As Tenable CEO, I love to get all types of feedback from our customers. Nessus users give terrific feedback because they run Nessus everywhere and always have suggestions for features and improvements. When I get a chance to ask them about Nessus, I always ask them one question:
Have you ever found malware with Nessus?
If they say yes, then we can have a conversation about APT and bypassing anti-virus or even their sandbox. If an organization has an anti-virus program and deploys sandboxes, then Nessus finding malware is actually a significant event. It means that some set of known malware has bypassed the malware defenses. Even if the malware is minor to some extent, investigating how Nessus got it, why the resident anti-virus program didn’t find it, or why the sandbox didn’t see it can expose limits or holes in the security monitoring program.
If they say no, then we can have a conversation about their use of Nessus and if their deployment includes the use of credentialed scans. Normally, when I speak with a Nessus user who does not scan with credentials, they also aren’t taking advantage of malware auditing, patch auditing, configuration auditing, web application auditing, mobile device auditing or auditing cloud applications such as Salesforce.com.
Chances are, wherever you work, someone on your IT team is using Nessus. Feel free to make sure they are getting the most out of it and ask them what their experience has been; the answer may surprise you!