Tuning your Nessus scan policy can yield great results. Tenable has added a new Nessus plugin which will analyze the scan results for your environment and the scan settings that were used, and then suggest improvements for a better audit.
Nessus 5.2.1 is available for download.
Keeping tabs on missing patches is one of the challenges faced by everyone responsible for managing systems. Regardless of platform, there are a plethora of patches to be applied. The new Nessus “Patch Report” plugin provides an actionable report that displays a list of consolidated patches that need to be applied to become fully patched.
To help you discover all the components of your virtual environment, Tenable has several Nessus plugins to detect virtualization servers, discover vulnerabilities, and enumerate VMs (both active and inactive). Nessus supports remote vulnerability identification and local patch auditing of VMware vSphere ESX/ESXi and vCenter.
For a field that loves statistics, computer security sure treats them casually. In order to get my humble BA in Psychology, I absorbed my share of course hours in statistics and testing methods, including a set of lectures based upon Darrell Huff's brilliant book, "How to Lie with Statistics" - which I highly recommend. It's fun easy reading satire - those lectures had the effect of making me hyper-skeptical about any large, round, number that's thrown my way.
When I was at RSA earlier this year, I gave a variety of media interviews and product demos about Tenable solutions. I demonstrated Nessus detecting malicious processes and the Passive Vulnerability Scanner (PVS) providing an audit trail of all network activity that led up to the infection. I also showed how the Log Correlation Engine (LCE) correlated PVS logged DNS queries to known botnets.