Nessus – Simplify. Automate. Extend
TNessus® is the industry’s most widely-deployed vulnerability scanner. It identifies vulnerabilities, reduces risk, and ensures compliance in physical, virtual, mobile, and cloud environments.
Nessus features high-speed asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery, patch management integration, and vulnerability analysis. With the world’s largest continuously-updated library of vulnerability and configuration checks, and the support of Tenable’s expert vulnerability research team, Nessus sets the standard for speed and accuracy.
Nessus provides tight integration and API extensibility with SIEMs, malware defenses, patch management tools, Mobile Device Management (MDM) systems, firewalls, and virtualization platforms. It supports more technologies than competitive solutions, scanning operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure for vulnerabilities, threats, and compliance violations.
Nessus v6, enables you to reduce your attack surface by enforcing compliance and system hardening policies. Nessus users will more easily be able to create and customize compliance and security policies while also being able to manage scan results, schedules, and policies.
Keeping Nessus v6 up-to-date is now an automated process and provides you with more control over the update process.
Easily integrate Nessus into your existing security processes with a new API, which is fully documented and accessible from within the Nessus UI.
- Deployment and Management
- Flexible Deployment: software, hardware, virtual appliance deployed in service provider’s cloud, or as a Tenable hosted cloud service (Nessus Enterprise Cloud)
- Scan Options: Agentless scanning for easy deployment and maintenance. Supports both non-credentialed, remote scans and credentialed, local scans for deeper, granular analysis.
- Configuration/Policies: Out-of-the-box policies and configuration templates.
- Risk Scores: Vulnerability ranking based on CVE, five severity levels (Critical, High, Medium, Low, Info), customizable severity levels for recasting of risk.
- Prioritization: Correlation with exploit frameworks (Metasploit, CoreImpact, Canvas, ExploitDB) and filtering by exploitability and severity.
- Extensible: RESTful API support for integrating Nessus into your existing vulnerability management workflow.
- Actionable: Quarantine vulnerable assets through integration with Cisco Identity Services Engine (ISE) and Nessus Enterprise. Reporting and Monitoring
- Flexible Reporting: Customize reports to sort by vulnerability or host, create an executive summary, or compare scan results to highlight changes
- Native (XML), PDF (requires Oracle Java be installed on Nessus server), HTML, and CSV formats
- Targeted email notifications of scan results, remediation recommendations, and scan configuration improvements
- Results/Report Sharing (requires Nessus Enterprise) Scanning Capabilities
- Discovery: Accurate, high-speed asset discovery
- Scanning: Vulnerability scanning (including IPv4/IPv6/hybrid networks)
- Un-credentialed vulnerability discovery
- Credentialed scanning for system hardening & missing patches
- Coverage: Broad asset coverage and profiling
- Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
- Offline configuration auditing of network devices
- Virtualization: VMware ESX, ESXi, vSphere, vCenter, Hyper-V, and Citrix Xen Server.
- Operating Systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries
- Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB
- Web applications: Web servers, web services, OWASP vulnerabilities
- Cloud: Scans cloud applications and instances like Salesforce and AWS
- Compliance: Helps meet government, regulatory, and corporate requirements
- Meets PCI DSS requirements through configuration auditing, web application scanning
- Threats: Botnet/malicious process/anti-virus auditing
- Detect viruses, malware, backdoors, hosts communicating with botnet-infected systems, known/unknown processes, web services linking to malicious content
- Compliance auditing: FFIEC, FISMA, CyberScope, GLBA, HIPAA/ HITECH, NERC, PCI, SCAP, SOX
- Configuration auditing: CERT, CIS, COBIT/ITIL, DISA STIGs, FDCC, ISO, NIST, NSA
- Patch Auditing: Integrates with patch management solutions (IBM, Microsoft, Red Hat®, and Dell)
- Control Systems Auditing:
- Sensitive Content Auditing: PII (e.g. credit card numbers, SSNs)
- Mobile Device Auditing: Lists iOS, AndroidTM, and Windows Phone 7 devices accessing the network and detects mobile vulnerabilities. Integrates with major MDMs (MSFT, Apple, Good, MobileIron, AirWatch)
- Automatic Scan Analysis: Remediation action priority and scan
- Custom fit for your environment:
- Flexible deployment, scanning, and reporting
- Email notifications of scan results and remediation recommendations
- Custom vulnerability severity ratings
- Identify malware, botnets, mobile threats, and unknown after processes
- Easily troubleshoot patch status conflicts between Nessus and patch management systems
- Automatic patch priority identification
- Lower your cyber risks, vulnerabilities, and compliance/audit citation after risks
- Automatic post-scan analysis with attachments/screenshots stored in scan reports
- Low total cost of ownership after (TCO)
- Scan an unlimited number of IPs, as often as you like
- Nessus subscriptions include software updates, access to compliance and audit files, and support
- Automatic plugin, engine, and userinterface updates
- Anytime, anywhere access from an Internet browser for improved efficiency