Tenable Nessus Vulnerability Scanner: Product overview
Expert Ed Tittel examines the Nessus vulnerability scanner series from Tenable Network Security, which includes client, cloud and on-premises vulnerability management products.
Tenable Network Security specializes in continuous monitoring and vulnerability assessment products. Tenable's Nessus vulnerability scanner product line includes Nessus Cloud, which is a software as a service offering; Nessus Manager, an on-premises physical or virtual appliance for vulnerability management; Nessus Professional, which is software that runs on a client device such as a laptop; and Nessus Home is a free version that's aimed at consumers.
The Tenable Nessus product line is one of the most comprehensive in the vulnerability management space and has been an established presence in the market for years. In addition to vulnerability scanning of the infrastructure with automatic scan analysis for remediation prioritization, Nessus includes web application, cloud environment and mobile device scanning. The Nessus vulnerability scanner family also provides malware detection, auditing of control systems such as SCADA and embedded devices, and configuration auditing and compliance checks.
The Nessus scanning engine uses plug-ins to detect new vulnerabilities. Tenable pushes plug-ins that contain the latest information to customer systems within 24 hours after a vulnerability has gone public. Because new vulnerabilities appear nearly every day, customers receive daily plug-in feeds to stay current.
Nessus does not include penetration testing capabilities, but administrators can integrate Nessus scan results with popular penetration testing tools, such as Metasploit, Core IMPACT and Immunity CANVAS, to provide insight into risk without the need for exploitation.
Administration and management
Administrators of Nessus Cloud and Nessus Manager can deploy endpoint agents, which allow for offline scanning and the collection of scan results when a mobile device reconnects to the corporate network. The agents also allow Nessus to scan the devices for malware.
Nessus Cloud and Nessus Manager easily integrate with CyberArk for credential management, with patch management systems such as those from Dell, IBM, Microsoft and Red Hat, and with mobile device management systems like those from AirWatch, MobileIron, Apple, Microsoft and others. All Nessus vulnerability scanner products work with the RESTful API to integrate Nessus into an organization's overall workflow.
The Nessus console interface and dashboard is designed for ease of use, enabling administrators to create policies with a few mouse clicks. Administrators can run a host of preconfigured reports or customize them for their environments, and configure the tool to send targeted email notifications for scan results, remediation actions and more.
In addition to the Nessus vulnerability scanner line, Tenable also offers SecurityCenter, a unified network monitoring and vulnerability management analytics control center, and SecurityCenter Continuous View, a monitoring product with real-time threat detection.
Pricing, licensing and support
The Nessus vulnerability scanner products are annual subscription-based products sold through a sales partner or directly through the online Tenable Store. Nessus Cloud and Nessus Manager subscriptions are priced the same per number of hosts or agents; 128 hosts or agents costs $2,920, for example, while 256 hosts or agents costs $4,745. Customers with more than 256 hosts must contact a sales representative for specific pricing. Each subscription includes one year of software updates and vulnerability updates.
Nessus Professional software is also available as an annual subscription for $2,190, which includes daily vulnerability updates for a single Nessus scanner, downloadable compliance and audit files, software updates and a virtual appliance.
Support representatives are available 24/7. Customers can get support via phone, email or online chat. Customers can also log in to the Tenable Support Portal to access a knowledge base and product documentation, and to open support tickets. Tenable offers free on-demand training 24/7, and provides live virtual training, classroom training at Tenable training centers and customized training onsite at customer locations for a fee.
In part one of this series, learn the basics of vulnerability management tools
In part two read about enterprise use cases for vulnerability management
In part three discover the purchasing criteria for vulnerability management tools
In part four compare the leading vulnerability management products on the market