Tenable Nessus 3
Strengths: The most widely supported scanner in the world, powerful active scan capabilities and high value as an open source product
Weaknesses: Requires Security Center for optimum results, can be tricky to implement initially
Verdict: This product is recommended as a second scanner or as part of a Tenable security management implementation
Nessus is one of the granddaddies of vulnerability scanners. Today, it is not only a powerful open source product in its own right, it is the basis for some of the most powerful commercial vulnerability scanners. In its current Linux incarnation, Nessus is largely a powerful scan engine. It works most effectively in the company of other products, such as the Tenable Security Center.
The MS Windows version of the product has now become Nessus 3 for Windows. Sporting a new version of NASL (the Nessus vulnerability description language), this is considerably faster and more efficient than its predecessor.
Nessus is the most widely supported vulnerability scanner in the world as far as we're aware. With around 13,000 individual vulnerability checks, Nessus draws heavily on the open-source community.
The documentation is very good, and there is a lot of additional information available from non-Tenable sources.
Nessus 3 is a free download, but Tenable's Direct Feed plug-in service costs around £600 per year, a real bargain. If Nessus is added to the Security Center, the Direct Feed is included at no extra charge.
There are two situations in which you would want to use Nessus 3: as part of a Tenable Security Center implementation or as an additional scanner. Many vulnerability test experts recommend using more than one scanner to account for false positives.
Nessus 3 in its native configuration as a standalone scanner can be installed on Linux platforms and accessed from an open-source Windows client. That means you can place Nessus scan engines at strategic points on the enterprise and run them from a single Windows console. We found, however that the most power comes from using Nessus with the Security Center.