not enough data | Not enough data | 4.7 (6 reviews) | #### Monitoring | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Gap Analysis** | Not enough data | Not enough data | 8.3 (6 reviews) | | **Vulnerability Intelligence** | Not enough data | Not enough data | 10.0 (6 reviews) | | **Compliance Monitoring** | Not enough data | Not enough data | 8.6 (6 reviews) | | **Continuous Monitoring** | Not enough data | Not enough data | 9.2 (6 reviews) | #### Risk Management | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Risk-Prioritization** | Not enough data | Not enough data | 9.2 (6 reviews) | | **Reconnaissance** | Not enough data | Not enough data | 9.2 (6 reviews) | | **At-Risk Analysis** | Not enough data | Not enough data | 8.6 (6 reviews) | | **Threat Intelligence** | Not enough data | Not enough data | 9.4 (6 reviews) | #### Generative AI | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **AI Text Summarization** | Not enough data | Not enough data | Not enough data | ### Third Party & Supplier Risk Management | Product | Score | Reviews | |---|---|---| | **SecurityScorecard** | N/A | N/A | | **Whistic** | 7.4/10 | 11 | | **Tenable Nessus** | N/A | N/A | #### Risk Assessment | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Scoring** | Not enough data | 7.6 (9 reviews) | Not enough data | | **AI** | Not enough data | Not enough data | Not enough data | #### Risk Control | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Reviews** | Not enough data | 8.3 (10 reviews) | Not enough data | | **Policies** | Not enough data | 8.0 (9 reviews) | Not enough data | | **Workflows** | Not enough data | 7.6 (9 reviews) | Not enough data | #### Monitoring | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Vendor Performance** | Not enough data | Feature Not Available | Not enough data | | **Notifications** | Not enough data | 7.6 (9 reviews) | Not enough data | | **Oversight** | Not enough data | 7.6 (9 reviews) | Not enough data | #### Reporting | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Templates** | Not enough data | 7.4 (9 reviews) | Not enough data | | **Centralized Data** | Not enough data | 8.3 (9 reviews) | Not enough data | | **360 View** | Not enough data | 7.2 (9 reviews) | Not enough data | #### Agentic AI - Third Party & Supplier Risk Management | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Adaptive Learning** | Not enough data | Not enough data | Not enough data | | **Decision Making** | Not enough data | Not enough data | Not enough data | ### IT Risk Management | Product | Score | Reviews | |---|---|---| | **SecurityScorecard** | 7.8/10 | 6 | | **Whistic** | N/A | N/A | | **Tenable Nessus** | N/A | N/A | #### Generative AI | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **AI Text Generation** | 7.8 (6 reviews) | Not enough data | Not enough data | #### Monitoring - IT Risk Management | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **AI Monitoring** | Not enough data | Not enough data | Not enough data | #### Agentic AI - IT Risk Management | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Autonomous Task Execution** | Not enough data | Not enough data | Not enough data | | **Multi-step Planning** | Not enough data | Not enough data | Not enough data | ### Cloud Security | Product | Score | Reviews | |---|---|---| | **SecurityScorecard** | N/A | N/A | | **Whistic** | N/A | N/A | | **Tenable Nessus** | N/A | N/A | #### Cloud Visibility | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Data Discovery** | Not enough data | Not enough data | Not enough data | | **Cloud Registry** | Not enough data | Not enough data | Not enough data | | **Cloud Gap Analytics** | Not enough data | Not enough data | Not enough data | #### Security | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Data Security** | Not enough data | Not enough data | Not enough data | | **Data loss Prevention** | Not enough data | Not enough data | Not enough data | | **Security Auditing** | Not enough data | Not enough