Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus Amazon AWS Auditing Now Available

Note:  Nessus Cloud is now a part of Tenable.io Vulnerability Management. To learn more about this application and its latest capabilities, visit the Tenable.io Vulnerability Management web page.


The transition to cloud services is well underway, bringing with it traditional and new security challenges. Nessus is evolving to address these challenges. Unlike traditional environments, cloud services require a modified approach to scanning - users can't simply point their scanners to services such as Amazon AWS, and not expect to be throttled, if not outright blocked. 

Today we are happy to announce Nessus support for auditing Amazon AWS infrastructure.  This new capability in Nessus® includes a compliance plugin and a .audit file that leverages the AWS API.

What We Are Auditing

Our goal with this feature is to provide a snapshot of the AWS infrastructure at a given point of time. Information such as running instances, network ACL's, firewall configurations, account attributes, user listing, and so on are pulled back from AWS to provide this snapshot.

The .audit itself is based on AWS Security Best Practices and IAM Best Practices guides from Amazon.

Steps to Run the Scan

The Amazon AWS scan differs from a typical Nessus scan in one major way: it doesn't have any targets. Since AWS is a Web Service, all we need are Access keys to your AWS account. To run a scan, select the new Amazon AWS wizard as shown below and follow the steps to configure the scan.

 

policy wizard

 

A majority of the checks are focused on gathering information that would be helpful in a manual review. Nessus users familiar with its configuration and compliance auditing capabilities can certainly use the usual compliance testing keywords such as regex/expect/not_expect to fulfill their compliance and auditing needs. In addition to that, starting with the Amazon AWS plugin, we are introducing a new feature that would allow users to compare the output of a check against a "known_good" value. If the value doesn't match, it will produce a diff style report (patience diff, specifically) on what changed. Users can also specify more than one known_good values. This feature is extremely useful to create a gold standard audit for your AWS infrastructure.

Below is a list of warnings, failed checks, and passed checks from an Amazon AWS audit scan.

The image below shows the report when the actual value is different from the known_good value.

known_good

 

Final Thoughts

If you have settled on Nessus as your primary scanning platform for on-premises devices and services, it is now possible to leverage it to scan your external services as well. As cloud services become more prevalent, Nessus will evolve accordingly and account for more such services going forward. If you are not a Nessus user already, then features such as these are additional evidence that Nessus is one of the most forward-looking platforms, and you should give it a second look.

I welcome comments and feedback on this discussion of Amazon AWS integration in Nessus.

Thanks to Paul Asadoorian for edits and contributions.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.