Tenable Network Security Nessus is one of the most comprehensive and widely deployed vulnerability assessment tools. It is available as a software package for consumer versions of Microsoft Windows, Windows Server and Linux. It is also available as a preconfigured VM, an Amazon EC2 appliance, a preconfigured hardware appliance or a cloud service. Tenable has a wide variety of plugins which gives Nessus the ability to interface with basically any networked device. In addition, Nessus can be easily integrated with most major patch management systems, which gives administrators the ability to verify that updates are installing as they should be. Nessus can also be deployed with endpoint agents, which allow vulnerability scanning to occur offline and scan results can be collected after. This is valuable for mobile workforces where assets may not always be connected to the corporate network. The endpoint agents also allow Nessus to perform malware scanning. If a zero-day has been identified within the organization, Nessus can be used to quickly check for other machines that have been infected organization-wide.
Nessus supports more technologies than competitive solutions, scanning operating systems, network devices, hypervisors, databases, web servers, and critical infrastructure for vulnerabilities, threats, and compliance violations.
With the world’s largest continuously-updated library of vulnerability and configuration checks, and the support of Tenable’s expert vulnerability research team, Nessus sets the standard for vulnerability scanning speed and accuracy.
- Reporting and Monitoring
- Flexible reporting: Customize reports to sort by vulnerability or host, create an executive summary, or compare scan results to highlight changes
- Native (XML), PDF (requires Java be installed on Nessus server), HTML and CSV formats
- Targeted email notifications of scan results, remediation recommendations and scan configuration improvements
- Scanning Capabilities
- Discovery: Accurate, high-speed asset discovery
- Scanning: Vulnerability scanning (including IPv4/IPv6/hybrid networks)
- Coverage: Broad asset coverage and profiling
- Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
- Offline configuration auditing of network devices
- Virtualization: VMware ESX, ESXi, vSphere, vCenter, Microsoft, Hyper-V, Citrix Xen Server
- Operating systems: Windows, OS X, Linux, Solaris, FreeBSD, Cisco iOS, IBM iSeries
- Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB
- Web applications: Web servers, web services, OWASP vulnerabilities
- Cloud: Scans the configuration of cloud applications like Salesforce and cloud instances like AWS and Rackspace
- Compliance: Helps meet government, regulatory and corporate requirements
- Helps meet several PCI DSS requirements through configuration auditing, web application scanning
- Threats: Botnet/malicious, process/anti-virus auditing
- Detect viruses, malware, backdoors, hosts communicating with botnet-infected systems, known/unknown processes, web services linking to malicious content
- Compliance auditing: FFIEC, FISMA, CyberScope, GLBA, HIPAA/ HITECH, NERC, PCI, SCAP, SOX
- Configuration auditing: CERT, CIS, COBIT/ITIL, DISA STIGs, FDCC, ISO, NIST, NSA
- Control Systems Auditing: SCADA systems, embedded devices and ICS applications
- Sensitive Content Auditing: PII (e.g. credit card numbers, SSNs)
- Deployment and Management
- Flexible deployment: software, hardware, virtual appliance deployed on premises or in a service provider’s cloud.
- Scan options: Supports both non-credentialed, remote scans and credentialed, local scans for deeper, granular analysis of assets that are online as well as offline or remote.
- Configuration/policies: Out-of-the-box policies and configuration templates.
- Risk scores: Vulnerability ranking based on CVSS, five severity levels (Critical, High, Medium, Low, Info), customizable severity levels for recasting of risk.
- Prioritization: Correlation with exploit frameworks (Metasploit, Core Impact, Canvas, and ExploitHub) and filtering by exploitability and severity.
- Extensible: RESTful API support for integrating Nessus into your existing vulnerability management workflow.
- Reduce the attack surface: Prevents attacks by identifying vulnerabilities that need to be addressed
- Comprehensive: Meets the widest range of compliance and regulatory standards
- Scalable: Start with a Nessus Professional single user license and move to Nessus Manager or Nessus Cloud as your vulnerability management needs increase
- Low total cost of ownership (TCO): Complete vulnerability scanning solution for one low cost
- Constantly updated: New content continually being added by the Tenable research team
- Easily accessible: Anywhere, anytime access from an Internet browser
- Complete Vulnerability Coverage:
- Virtualization & cloud
- Malware & botnets
- Configuration auditing
- Web applications
Who are Nessus users?
- banks and financial institutions
- private and governmental organizations
- penetration testing laboratories
Sorena Secure Processing Experts
- Purchasing Nessus Licenses and maintanence it
- Responsible for training users and promoting security awareness to improve working with Nessus
- Installing, configuration and professional training of Nessus
- We have experts with 10 years experience in this field