MANAGED OPENVAS

Vulnerability scanning, run by engineers — not a portal you forget to log into.

Greenbone OpenVAS deployed in your cloud, tuned to a sub-5% false-positive rate, and wired into your ticketing. The same engine that produces your PCI, SOC 2, and ISO 27001 evidence — operated as a dedicated extension of your team.

Talk to a Security Engineer →

What you get

Six things a scanner alone won't give you.

The full Greenbone stack, run for you

openvas-scanner, gvmd, PostgreSQL, and Greenbone Security Assistant — deployed in your cloud or ours, patched on a documented cadence, and operated by senior engineers.

Authenticated + unauthenticated scans

SSH key, SMB credential, ESXi, SNMP. Credentials live in our vault, never in scan configs. The unauthenticated pass finds what an attacker sees; the authenticated pass finds what your patch process missed.

Enterprise feed where it matters

We default to the Greenbone Enterprise Feed for PCI-grade external scanning and Cisco / Exchange / Palo Alto-heavy estates. Multiple daily updates, EPSS scoring, CIS Benchmark content baked in.

Findings in your ticketing, not a CSV

We push triaged findings through GMP into Jira, Linear, ServiceNow, or whatever you already run. Each ticket carries a fix, not just a CVE ID.

Compliance evidence as a side effect

PCI DSS Requirement 11.2, SOC 2, ISO 27001, HIPAA. The same engine produces the audit pack — quarterly external, monthly internal, on-demand re-scans.

No lock-in, ever

Scanner, manager, database, and configs are GPLv2. Scan configs and suppression rules export through GMP. If we part ways, you keep the stack. The feed subscription transfers.

OpenVAS vs Tenable / Qualys

Where each tool actually wins.

Dollar-honest. The comparison set is Tenable Nessus Professional, Tenable Vulnerability Management, Qualys VMDR, and Rapid7 InsightVM. We'll tell you when one of them is the right answer instead of us.

Managed OpenVAS

Pricing: Run-cost dominated by ops, not licence ^[3][4]
Feed: Greenbone Enterprise or Community feed, daily / multi-daily updates
Coverage: 200,000+ tests on the Enterprise feed; honest gap vs. Tenable on novel-CVE shipping speed
Best fit: Mid-market estates, segmented networks, teams that want the operating layer included
Where it wins: Cost, transparency, no lock-in, senior operators on call

Tenable Nessus Professional

Pricing: $4,790/yr per scanner, unlimited IPs ^[6][8]
Feed: Tenable plugin feed — best-in-class shipping speed on novel CVEs
Coverage: Strong; the gold standard for plugin freshness
Best fit: Single-operator, flat networks, ad-hoc scanning
Where it wins: Cheapest serious scanner if one engineer runs it manually

Qualys VMDR

Pricing: $199–$250 / asset / yr + scanner appliances ~$8–9k/yr each ^[9]
Feed: Cloud-delivered, agent + scanner hybrid
Coverage: Strong on cloud-scale, agent-friendly estates
Best fit: Distributed cloud estates, ephemeral workloads
Where it wins: Cloud-scale agent fleet; less network-segmentation work

Rapid7 InsightVM

Pricing: ~$1.93/asset/mo at 500; ~$1.62/asset/mo at 1,250+ ^[10]
Feed: Rapid7 vulnerability content + Insight platform
Coverage: Comparable network coverage; remediation UX is the friendliest in the category
Best fit: Teams that need a polished out-of-box dashboard
Where it wins: UX. The remediation flow is genuinely better than ours by default

Pricing reflects 2024–2025 published list rates from the cited sources. Real enterprise contracts come in below list. See the full research dossier for methodology.

Deployment + tuning

Four phases. One team.

Assess

Two weeks. Asset inventory, network segmentation map, credential vaulting, scan-window sketch. We tell you which feed (Community vs. Enterprise) you actually need.

Deploy

Scanner per segment talking back to a central gvmd over a private link. PostgreSQL sized for a year of result history. GMP wired into your ticketing.

