With more than 10 million downloads to date, Nessus® is the industry’s most widely deployed vulnerability and configuration assessment product. Nessus is fueled by Nessus ProfessionalFeed® and is supported by an expert vulnerability research team. Nessus scales to serve the largest organizations and is easy to deploy.
Nessus ProfessionalFeed Subscription Key Features:
- Scan an unlimited number of IPs as often as needed
- Receive daily plugin updates – 54,000+ vulnerability and configuration checks
- Download compliance and audit files
- Receive software updates and support
- Licensed per installation ($1,500 USD annual subscription)
- Deep Vulnerability Analysis
- Extensive Configuration & Compliance Auditing
- Broad Asset Coverage & Profiling
Deep Vulnerability Analysis
The Tenable Nessus® vulnerability scanner performs deep, high-speed vulnerability identification on the assets you scan. You can distribute Nessus scanners throughout the enterprise. Test an unlimited range of IP addresses, or if IP addresses are dynamic, use DNS or MAC addresses. Nessus also scans IPv6 addresses on all platforms.
You can typically complete audits of networks with fewer than 100 hosts in a few minutes using a laptop or a medium-powered server.
Nessus can scan with or without administrative credentials. It leverages information from management systems (e.g., patch, configuration, and mobile device management (MDM) technology), as well as different external repositories (e.g., Active Directory).
See below for information on some of Nessus' key vulnerability analysis features.
Mobile Device Auditing
Nessus integrates with the Apple® Profile Manager and Microsoft® Exchange via Active Directory® MDM solutions to provide a comprehensive view of an organization’s mobile and BYOD environment and its vulnerability status.
- Enumerates iOS, Android™-based, and Windows Phone 7 devices accessing the corporate network
- Provides detailed mobile device info – serial number, model, version, last connection timestamp
- Detects known mobile vulnerabilities, including out-of-date versions of Apple iOS
- Discovers jailbroken iOS devices
Botnet / Malicious Process / Anti-virus Auditing
Detect malicious processes on Windows computers. Nessus enhances an organization's anti-virus (AV) strategy by red-flagging threats that often slip through the cracks, helping organizations fight malware and advanced persistent threats (APTs).
- Identifies infected systems by leveraging the power of dozens of AV engines
- Identifies botnet infections, systems connected to known botnets, and websites hosting malicious content associated with botnet propagation
- Audits your AV agent for vulnerabilities, out-of-date signature rules, and misconfigurations
To learn more about Nessus' malicious process detection capabilities, view the "Strategic Anti-malware Monitoring with Nessus, PVS, & LCE" whitepaper.
Patch Management Integration
Nessus provides unique integration with patch management systems – IBM® Tivoli® Endpoint Manager (TEM) for Patch Management, Microsoft® System Center Configuration Manager (SCCM), Microsoft® Windows Server Update Services (WSUS), Red Hat® Network Satellite Server, and VMware® Go – to retrieve status information for devices being managed by those systems.
In addition, Nessus can also automatically compare its local patch status results for Windows hosts with those from patch management software and report discrepancies in a single report.
- Enables easy scanning of devices that are otherwise difficult to assess due to missing credentials or limited network connectivity
- Simplifies audit and compliance checks by incorporating patch information in standardized Nessus reports
- Helps resolve confusion between network security and IT operations teams on the status of patched systems
- Identifies conflicts between the results of Nessus’ local patch status checks for an asset and an organization’s patch management products
- Compares multiple patch management system results against one other, reporting discrepancies
Sensitive Content Auditing
Nessus can perform agentless content audits of Windows- and UNIX-based systems to help identify where sensitive information is located. Use it to audit and enforce policies that lower your organization's risk of breach or data loss. Sensitive information may include:
- Adult content
- Personally Identifiable Information (PII) – Credit cards, SSNs, driver’s license numbers
- Corporate financial spreadsheets
- Document keywords – "Top Secret" or "Confidential"
- Human Resources information – employee data, salaries, health information
Extensive Configuration & Compliance Auditing
Nessus can perform configuration scans of UNIX and Windows servers, Cisco devices, SCADA systems, IBM iSeries servers, and databases to test for specific policy settings. Using Nessus helps you eliminate fines and audit findings and check for internal compliance.
- Anti-virus vendor audits
- CERT recommendations
- CIS and NSA best practice guides
- DISA STIGs
- GLBA guidelines
- HIPAA profiles
- NIST SCAP and FDCC content
- PCI configuration requirements
- Recommended vendor settings
- Cisco router and firewall configurations
- Juniper router, firewall, and network switches
- Palo Alto Networks firewalls
- and more
Learn more about Tenable's configuration auditing capabilities.
In addition, Nessus ProfessionalFeed subscribers can perform PCI DSS vulnerability audits, web application assessments, and configuration audits of the operating systems, applications, and SQL databases against minimum PCI-recommended standards.
Broad Asset Coverage & Profiling
Nessus performs sophisticated remote vulnerability scans and audits to increase security and compliance across your corporate environment. It discovers network devices and identifies the operating systems, applications, databases, and services running on those assets.
- Network devices: Juniper, Cisco, Check Point, Palo Alto Networks, routers, firewalls, switches, printers, mobile devices, and more
- Virtual hosts: VMware ESX, ESXi, vSphere, vCenter
- Operating systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries, Check Point GAiA
- Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL
- Control systems: SCADA systems, devices, and applications
- Web applications: Web servers, web services, OWASP vulnerabilities
Nessus offers unparalleled visibility into the security of SCADA infrastructures. Specific SCADA plugins are available through a partnership with Digital Bond. Using these plugins, Nessus can perform both uncredentialed and credentialed scans of SCADA devices to find known and newly-discovered vulnerabilities.
Nessus also audits compliance with configuration policies and best practices for SCADA environments. In the U.S., compliance scans can include audit policies for NERC Critical Infrastructure Protection (CIP) policies, created by Digital Bond through a project funded by the U.S. Department of Energy.
For more information on Nessus' SCADA-specific checks and how to perform SCADA scans with Nessus, view the "SCADA Network Security Monitoring: Protecting Critical Infrastructure" whitepaper.