Nessus Enterprise: Empower Team Collaboration

by Paul Asadoorian
May 19, 2014

Nessus Enterprise is now available and allows you to add users (including LDAP support) and share resources such as reports, schedules, policies, and scanners. Nessus Enterprise is available in both on-premise and cloud versions and focuses on users, sharing, collaboration, and increased scalability.

Why Nessus Enterprise?

Nessus Enterprise allows Nessus practitioners managing scans by themselves to engage the rest of their organization in the vulnerability management process. Results from vulnerability scans are stored in a central location for sharing, and administrators can delegate access to the vulnerability scanner’s resources (schedules, policies, and additional scanners).

Nessus Enterprise will transform your vulnerability scanning activities from a single user, ad-hoc event into a 24/7 service used by your entire IT staff.

Resource constrained IT organizations require all the help they can get implementing and maintaining a vulnerability management program. For example, the IT security staff likely has a busy schedule and will benefit from being able to share vulnerability scanning duties both among each other and with others in the organization. Additional IT teams (such as systems administrators, developers, and auditors) can now have their own accounts to scan their own environments, helping them manage patches and prepare for audits. Project-based teams will be able to scan new environments (systems and applications) before they go into production on their own without the direct involvement of the IT security teams, saving time and fostering more secure production systems.

What Is Nessus Enterprise?

Nessus Enterprise includes all of the existing capabilities of Nessus, including the multi-scanner feature, with availability either On-Premise or from the Cloud. New features in Nessus Enterprise are as follows:

  • Sharing – Resources can be shared across multiple users and/or groups, including:
    • Scan Results – Provide detailed vulnerability results to asset owners in your organization, putting the problems in front of the people who can fix them
    • Scan Schedules – Avoid duplication of effort by sharing scan schedules
    • Scan Policies – Custom scan policies for your environment(s) can be shared with users and teams within your organization, avoiding even more duplication of effort
    • Scanners - Designate users to a specific scanner, reduce the workload on your primary scanners, and delegate scanning areas of your network to responsible parties
  • Access Control – Users can be granted roles that allow them full control of a scanner all the way down to read-only access to scan results
  • LDAP Support – Integrate authentication with your local LDAP server to make sharing resources easier and avoid the added overhead of managing credentials

How To Use Nessus Enterprise: An Introduction

Please see the video below for a brief tutorial on Nessus Enterprise features:

Nessus Enterprise allows you to create new users in the following roles:

  • Read only – Users are only able to view scan results
  • Standard – Users can view results, launch scans, create schedules, create policies
  • Administrator – User has the rights of a Standard user and can also manage users and groups
  • System Administrator – User has the rights of the above roles, but can also manage server settings (Mail Server settings, LDAP server settings, and several other settings associated with the Nessus scanner)

Users and groups can be administered through the Nessus Enterprise HTML5 interface:

Above you can see all of the users in your Nessus Enterprise server. Each user has been assigned a role, dictating their level of access to resources.

Users can be placed into groups to allow for easier access to granting (or revoking) permissions to resources. In the above example users are placed into logical groupings according to their role in their organization.

Share and/or delegate access to Policies, Schedules, Scan Results or Scanners using the “Sharing Settings” configuration screen, as shown above. You can assign users and groups to use/view or edit resources.

When viewing scan results Nessus Enterprise will indicate if it has been shared with users or groups.

Conclusion

Nessus Enterprise is available to new customers and existing customers and can be purchased from our online store or through a partner. Upgrading from Nessus to Nessus Enterprise is extremely easy and does not require re-installation or significant downtime. The Nessus Enterprise Cloud offering will provide quarterly PCI ASV scanning and the ability to scan your perimeter. Existing Nessus Perimeter Service users are automatically migrated to Nessus Enterprise Cloud and can visit our web page for information on how to start using Nessus Enterprise right away! Existing Nessus scanners already licensed by your organization can act as secondary scanners and connect to either Nessus Enterprise premise or cloud versions. Get started today and begin a whole new level of excitement for vulnerability management into your organization!