Nessus Vulnerability Scanner Features

With more than 10 million downloads to date, Nessus® is the industry’s most widely deployed vulnerability and configuration assessment product. Nessus is fueled by Nessus ProfessionalFeed® and is supported by an expert vulnerability research team. Nessus scales to serve the largest organizations and is easy to deploy.

Nessus ProfessionalFeed is offered in 1-, 2-, or 3-year subscriptions, as well as in bundled solutions. Nessus Auditor Bundles offer savings of up to $800 on products, training, and certification.

Nessus ProfessionalFeed Subscription Key Features:

  • Scan an unlimited number of IPs as often as needed
  • Receive daily plugin updates – 54,000+ vulnerability and configuration checks
  • Download compliance and audit files
  • Receive software updates and support
  • Licensed per installation ($1,500 USD annual subscription)

Deep Vulnerability Analysis

The Tenable Nessus® vulnerability scanner performs deep, high-speed vulnerability identification on the assets you scan. You can distribute Nessus scanners throughout the enterprise. Test an unlimited range of IP addresses, or if IP addresses are dynamic, use DNS or MAC addresses. Nessus also scans IPv6 addresses on all platforms.

You can typically complete audits of networks with fewer than 100 hosts in a few minutes using a laptop or a medium-powered server.

Nessus can scan with or without administrative credentials. It leverages information from management systems (e.g., patch, configuration, and mobile device management (MDM) technology), as well as different external repositories (e.g., Active Directory).

See below for information on some of Nessus' key vulnerability analysis features.

Mobile Device Auditing

Nessus integrates with the Apple® Profile Manager and Microsoft® Exchange via Active Directory® MDM solutions to provide a comprehensive view of an organization’s mobile and BYOD environment and its vulnerability status.

  • Enumerates iOS, Android™-based, and Windows Phone 7 devices accessing the corporate network
  • Provides detailed mobile device info – serial number, model, version, last connection timestamp
  • Detects known mobile vulnerabilities, including out-of-date versions of Apple iOS
  • Discovers jailbroken iOS devices
Nessus

Botnet / Malicious Process / Anti-virus Auditing

Detect malicious processes on Windows computers. Nessus enhances an organization's anti-virus (AV) strategy by red-flagging threats that often slip through the cracks, helping organizations fight malware and advanced persistent threats (APTs).

  • Identifies infected systems by leveraging the power of dozens of AV engines
  • Identifies botnet infections, systems connected to known botnets, and websites hosting malicious content associated with botnet propagation
  • Audits your AV agent for vulnerabilities, out-of-date signature rules, and misconfigurations

To learn more about Nessus' malicious process detection capabilities, view the "Strategic Anti-malware Monitoring with Nessus, PVS, & LCE" whitepaper.

Nessus

Patch Management Integration

Nessus provides unique integration with patch management systems – IBM® Tivoli® Endpoint Manager (TEM) for Patch Management, Microsoft® System Center Configuration Manager (SCCM), Microsoft® Windows Server Update Services (WSUS), Red Hat® Network Satellite Server, and VMware® Go – to retrieve status information for devices being managed by those systems.

In addition, Nessus can also automatically compare its local patch status results for Windows hosts with those from patch management software and report discrepancies in a single report.

  • Enables easy scanning of devices that are otherwise difficult to assess due to missing credentials or limited network connectivity
  • Simplifies audit and compliance checks by incorporating patch information in standardized Nessus reports
  • Helps resolve confusion between network security and IT operations teams on the status of patched systems
  • Identifies conflicts between the results of Nessus’ local patch status checks for an asset and an organization’s patch management products
  • Compares multiple patch management system results against one other, reporting discrepancies

Sensitive Content Auditing

Nessus can perform agentless content audits of Windows- and UNIX-based systems to help identify where sensitive information is located. Use it to audit and enforce policies that lower your organization's risk of breach or data loss. Sensitive information may include:

  • Adult content
  • Personally Identifiable Information (PII) – Credit cards, SSNs, driver’s license numbers
  • Corporate financial spreadsheets
  • Document keywords – "Top Secret" or "Confidential"
  • Human Resources information – employee data, salaries, health information
sensitive content audit

Extensive Configuration & Compliance Auditing

Nessus can perform configuration scans of UNIX and Windows servers, Cisco devices, SCADA systems, IBM iSeries servers, and databases to test for specific policy settings. Using Nessus helps you eliminate fines and audit findings and check for internal compliance.

  • Anti-virus vendor audits
  • CERT recommendations
  • CIS and NSA best practice guides
  • DISA STIGs
  • GLBA guidelines
  • HIPAA profiles
  • NIST SCAP and FDCC content
  • PCI configuration requirements
  • Recommended vendor settings
  • Cisco router and firewall configurations
  • Juniper router, firewall, and network switches
  • Palo Alto Networks firewalls
  • and more

Learn more about Tenable's configuration auditing capabilities.

In addition, Nessus ProfessionalFeed subscribers can perform PCI DSS vulnerability audits, web application assessments, and configuration audits of the operating systems, applications, and SQL databases against minimum PCI-recommended standards.

Configuration Auditing

Broad Asset Coverage & Profiling

Nessus performs sophisticated remote vulnerability scans and audits to increase security and compliance across your corporate environment. It discovers network devices and identifies the operating systems, applications, databases, and services running on those assets.

  • Network devices: Juniper, Cisco, Check Point, Palo Alto Networks, routers, firewalls, switches, printers, mobile devices, and more
  • Virtual hosts: VMware ESX, ESXi, vSphere, vCenter
  • Operating systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries, Check Point GAiA
  • Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL
  • Control systems: SCADA systems, devices, and applications
  • Web applications: Web servers, web services, OWASP vulnerabilities
mobile host discovery

SCADA / Control Systems Auditing

Nessus SCADA audit

Nessus offers unparalleled visibility into the security of SCADA infrastructures. Specific SCADA plugins are available through a partnership with Digital Bond. Using these plugins, Nessus can perform both uncredentialed and credentialed scans of SCADA devices to find known and newly-discovered vulnerabilities.

Nessus also audits compliance with configuration policies and best practices for SCADA environments. In the U.S., compliance scans can include audit policies for NERC Critical Infrastructure Protection (CIP) policies, created by Digital Bond through a project funded by the U.S. Department of Energy.

For more information on Nessus' SCADA-specific checks and how to perform SCADA scans with Nessus, view the "SCADA Network Security Monitoring: Protecting Critical Infrastructure" whitepaper.

Have questions or need more information? Check out:

  Nessus Data Sheet

  Whitepapers and Case Studies

  Nessus Videos

  Nessus Sample Reports

  Nessus Training and Certification

  Nessus Auditor Bundles

Questions?

Get immediate sales assistance or more information on Nessus

Start Chat

Evaluate Nessus for Your Organization

Start your free 15-day Nessus vulnerability scanner trial

Evaluate

Buy Nessus ProfessionalFeed

Start scanning your network today for just $1,500 USD a year

Buy Now