Tenable Nessus 3
January 01, 2007
Tenable Network SecurityProduct:
Free with access to plug-ins; commercial access: c£610 per year
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: The most widely supported scanner in the world, powerful active scan capabilities and high value as an open source product
- Weaknesses: Requires Security Center for optimum results, can be tricky to implement initially
- Verdict: This product is recommended as a second scanner or as part of a Tenable security management implementation
Nessus is one of the granddaddies of vulnerability scanners. Today, it is not only a powerful open source product in its own right, it is the basis for some of the most powerful commercial vulnerability scanners. In its current Linux incarnation, Nessus is largely a powerful scan engine. It works most effectively in the company of other products, such as the Tenable Security Center.
The MS Windows version of the product has now become Nessus 3 for Windows. Sporting a new version of NASL (the Nessus vulnerability description language), this is considerably faster and more efficient than its predecessor.
Nessus is the most widely supported vulnerability scanner in the world as far as we're aware. With around 13,000 individual vulnerability checks, Nessus draws heavily on the open-source community.
The documentation is very good, and there is a lot of additional information available from non-Tenable sources.
Nessus 3 is a free download, but Tenable's Direct Feed plug-in service costs around £600 per year, a real bargain. If Nessus is added to the Security Center, the Direct Feed is included at no extra charge.
There are two situations in which you would want to use Nessus 3: as part of a Tenable Security Center implementation or as an additional scanner. Many vulnerability test experts recommend using more than one scanner to account for false positives.
Nessus 3 in its native configuration as a standalone scanner can be installed on Linux platforms and accessed from an open-source Windows client. That means you can place Nessus scan engines at strategic points on the enterprise and run them from a single Windows console. We found, however that the most power comes from using Nessus with the Security Center.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries