Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Nessus Scanning Strategies for Consultants

Nessus helps consultants perform a wide variety of security assessment services for their clients. This blog entry describes how many of the new features Tenable has added to Nessus over the past few years dramatically alter the types of services that can be provided during an assessment.

 

Audit iPads, iPhones, Android and Windows Mobile Devices

Nessus now provides the ability to audit which users run mobile devices and determine the patch level for your client. Any mobile device that interacts with ActiveSync can be enumerated, and its general patch level can be determined by pointing Nessus at the local Windows domain controller. 

This information helps consultants provide better advice for their clients and can lead to additional work such as the deployment of a NAC, a mobile device user policy, enforcing a certain type of mobile device, or even identification of rogue or unauthorized mobile devices.

Performing Patch Audits without Asking for the Admin Password!

Regardless of their security expertise, consultants are rarely given a domain login or passwords to their clients’ DNS servers and Exchange servers.  Without such a login though, you can’t find specific missing patches that shed light on client-side vulnerabilities. 

If your client has invested in a patch management system, Nessus can be configured to communicate with it and pool its scan results with the patch auditing results from the patch management system. Nessus supports many major Windows patch management systems, including SCCM and Tivoli (Bigfix).

Identifying Readily Exploitable Systems without Performing an In-depth Pen Test

A Nessus vulnerability scan can identify which services, clients or Internet facing devices are readily compromised with public exploits. If your client has any of these, performing a penetration test is likely not needed because you already know that such an attack will succeed. 

Nessus includes correlation with many different types of exploit platforms and can filter scan results against any of these technologies.

This technology can also help consultants recommend when a penetration test is appropriate. For example, if you’ve scanned a DMZ and see that there are no Internet facing vulnerabilities that are exploitable, but you see that there are Internet browsing users with vulnerable web browsers, you may recommend a social engineering penetration test.

Identifying Malware and Botnets

I’ve spoken with many consultants who use Nessus and were surprised to see Nessus identify botnets and malware running on their clients’ Windows systems.

Nessus’s botnet identification technology identifies systems that are listed on, communicating with, performing DNS lookups to, or hosting botnet content. The Windows malware identification technology identifies malicious processes that are running with an index of all leading anti-virus products.

If you find malware or botnets during a Nessus scan of your clients’ systems, you may be able to assist customers with their malicious software defenses. It’s possible you can help them remove the virus, perform an audit of their deployed anti-virus agents with Nessus or extend your consulting to help enhance their firewall, log analysis, email security or other types of malicious code protection.

Preparing for PCI Certification

Tenable is a PCI  Authorized Scanning Vendor (ASV) and achieved this certification with the Nessus Perimeter Service. The Nessus scanners and user interface to perform the scans are exactly the same as those that consultants have access to with the Nessus ProfessionalFeed. This means you can perform your network scans to prepare for a PCI audit with the same exact policies Tenable uses for PCI certification scanning from the Perimeter Service.  

It is important to note that an official PCI scan must be performed by an ASV, but it is helpful to use the Nessus PCI scan policy to identify non-compliant issues before an ASV is engaged. Identifying these issues before an official PCI scan from the Nessus Perimeter Service is performed is an excellent way to assist clients who attempt to obtain and maintain their PCI certifications.

Take Training And Be Certified

Tenable offers a wide variety of certification training programs. The training programs are entirely web-based, on demand and have built-in hands-on labs hosted at Tenable, which gives you direct experience running scans and performing audits of Linux, Windows and Cisco devices.

Having the Tenable Certified Nessus Auditor certification on your resume allows you to tell your clients that you’ve mastered the #1 network auditing tool in the world, in use throughout the Department of Defense, the PCI industry and more than 15,000 organizations world-wide.

For More Information

If you are a consultant who uses Nessus, you can join in with the rest of the community at the Nessus Discussions Forum where tips, techniques and announcements are discussed at length and often directly with the R&D staff from Tenable.

To sign up for Tenable’s training and certification, visit our e-commerce site or learn more about the programs here. There is also a tremendous amount of videos and information at the Tenable YouTube channel.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training