Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus Turns 20!

Twenty years ago this week, I released the first public version of Nessus. Little did I know at the time the profound impact it would have both on the industry and on me personally.

Over this period of time, Nessus quite literally redefined the vulnerability management industry and profoundly influenced the security industry as a whole. Nessus is one of the most widely used security tools on the market today. I’m very proud to say that Nessus has helped 1.6 million enthusiasts become cybersecurity professionals – and I can’t even begin to tell you the number of people who have told me that Nessus launched their careers, and hearing that is always so personally gratifying.

There’s actually a little backstory to this adventure that I’m guessing only a handful know. On April 4, 1998, I sent an email to the bugtraq mailing list to let a little group of security geeks (and I use that term with respect) know about a project I had been working on during the previous 12 months – a Linux app with a graphical interface that would check networks for more than 50 vulnerabilities. Yes, you read that correctly – 50 vulns! I vividly remember thinking that I’d release the software, incorporate the little feedback I’d get and move on to something else.

Instead, the feedback I received was so encouraging that I ended up dropping out of college (my parents were NOT happy, but that’s a story for another day) and creating Tenable.

Why did Nessus become popular?

In hindsight, here’s why I believe Nessus became so popular:

  1. It was a Linux application with a graphical user interface, which was very rare for security tools at the time. The webpage I set up had many screenshots, and the interface looked professional enough to generate curiosity. At the time, most security tools simply were a computer archive on a FTP server somewhere, with a README.txt file in it.
  2. I announced it at the right place, at the right price, on the right platform, and at the right time. Nessus originally could not compete feature-to-feature with ISS (the 800-pound gorilla at the time). It was Linux-based and ISS had just dropped Linux support, which was what security professionals were using. The “industry” was very much anti-commercialism, and every security professional was reading bugtraq religiously.
  3. I managed to create a direct relationship with the user community and worked days and nights to analyze bug reports and take feature requests into consideration.
  4. Finally, I simply put lots and lots of work into it. For months, I’d work until 5 a.m., reverse-engineering some obscure undocumented protocols to make Nessus more powerful as a whole.
Nessus' first user interface
Nessus' very first user interface.

If you think about the four points above, you’ll recognize that they outline guiding principles for many successful products:

  • First, identify an unmet need (in the early days of Nessus, that was the graphical interface) and then deliver against it.
  • Second, understand the power of industry context – or put another way, no engineering in a vacuum.
  • Third, know your user and the community you serve.
  • Fourth, work harder than your competitors.

These principles are key. They ensure that our goal for Nessus today remains the same as it was at the beginning – offer a tool that gives its users an outsider’s view of the security of their network and guidance on how to improve it.

Nessus: What’s on the horizon?

In 2018, networks have never been so complex and security guidance has never been so sought-after. Nessus’ role within the security arsenal of any professional could not be more relevant in our era of BYOD, IoT, public cloud, etc. The team is hard at work to improve Nessus to reflect these changes and to tune Nessus to better adapt to modern IT environments:

  • Before the end of the year, we’ll release a new engine that scales better, especially on the Windows platform.
  • We’re also hard at work to dramatically reduce the installation time for Nessus. The “processing plugins” progress bar should soon be a thing of the past.
  • The Tenable Research team is hard at work to refactor some of our critical libraries (such as the work that was done with SSH) to work in more environments and open up the way for more complex and reliable checks in the future.

These changes will make it easy to install Nessus in systems with fewer resources, such as low-end cloud instances. The reduced installation time will also make it easier to move the scanner from one system to another.

Thanks to the Nessus user community

Finally, the reason Nessus has been successful all these years is you, our user community. And we want to hear from you!

If you’re a Nessus user with a story to tell and you’re happy to share it on video, come visit me and the Tenable team at the RSA Conference in San Francisco from April 16 to 20 (booth #4301, Moscone North).

I’m looking forward to the future and to see how we all contribute to it.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security