Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Nessus Turns 20!

Twenty years ago this week, I released the first public version of Nessus. Little did I know at the time the profound impact it would have both on the industry and on me personally.

Over this period of time, Nessus quite literally redefined the vulnerability management industry and profoundly influenced the security industry as a whole. Nessus is one of the most widely used security tools on the market today. I’m very proud to say that Nessus has helped 1.6 million enthusiasts become cybersecurity professionals – and I can’t even begin to tell you the number of people who have told me that Nessus launched their careers, and hearing that is always so personally gratifying.

There’s actually a little backstory to this adventure that I’m guessing only a handful know. On April 4, 1998, I sent an email to the bugtraq mailing list to let a little group of security geeks (and I use that term with respect) know about a project I had been working on during the previous 12 months – a Linux app with a graphical interface that would check networks for more than 50 vulnerabilities. Yes, you read that correctly – 50 vulns! I vividly remember thinking that I’d release the software, incorporate the little feedback I’d get and move on to something else.

Instead, the feedback I received was so encouraging that I ended up dropping out of college (my parents were NOT happy, but that’s a story for another day) and creating Tenable.

Why did Nessus become popular?

In hindsight, here’s why I believe Nessus became so popular:

  1. It was a Linux application with a graphical user interface, which was very rare for security tools at the time. The webpage I set up had many screenshots, and the interface looked professional enough to generate curiosity. At the time, most security tools simply were a computer archive on a FTP server somewhere, with a README.txt file in it.
  2. I announced it at the right place, at the right price, on the right platform, and at the right time. Nessus originally could not compete feature-to-feature with ISS (the 800-pound gorilla at the time). It was Linux-based and ISS had just dropped Linux support, which was what security professionals were using. The “industry” was very much anti-commercialism, and every security professional was reading bugtraq religiously.
  3. I managed to create a direct relationship with the user community and worked days and nights to analyze bug reports and take feature requests into consideration.
  4. Finally, I simply put lots and lots of work into it. For months, I’d work until 5 a.m., reverse-engineering some obscure undocumented protocols to make Nessus more powerful as a whole.
Nessus' first user interface
Nessus' very first user interface.

If you think about the four points above, you’ll recognize that they outline guiding principles for many successful products:

  • First, identify an unmet need (in the early days of Nessus, that was the graphical interface) and then deliver against it.
  • Second, understand the power of industry context – or put another way, no engineering in a vacuum.
  • Third, know your user and the community you serve.
  • Fourth, work harder than your competitors.

These principles are key. They ensure that our goal for Nessus today remains the same as it was at the beginning – offer a tool that gives its users an outsider’s view of the security of their network and guidance on how to improve it.

Nessus: What’s on the horizon?

In 2018, networks have never been so complex and security guidance has never been so sought-after. Nessus’ role within the security arsenal of any professional could not be more relevant in our era of BYOD, IoT, public cloud, etc. The team is hard at work to improve Nessus to reflect these changes and to tune Nessus to better adapt to modern IT environments:

  • Before the end of the year, we’ll release a new engine that scales better, especially on the Windows platform.
  • We’re also hard at work to dramatically reduce the installation time for Nessus. The “processing plugins” progress bar should soon be a thing of the past.
  • The Tenable Research team is hard at work to refactor some of our critical libraries (such as the work that was done with SSH) to work in more environments and open up the way for more complex and reliable checks in the future.

These changes will make it easy to install Nessus in systems with fewer resources, such as low-end cloud instances. The reduced installation time will also make it easier to move the scanner from one system to another.

Thanks to the Nessus user community

Finally, the reason Nessus has been successful all these years is you, our user community. And we want to hear from you!

If you’re a Nessus user with a story to tell and you’re happy to share it on video, come visit me and the Tenable team at the RSA Conference in San Francisco from April 16 to 20 (booth #4301, Moscone North).

I’m looking forward to the future and to see how we all contribute to it.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training