Tenable is excited to announce the availability of the Nessus vulnerability scanner on AWS, Amazon's cloud platform, as an official AMI (Amazon Machine Image). AWS customers may use the Nessus AMI to scan, audit, and monitor for software vulnerabilities in all their AMIs — whether in development, staging, or production.
Scanning the Cloud
Amazon Web Services (AWS) is a flexible, scalable, and low-cost cloud computing platform that offers businesses on-demand delivery of IT resources with pay-as-you-go pricing. With AWS, you can develop, launch, and operate software applications with minimal administrative overhead or worrying about having enough computing, storage, and database resources. However, one big area of concern remains for your software on AWS: security.
Scanning Amazon's cloud remotely poses challenges and risks, such as consuming Internet bandwidth, scans taking longer because they are going across the Internet, and the security of the scan results in transit.
By using the official Nessus AMI, your scanning occurs within Amazon's cloud and not across the Internet, offering better integrity and performance. For added security, Amazon cloud customers can create a VPN between your network and the Amazon cloud.
Therefore, Tenable and Amazon recommend that all new and existing AWS customers scan their AMIs with Nessus while in development and staging, before publishing to AWS users. This includes SecurityCenter customers as well, as you can deploy a Nessus AMI image and manage it with SeucurityCenter just as you would any other scanner.
Nessus is available for all AWS customers under a Bring Your Own License (BYOL) model. Customers interested in leveraging Nessus to secure their AMI must first purchase a Nessus subscription either directly from Tenable's eCommerce store or from an authorized reseller. The subscription will provide an Activation Code to apply when provisioning a Nessus instance directly from your AWS account.
When you visit and search the Amazon Marketplace, you can enter "nessus" as a search term. This will bring you to the entry for Nessus in the Marketplace where you can review information about the AMI as shown below:
The AMI is deployed just as it would with any other AMI in the Amazon Marketplace. You will need to choose the instance type and the security role of the new instance. A default security role is defined for you, which results in standard firewall rules being applied for the Nessus vulnerability scanner.
Above you can see the instance being deployed. In just a short amount of time you can be up and running with Nessus in your Amazon cloud! Please note the latest version of the Nessus vulnerability scanner (5.2.4) is now available to all Amazon customers, the above screenshots are examples.
After the instance has initialized, open a browser and connect to the instance to complete the configuration:
https://<Elastic IP Address>:8834
The external hostname or Elastic IP address (EIP) can be found by clicking on the instance in the EC2 console. From there you can configure Nessus just as you would on any other system.
Nessus and SecurityCenter customers can visit the Amazon Marketplace and begin installing the Nessus AMI into their cloud environments. It is now easier than ever to scan your cloud infrastructure thanks to this partnership between Tenable and Amazon. For more information, or for help with deployment, customers can visit the Tenable Support Portal and/or ask questions directly in the Tenable Discussions Forum.