Tune

Baseline scan, manual false-positive review, suppression rules tracked over time. Daily for crown jewels, weekly internal, monthly full sweeps. False-positive rate under 5% by month three.

Operate

Daily feed health checks. Triaged findings into your ticketing with fix instructions. Monthly executive report. Compliance evidence packs ready when the auditor asks.

ROI — 500 assets

What mid-market actually pays.

Same 500-asset scope, same scan cadence, same compliance outputs. Public list pricing on the commercial side; ThinSky managed run rate on ours.

Managed OpenVAS — 500 assets

Greenbone Enterprise Feed (recommended at 500 assets)included
Scanner + gvmd + PostgreSQL infrastructureincluded
Scheduling, triage, suppression hygieneincluded
Ticketing integration (Jira / Linear / ServiceNow)included
Compliance evidence pack (PCI / SOC 2 / ISO 27001)included
All-in indicative range$24,000–$36,000 / yr

Run-cost dominated by senior-engineer time, not licence. Exact figure by quote against your asset inventory.

Commercial alternatives — 500 assets

Tenable Vulnerability Management (Tenable.io) ~$15,000–$30,000 / yr ^[6]
Qualys VMDR (500 × $199–$250 list) $99,500–$125,000 / yr ^[9]
Rapid7 InsightVM (500 × $1.93/asset/mo) ~$11,580 / yr licence; $11–15k all-in ^[10]
Tenable Nessus Professional (single scanner, no central manager) $4,790 / yr ^[8]
Plus your own ops timenot included above

Nessus Professional is genuinely the cheapest serious scanner if one engineer runs it by hand. The other three include licence only — scheduling, triage, and audit packaging are your team's problem.

FAQ

Honest answers to the questions buyers actually ask.

Is the Greenbone Community feed really enough?

For internal posture work on a Linux + standard-services estate, usually yes. For PCI-grade external scanning, or if you live in a Cisco / Exchange / Palo Alto-heavy environment, the Greenbone Enterprise feed is the right call — it ships multiple times a day, includes EPSS scoring, and covers enterprise products the Community feed explicitly doesn't. We default to Enterprise for any compliance-bound scope and tell you when Community is fine.

How does this compare to just buying Nessus Professional?

Nessus Professional at $4,790/year for unlimited IPs on a single scanner is the cheapest serious scanner on the market, and if one engineer is going to run scans manually it is the right answer. We will tell you so. Managed OpenVAS earns its keep when you need centralised scheduling across segmented networks, credentialed scans at scale, ticketing integration, and audit-ready reporting — the SKUs that do that on the Tenable side (Tenable Vulnerability Management, Tenable Security Center) are quote-driven and considerably more expensive.

What about Qualys agents — don't I want cloud-scale coverage?

If your estate is dominated by short-lived cloud-native workloads with no static network plan, Qualys VMDR or a CSPM like Wiz is a better tool than any network scanner — including OpenVAS. We will say that out loud. For mid-market estates with real network segmentation, static infrastructure, and a mix of on-prem and cloud, OpenVAS with one scanner per segment talking to a central manager is the right shape.

If we leave, what do we keep?

Everything that matters. The scanner, manager, and database are GPLv2 open source. Scan configs, suppression rules, schedules, and report formats export through the Greenbone Management Protocol. The Greenbone Enterprise Feed subscription, if you've taken it, transfers to your own contract. There is no proprietary format and no hostage data.

How long does it take to get value?

Baseline scan inside the first week. Tuned, low-false-positive scans into your ticketing by week four. Monthly executive report and compliance pack from month two. The asset inventory the discovery phase produces is usually worth the engagement on its own — most teams find systems they didn't remember owning in week one.

See your real attack surface in two weeks.

A two-week assess engagement gets a tuned baseline scan, an asset inventory you can trust, and an honest read on whether managed OpenVAS — or one of the commercial scanners — is the right answer for your estate.

Book a 30-minute scoping call →