Note: Nessus Cloud is now a part of Tenable.io Vulnerability Management. To learn more about this application and its latest capabilities, visit the Tenable.io Vulnerability Management web page.
We introduced Nessus® Cloud last year and have had great feedback from organizations who appreciate the ease and simplicity of deploying and maintaining a cloud-hosted vulnerability management solution. That said, given the long history of Nessus, it’s not uncommon for us to talk to people who still haven’t heard about this cloud-hosted Nessus option. So, whether you’re new to Nessus Cloud or not, in this article we’d like to share five things that you might not know about this new(ish) solution.
1. Nessus Cloud is available in multiple data centers
Tenable currently runs the Tenable Cloud in data centers in North America, Europe and Asia, which means Nessus Cloud is available locally to customers in those geographies. For customers who have strict requirements about where their vulnerability data is archived, such as organizations that fall under the European General Data Protection Regulation, having a local cloud option is a huge benefit.
2. It’s easy to run external scans from all over the world
We use the same Tenable Cloud globally-distributed infrastructure to make scanner pools available for Nessus Cloud from different parts of the world. Customers can use any of five scanner pools, anytime. Using a scanner that is geographically closer to scan targets can maximize scan speeds and minimize network latency. Or, running the same scan using different scanners is an easy and interesting way to see if your vulnerability posture changes if scanning is done from different locations.
3. Nessus Cloud comes with many pre-built integrations
We did a popular webcast about why some vulnerability management programs are more successful than others. One of the reasons for success was actively including stakeholders from outside of the security team in the program. Auditors, managers, developers, systems administrators, executives and more all have a role to play to help the vulnerability management program be successful.
One way Nessus Cloud makes it easier to include others is through pre-built integrations with many of the tools that these stakeholders use. For example, patch management integration can make it easier to compare scan results with the systems administrators on the operations team. Integrations with cloud infrastructure providers like Amazon Web Services and Microsoft Azure can help developers identify vulnerabilities before deploying new applications in these environments. Visit the Technology Integrations page on our website to learn about integrations with mobile, cloud, identity/access, and other complementary solutions.
4. There are flexible options for internal scanning
In addition to running external scans, it's beneficial for organizations to also regularly run internal network scans. Internal scans are useful as they can show what an attacker could view once the attacker has gotten past your external defenses, or worse, what an internal attacker could access. With Nessus Cloud, customers can run internal scans with Nessus scanners or agents. Most organizations use a mix of both to optimize their scan coverage.
Nessus scanners are available for a variety of Mac, Unix/Linux, and Windows operating systems. There’s no limit on the number of scanners that can be used with Nessus Cloud.
Last year, we introduced agents as another option for running scans. Many customers find agents helpful in extending scanning to hard-to-scan assets like transient laptops that aren’t typically connected to the network when an active scan is taking place. Agents are also useful for running authenticated scans, because once they’re installed, agents can run credentialed scans without the need for ongoing management. Similar to Nessus scanners, agents support Mac, Unix/Linux and Windows operating systems.
5. Nessus Cloud offers multiple ways to view and interpret scan data
If you’re familiar with the Nessus Professional product, you’re used to seeing lists of vulnerability results and having access to search and filter criteria to help you identify those priority vulnerabilities that should be fixed first. Those capabilities are still available with Nessus Cloud, but with the Nessus Cloud solution, you also get rich, graphical dashboard summaries of scans, scan results, and system activity, with easy drill-down to get more detailed information. The dashboard data is based on a selected time-span and can be exported to a variety of file formats. It’s another way to help you quickly identify the amount and severity of the vulnerabilities Nessus Cloud is detecting in your environment.
If you’d like to learn more about these or the many other capabilities of Nessus Cloud, get started with a free trial today.