What Tenable products support Microsoft Azure?
- Tenable Nessus Manager 6.5
- Tenable Tenable.io
- Tenable Nessus Agents
- Tenable Nessus (BYOL) 6.5
- Tenable SecurityCenter 5.x
Do I need to purchase any additional licensing or pay any extra fees?
No. If you a current Tenable customer, there is no additional costs for using Tenable products to secure your Microsoft Azure environment.
How do I upgrade to these releases?
To download the latest version of Nessus or SecurityCenter, log in to the Tenable Support Portal and click on "Downloads" and navigate to "SecurityCenter" or “Nessus”.
Download Nessus or SecurityCenter for the appropriate operating system, and then execute the file. To find instructions to install or upgrade Nessus and/or SecurityCenter, log in and click on "Downloads" and navigate to "Product Documentation".
If I am not a current Nessus customer, how do I get started?
Once you are a Tenable customer, you can log on to the Tenable Support Portal and download the appropriate products to secure your Azure assets.
What other products in the market support Microsoft Azure?
Other security vendors provide varying levels of Azure support, but Tenable is the first and only solution to offer security visibility, cloud environment auditing, system hardening and continuous monitoring enabling you to regain visibility, reduce attack surface and detect malware across your Azure deployments.
|Discovery of Virtual Machines in Azure||✓||✓||✓*||✓**||✓***|
|Deployable Virtual Scanner||✓||✓||✓*||✓**||✓***|
|Vulnerability Management Scanning||✓||✓||✓*||✓**||-|
|Policy and Compliance Scanning (CIS Benchmarks, PCI DSS, SCAP, etc)||✓||✓||✓*||✓**||✓***|
|Hybrid Environment Support (On-Premises and Azure)||✓||✓||✓*||✓**||✓***|
|Continuous Virtual Machine Monitoring via Agents||✓||✓||-||-||✓***|
|Azure Cloud Environment Audit||✓||-||-||-||-|
* Not officially supported but possible with Nexpose using traditional IP-based scanning
** Azure is only supported with Cloud Defender and Threat Manager as Service as a Service offerings
*** Azure is only supported with Tripwire Enterprise
Are there any out-of-the-box configuration audits created for Microsoft Azure?
Yes, there are 3 Azure audits available for Nessus: infrastructure, websites and database. These are available for Nessus Professional, Nessus Manager and Tenable.io; these are not available in Nessus Agents because Agents do not assess anything that isn't on the box they are installed on.
You can download these audits via: Support Portal: Downloads > Compliance and Audit Files > Network, Virtual, Mobilization, and Cloud Infrastructure or directly here: https://support.tenable.com/support-center/index.php?x=&mod_id=122
Can I report on both on-premises and Microsoft Azure scans from one common console?
Yes, SecurityCenter™ Continuous View (SC CV) provides continuous network monitoring to achieve total visibility of your security and compliance posture. SC CV levels up security and compliance management by providing real-time asset discovery, network traffic and anomaly detection, threat intelligence, extensive security analytics, trending, and reporting capabilities.
SecurityCenter can be configured to automatically retrieve the agent results (including those deployed in Azure virtual machines) from Nessus Manager and Tenable.io. This offers a central place to review scan results of all agents and scanners whether they are deployed on-premises or in Azure cloud.
When do I need authorization from Microsoft to assess my Azure environment?
- If you are targeting virtual machines or web applications remotely, for example with Nessus (BYOL) from the Azure Marketplace, you need authorization. You can request authorization from Microsoft here.
- If you are using Nessus Agents to scan, no authorization is necessary.
- If you use Nessus to audit Azure infrastructure (via the "Audit Cloud Infrastructure" scan in Nessus), you do not need pre-authorization. All you need is to provide your Azure cloud account access.