data | Not enough data | #### Identity | Feature | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **SSO** | Not enough data | Not enough data | Not enough data | | **Governance** | Not enough data | Not enough data | Not enough data | | **User Analytics** | Not enough data | Not enough data | Not enough data | --- ## Categories **Unique to SecurityScorecard (2):** [Vendor Security and Privacy Assessment Software](https://www.g2.com/categories/vendor-security-and-privacy-assessment), [IT Risk Management Software](https://www.g2.com/categories/it-risk-management) **Unique to Whistic (3):** [IT Risk Management Software](https://www.g2.com/categories/it-risk-management), [Vendor Security and Privacy Assessment Software](https://www.g2.com/categories/vendor-security-and-privacy-assessment), [Third Party & Supplier Risk Management Software](https://www.g2.com/categories/third-party-supplier-risk-management) **Unique to Tenable Nessus (4):** [ Attack Surface Management Software](https://www.g2.com/categories/attack-surface-management), [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner), [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast), [API Security Tools](https://www.g2.com/categories/api-security) --- ## Reviewer Demographics ### By Company Size | Segment | SecurityScorecard | Whistic | Tenable Nessus | |---|---|---|---| | **Small-Business** | 12.8% | 15.7% | 26.1% | | **Mid-Market** | 38.4% | 49.0% | 39.4% | | **Enterprise** | 48.8% | 35.3% | 34.5% | ### By Industry #### SecurityScorecard - **Information Technology and Services:** 17.4% - **Hospital & Health Care:** 9.3% - **Computer & Network Security:** 8.1% - **Computer Software:** 8.1% - **Financial Services:** 8.1% - **Banking:** 7.0% - **Insurance:** 7.0% - **Computer Networking:** 3.5% - **Information Services:** 3.5% - **Health, Wellness and Fitness:** 3.5% - **Other:** 24.4% #### Whistic - **Computer Software:** 29.4% - **Information Technology and Services:** 17.6% - **Financial Services:** 5.9% - **Insurance:** 5.9% - **Hospital & Health Care:** 5.9% - **Accounting:** 3.9% - **Higher Education:** 3.9% - **Aviation & Aerospace:** 2.0% - **Computer Networking:** 2.0% - **Consumer Services:** 2.0% - **Other:** 21.6% #### Tenable Nessus - **Information Technology and Services:** 25.7% - **Computer & Network Security:** 16.5% - **Financial Services:** 7.4% - **Computer Software:** 6.0% - **Banking:** 4.6% - **Government Administration:** 3.9% - **Higher Education:** 3.2% - **Hospital & Health Care:** 2.5% - **Education Management:** 2.1% - **Telecommunications:** 2.1% - **Other:** 26.1% --- ## Alternatives ### Alternatives to SecurityScorecard - [Vendor Risk](https://www.g2.com/products/vendor-risk/reviews) — 4.5/5 stars (708 reviews) - [Bitsight](https://www.g2.com/products/bitsight/reviews) — 4.5/5 stars (76 reviews) - [LogicGate Risk Cloud](https://www.g2.com/products/logicgate-risk-cloud/reviews) — 4.6/5 stars (190 reviews) - [Vanta](https://www.g2.com/products/vanta/reviews) — 4.6/5 stars (2432 reviews) - [Optro](https://www.g2.com/products/optro/reviews) — 4.6/5 stars (1595 reviews) - [Loopio](https://www.g2.com/products/loopio/reviews) — 4.6/5 stars (811 reviews) - [Drata](https://www.g2.com/products/drata/reviews) — 4.7/5 stars (1160 reviews) - [Sprinto](https://www.g2.com/products/sprinto-inc/reviews) — 4.8/5 stars (1638 reviews) - [Secureframe](https://www.g2.com/products/secureframe/reviews) — 4.7/5 stars (796 reviews) - [Scrut Automation](https://www.g2.com/products/scrut-automation/reviews) — 4.9/5 stars (1300 reviews) ### Alternatives to Whistic - [Vanta](https://www.g2.com/products/vanta/reviews) — 4.6/5 stars (2432 reviews) - [Loopio](https://www.g2.com/products/loopio/reviews) — 4.6/5 stars (811 reviews) - [Secureframe](https://www.g2.com/products/secureframe/reviews) — 4.7/5 stars (796 reviews) - [Vendor Risk](https://www.g2.com/products/vendor-risk/reviews) — 4.5/5 stars (708 reviews) - [Drata](https://www.g2.com/products/drata/reviews) — 4.7/5 stars (1160 reviews) - [Responsive, formerly RFPIO](https://www.g2.com/products/responsive-formerly-rfpio/reviews) — 4.5/5 stars (1285 reviews) - [Optro](https://www.g2.com/products/optro/reviews) — 4.6/5 stars (1595 reviews) - [Sprinto](https://www.g2.com/products/sprinto-inc/reviews) — 4.8/5 stars (1638 reviews) - [Scrut Automation](https://www.g2.com/products/scrut-automation/reviews) — 4.9/5 stars (1300 reviews) - [Thoropass](https://www.g2.com/products/thoropass/reviews) — 4.7/5 stars (579 reviews) ### Alternatives to Tenable Nessus - [Intruder](https://www.g2.com/products/intruder/reviews) — 4.8/5 stars (206 reviews) - [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) — 4.6/5 stars (69 reviews) - [Detectify](https://www.g2.com/products/detectify/reviews) — 4.5/5 stars (51 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) — 4.7/5 stars (790 reviews) - [Burp Suite](https://www.g2.com/products/burp-suite/reviews) — 4.8/5 stars (129 reviews) - [Acunetix by Invicti](https://www.g2.com/products/acunetix-by-invicti/reviews) — 4.1/5 stars (105 reviews) - [Pentest-Tools.com](https://www.g2.com/products/pentest-tools-com/reviews) — 4.8/5 stars (100 reviews) - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) — 3.8/5 stars (25 reviews) - [Orca Security](https://www.g2.com/products/orca-security/reviews) — 4.6/5 stars (256 reviews) - [APPCHECK](https://www.g2.com/products/appcheck/reviews) — 4.6/5 stars (67 reviews) --- ## Top Discussions ### SecurityScorecard - Title: [What is SecurityScorecard used for?](https://www.g2.com/discussions/what-is-securityscorecard-used-for) — 1 comment > **Top comment:** "We use it for 3rd party risk assessments. It offers organizations valuable insights into the vulnerabilities that exist in their own environments and their..." - Title: [How much does BitSight cost?](https://www.g2.com/discussions/how-much-does-bitsight-cost) — 1 comment > **Top comment:** "Around 10K" - Title: [Why SecurityScorecard?](https://www.g2.com/discussions/why-securityscorecard) — 1 comment > **Top comment:** "Because many organizations check SCC scores before selecting vendors or services. So as organization you must be on top of your score and security posture" - Title: [Apart from Third Party & Supplier Risk Management, How can we use other functionality of SS?](https://www.g2.com/discussions/apart-from-third-party-supplier-risk-management-how-can-we-use-other-functionality-of-ss) — 1 comment, 1 upvote > **Top comment:** "Comment deleted by user." ### Whistic No discussions available for this product. ### Tenable Nessus - Title: [Is there a free version of Nessus?](https://www.g2.com/discussions/is-there-a-free-version-of-nessus) — 2 comments > **Top comment:** "30 /15 days trail is available " - Title: [What does Nessus Professional scan for?](https://www.g2.com/discussions/about-nessus-2b3f6c8f-4cde-460a-bd61-f2527f0cdb45) — 2 comments, 1 upvote > **Top comment:** "It scans the system for different vulnerabilities depending on what policy you want to scan the system with (like Internal PCI, Policy Compliance, SCAP,..." - Title: [What types of devices can Nessus Professional scan?](https://www.g2.com/discussions/device-types-78d9c056-eb92-4435-aad4-32afa6a1a445) — 2 comments, 1 upvote > **Top comment:** "Windows PCs/servers , Linux systems/servers, Mobiles, IPMI devices like iLO, iDRAC, network switches, storage arrays, etc." - Title: [How many IP Addresses can I scan?](https://www.g2.com/discussions/ip-addresses-b6ef755d-8e1e-4949-818a-ec228e8ac779) — 2 comments, 1 upvote > **Top comment:** "It depends on your license." - Title: [What do I need to run Nessus professional?](https://www.g2.com/discussions/environment-c71784d4-2685-42a7-870f-56620a4bcb97) — 2 comments, 1 upvote > **Top comment:** "you don't need any special requirements you can run on any windows or Linux machine without any hazel." --- **Source:** [G2.com](https://www.g2.com) | [Comparison Page](https://www.g2.com/compare/securityscorecard-vs-whistic-vs-tenable-nessus)