Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Nessus Amazon AWS Auditing Now Available

Note:  Nessus Cloud is now a part of Tenable.io Vulnerability Management. To learn more about this application and its latest capabilities, visit the Tenable.io Vulnerability Management web page.


The transition to cloud services is well underway, bringing with it traditional and new security challenges. Nessus is evolving to address these challenges. Unlike traditional environments, cloud services require a modified approach to scanning - users can't simply point their scanners to services such as Amazon AWS, and not expect to be throttled, if not outright blocked. 

Today we are happy to announce Nessus support for auditing Amazon AWS infrastructure.  This new capability in Nessus® includes a compliance plugin and a .audit file that leverages the AWS API.

What We Are Auditing

Our goal with this feature is to provide a snapshot of the AWS infrastructure at a given point of time. Information such as running instances, network ACL's, firewall configurations, account attributes, user listing, and so on are pulled back from AWS to provide this snapshot.

The .audit itself is based on AWS Security Best Practices and IAM Best Practices guides from Amazon.

Steps to Run the Scan

The Amazon AWS scan differs from a typical Nessus scan in one major way: it doesn't have any targets. Since AWS is a Web Service, all we need are Access keys to your AWS account. To run a scan, select the new Amazon AWS wizard as shown below and follow the steps to configure the scan.

 

policy wizard

 

A majority of the checks are focused on gathering information that would be helpful in a manual review. Nessus users familiar with its configuration and compliance auditing capabilities can certainly use the usual compliance testing keywords such as regex/expect/not_expect to fulfill their compliance and auditing needs. In addition to that, starting with the Amazon AWS plugin, we are introducing a new feature that would allow users to compare the output of a check against a "known_good" value. If the value doesn't match, it will produce a diff style report (patience diff, specifically) on what changed. Users can also specify more than one known_good values. This feature is extremely useful to create a gold standard audit for your AWS infrastructure.

Below is a list of warnings, failed checks, and passed checks from an Amazon AWS audit scan.

The image below shows the report when the actual value is different from the known_good value.

known_good

 

Final Thoughts

If you have settled on Nessus as your primary scanning platform for on-premises devices and services, it is now possible to leverage it to scan your external services as well. As cloud services become more prevalent, Nessus will evolve accordingly and account for more such services going forward. If you are not a Nessus user already, then features such as these are additional evidence that Nessus is one of the most forward-looking platforms, and you should give it a second look.

I welcome comments and feedback on this discussion of Amazon AWS integration in Nessus.

Thanks to Paul Asadoorian for edits and contributions.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training