Note: Nessus Cloud is now a part of Tenable.io Vulnerability Management. To learn more about this application and its latest capabilities, visit the Tenable.io Vulnerability Management web page.
This week we are pleased to announce Nessus 6.4 and a new integration with CyberArk. These Nessus® enhancements will help you collect more data easily and turn that data into useful knowledge.
New operating system support in Nessus Agents
When collecting vulnerability assessment data, there are certain types of assets that are hard to scan using traditional vulnerability assessment active scanning techniques. Assets like portable devices aren’t always connected to the local network when a scan is taking place; and for some assets, obtaining (or maintaining) credentials to use in scans is difficult or simply resource intensive. Earlier this year, Tenable introduced Nessus Agents to help address these challenges. With this Nessus 6.4 release, we’ve added operating systems that agents can run on, including Mac OS X, CentOS and Red Hat Linux; this also expands the types of IT assets that you can scan to collect and then analyze data. Nessus Agents are available with Nessus Cloud and Nessus Manager.
New Rackspace public cloud configuration audits
Nessus does much more than simply scan for vulnerabilities. It also includes a number of policies and templates for configuration and compliance audits. Using configuration audits, you can ensure that IT assets including operating systems, applications, databases and network devices are compliant with policy and standards. Tenable provides more than 450 audit policies for a wide range of assets and standards.
The newest available audit is for the Rackspace public cloud and ensures that systems, networks, and accounts are correctly configured and not potential entry points for attackers. The goal of this audit is to provide a snapshot of the Rackspace infrastructure at a given point of time. Information such as running systems, the network and account management are pulled from the Rackspace public cloud to provide this snapshot. The Rackspace cloud configuration audit policy is available for Nessus Cloud, Nessus Manager and Nessus Professional.
New CyberArk enterprise password vault support
CyberArk is a popular enterprise password vault that helps you manage privileged credentials. Nessus can get credentials from CyberArk to use in a scan, which saves you time by no longer having to manually add credentials into Nessus. CyberArk can also remove credential maintenance headaches because updated credentials in CyberArk are automatically passed to Nessus. Nessus supports both Windows (domain/username + password) and SSH (username + password; username + ssh key (w/o password)) credential types. CyberArk support is available for Nessus Cloud and Nessus Manager.
Deeper integration with MobileIron and AirWatch MDM systems
For some time now, Nessus has supported integration with Mobile Device Management (MDM) systems. With this latest release, Nessus provides more in-depth MDM data so you can better protect mobile assets. Metrics which are now available include the number of new mobile devices connecting to the network as well as mobile devices that haven’t connected in a designated time period. A single Nessus audit file provides all this information, making it very efficient to identify and report on mobile vulnerabilities. MDM support is available for Nessus Cloud and Nessus Manager.
These are just a few of the new capabilities in the latest release of Nessus. To learn more, visit the What’s New area of our website. If you’re a current customer, you will be able to download this new release from the Tenable Support Portal or directly from the Nessus Download Page. Nessus 6.4 will start to be available in Nessus Cloud on June 17th; Nessus Manager and Nessus Professional will be available for download on June 30th.