Network vulnerability scanners: directory + per-IP pricing
Classic network VM scanners. Per-IP and per-asset pricing across Tenable, Qualys, Rapid7. Open-source OpenVAS for the technically skilled.
What is a network vulnerability scanner?
Single-scanner on-prem workhorse. Per-scanner not per-asset.
Per-asset SaaS replacement for Nessus at scale, plus WAS/EASM/CTEM modules.
Cloud-native VMDR with TruRisk scoring; quote-only at enterprise scale.
Insight Agent + Live Dashboards + Remediation Projects; per-asset list tiers.
Mid-market scanner + patch in one. Cheapest list pricing on the directory.
Managed wrapper around OpenVAS / ZAP / Nuclei. Cheap entry point for solo founders.
Pen-tester-flavoured scanner platform with report generator. Per-target monthly.
Self-hosted GPL scanner. Real cost is admin hours and feed lag versus Nessus.
Agent vs credentialed scan
Both models surface authenticated-scan-depth findings (installed packages, service configurations). Agents avoid the credential-management overhead but add a persistent footprint. Tenable and Rapid7 lean agent-heavy; Qualys offers both; OpenVAS is credential-heavy by default.
FAQ
- Do I need both internal and external scans?Yes. PCI ASV requires external. Internal scans (authenticated) surface what unauthenticated scans miss.
- Can OpenVAS replace Nessus Pro?For a one-scanner SMB shop with a skilled Linux admin, yes. At enterprise scale, Nessus / Tenable.io wins on UX and feed lead-time.
- What does an authenticated scan find that unauthenticated misses?Installed-package vulnerabilities, missing patches, weak local configurations, service misconfigurations. Roughly 5-10x more findings than unauthenticated.
- How often should network scans run?Quarterly external for PCI; monthly internal authenticated as a minimum; weekly or continuous if you can afford it.
- Which is cheapest at 1,000 assets?Rapid7 InsightVM published list (~$21/asset/yr) is materially cheaper than Tenable.io (~$35/asset/yr) and Qualys (quote-only, ~$199 partner-reported).