Do you operate your company's business critical applications in the AWS (Amazon Web Services) cloud? If so, in all likelihood, you're facing the following challenges:
- Inability to perform integrated scan of vulnerabilities, compliance violations, and advanced threats for AWS instances
- Annoyance of having to submit an AWS Vulnerability / Penetration Testing Request Form each time to scan AWS instances
- Identifying and continually managing risk from AWS instances whose IPs can change over time
- Inconvenience of manually installing active scanning software in the AWS cloud
- Complexity in managing and administering individual scanners, policies, and users in the AWS cloud
- Difficulty in maintaining regulatory compliance (e.g., PCI, HIPAA, FISMA) in cloud and on-premises scan results
Tenable’s integrated Vulnerability and Threat Management platform enables AWS customers to find vulnerabilities, the threats that exploit them, and the systems already compromised with pinpoint accuracy for immediate response. Nessus provides security and compliance scanning for the AWS cloud computing platform and 3rd party AMIs that run on it.
Tenable helps secure AWS AMIs throughout the software development lifecycle:
- Development: Scan AMI images after each build to ensure secure coding
- Staging: Scan AMI images during testing, before deploying to production on the AWS Cloud
- Production: Scan AMI images for the latest patches and leverage other Tenable products to monitor continuously.
Tenable offers two solutions, available on the AWS Marketplace, to help AWS customers - Nessus Enterprise for AWS and Nessus (BYOL).
Nessus Enterprise for AWS
Purpose-built for the AWS cloud, Nessus Enterprise for AWS is pre-authorized to scan AWS instances for vulnerabilities, advanced threats, web application security, and compliance violations. Designed for distributed teams or large enterprises, Nessus Enterprise for AWS facilitates team collaboration by centralizing multiple Nessus scanners and results, whether running in the AWS cloud or on-premises.
Installed in the AWS cloud, Nessus (BYOL) is an AMI version of Nessus that leverages AWS compute resources to audit AWS infrastructure and scan assets outside of the AWS cloud. The scan results can be viewed directly via the Nessus scanner Web interface or be transmitted back to the Tenable SecurityCenter™ management console for a complete cloud and on-premises analysis, with passive and log analysis.
Nessus Enterprise for AWS Benefits
- Scan AWS instances on-demand against security and compliance requirements with special Nessus plugins/ checks with Nessus Enterprise for AWS
- Simplify the process of deploying Nessus scanners in the AWS cloud by deploying Tenable’s Nessus virtual scanner (BYOL) or Nessus Enterprise for AWS - both available now in the AWS Marketplace
- Maintain regulatory compliance (e.g., PCI, HIPAA, FISMA) for AWS instances in addition to on-premise assets
- Aggregate AWS cloud and your organization’s on-premises scan results into one centralized management console via SecurityCenter for organization-wide visibility and continuous security monitoring
Nessus® Vulnerability Scanner
Nessus is the industry’s most widely-deployed vulnerability, configuration, and compliance scanner. Nessus features high-speed discovery, configuration auditing, asset profiling, malware detection, sensitive data discovery, patch management integration and vulnerability analysis. With the world’s largest continuously-updated library of vulnerability and configuration checks and the support of Tenable’s expert vulnerability research team, Nessus sets the standard for speed and accuracy.
SecurityCenter™ Continuous View
SecurityCenter Continuous View is the only integrated vulnerability, threat and compliance management solution on the market that combines data from vulnerability assessments, asset information, network sniffing and activity event logs. This capability provides crucial context that no other solution can provide, improving vulnerability management, threat detection, incident response time and accelerating forensic analysis.