Nessus Professional

Download as pdf or txt
Download as pdf or txt
You are on page 1of 2

| DATA SHEET

Product Overview With more than 20,000


Nessus, the industry’s most widely deployed vulnerability scanner helps you reduce your customers worldwide, Nessus is
organization’s attack surface and ensure compliance in physical, virtual, mobile and cloud
environments. Nessus features high-speed asset discovery, configuration auditing, target profiling,
trusted by more professionals
malware detection, sensitive data discovery and vulnerability analysis. With the world’s largest than any other security and
continuously-updated library of vulnerability and configuration checks, and the support of Tenable’s compliance product.
expert vulnerability research team, Nessus sets the standard for speed and accuracy.

Nessus supports more technologies than competitive solutions, scanning operating systems,
network devices, hypervisors, databases, tablets, phones, web servers and critical infrastructure for Complete Vulnerability Coverage:
vulnerabilities, threats and compliance violations.
• Virtualization & cloud

• Malware & botnets

• Configuration auditing

• Web applications

Key Benefits
• Custom fit for your environment:
–– Flexible deployment, scanning and
reporting
–– Email notifications of scan results and
remediation recommendations
–– Custom vulnerability severity ratings
Nessus allows the user to sort and filter vulnerability findings using over 20 different criteria. Severity • Identify malware, botnets and malicious
ratings can be customized and the remediation summary provides actionable results. processes
• Lower your cyber risks, vulnerabilities and
Nessus Features material violations during audits
Reporting and Monitoring –– Dynamic scan results

• Flexible reporting: Customize reports to sort by vulnerability or host, create an executive • Low total cost of ownership (TCO)
summary, or compare scan results to highlight changes –– part of subscription
–– Native (XML), PDF (requires Oracle Java be installed on Nessus server), HTML and CSV –– engine, UI, plugins, policies, scan
formats templates
• Targeted email notifications of scan results, remediation recommendations and scan –– Nessus subscriptions include software
configuration improvements updates, access to compliance and
• Results/report sharing (requires Nessus Manager) audit files, and support
–– Automatic plugin, engine and
Scanning Capabilities user-interface updates
• Discovery: Accurate, high-speed asset discovery • Anytime, anywhere access from an
• Scanning: Vulnerability scanning (including IPv4/IPv6/hybrid networks) Internet browser for improved efficiency
–– Un-credentialed vulnerability discovery
–– Credentialed scanning for system hardening & missing patches
• Coverage: Broad asset coverage and profiling
–– Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto
Networks), printers, storage
–– Offline configuration auditing of network devices
–– Virtualization: VMware ESX, ESXi, vSphere, vCenter, Hyper-V, and Citrix Xen Server
| DATA SHEET

–– Operating systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, Training and Certification
IBM iSeries
–– Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, Nessus training and certification are available for those who are new
PostgreSQL, MongoDB to using Nessus and want the knowledge and skills to maximize every
benefit of the Nessus scanner. Tenable offers both On-Demand Training
–– Web applications: Web servers, web services, OWASP vulnerabilities
and Certification Exams which are available separately or combined with
–– Cloud: Scans cloud applications and instances like Salesforce
subscriptions for Nessus, Nessus Manager, or Nessus Cloud.
and AWS
–– Compliance: Helps meet government, regulatory and corporate
requirements Taking Nessus to the Next Level
–– Meets PCI DSS requirements through configuration auditing, web Nessus can now be used with the following Tenable solutions to achieve
application scanning team-oriented vulnerability scanning and remediation goals:
• Threats: Botnet/malicious, process/anti-virus auditing
Nessus Manager
–– Detect viruses, malware, backdoors, hosts communicating with Nessus Manager provides collaboration and centralized administration
botnet-infected systems, known/unknown processes, web
over multiple scanners. Engage system/network administrators, forensics
services linking to malicious content
& incident response teams, risk & compliance, and desktop support in the
–– Compliance auditing: FFIEC, FISMA, CyberScope, GLBA, HIPAA/ vulnerability management process. The industry’s most widely deployed
HITECH, NERC, PCI, SCAP, SOX
vulnerability and configuration assessment product now offers role-based
–– Configuration auditing: CERT, CIS, COBIT/ITIL, DISA STIGs, FDCC, sharing of scanners, policies, schedules and scan results among an
ISO, NIST, NSA unlimited set of users.
• Control Systems Auditing: SCADA systems, embedded devices and
ICS applications Nessus Cloud
• Sensitive Content Auditing: PII (e.g. credit card numbers, SSNs) Tenable-hosted version of Nessus features Nessus scanning capabilities,
resource sharing and role-based access control for multiple users from a
Deployment and Management remote, cloud-based solution. Nessus Cloud can also be used to satisfy
• Flexible deployment: software, hardware, virtual appliance deployed external, quarterly network scanning requirements for PCI. Nessus Cloud
in service provider’s cloud, or as a Tenable hosted cloud service is a PCI-Certified Approved Scanning Vendor (ASV) solution. Scan your
(Nessus Cloud). perimeter today!
• Scan options: Agent-based and Agentless scanning for easy
deployment and maintenance. Supports both non-credentialed, Complementary Tenable Products
remote scans and credentialed, local scans for deeper, granular
analysis of assets that are online as well as offline or remote. Organizations can extend the capabilities of Nessus Manager with these
• Configuration/policies: Out-of-the-box policies and configuration complementary products from Tenable:
templates. SecurityCenter™ Continuous View
• Risk scores: Vulnerability ranking based on CVE, five severity levels SecurityCenter Continuous View is Tenable’s market-defining continuous
(Critical, High, Medium, Low, Info), customizable severity levels for monitoring platform, allowing for the most comprehensive and integrated
recasting of risk. view of network health across all environments, including traditional,
• Prioritization: Correlation with exploit frameworks (Metasploit, mobile, virtual and cloud. It provides a unique combination of detection,
Core Impact, Canvas, and ExploitHub) and filtering by exploitability reporting and pattern recognition utilizing industry-recognized algorithms
and severity. and models to deliver the most advanced analysis of security risks and
• Extensible: RESTful API support for integrating Nessus into your compliance exposure. Using SecurityCenter Continuous View, users
existing vulnerability management workflow. can eliminate risk, rapidly respond to advanced threats and compliance
violations, and identify failing security processes.
The Nessus Advantage
Customers choose Nessus because it offers:

• Highly-accurate scanning with low false positives


• Comprehensive scanning capabilities and features
• Scalable to hundreds-of-thousands of systems
• Easy deployment and maintenance
• Low cost to administer and operate
• Complete coverage with Agents, including laptops
and mobile assets

For More Information: Please visit tenable.com


Contact Us: Please email us at [email protected] or visit tenable.com/contact
Copyright © 2015. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered
trademarks of Tenable Network Security, Inc. SecurityCenter Continuous View and Passive Vulnerability Scanner are trademarks of
Tenable Network Security, Inc. All other products or services are trademarks of their respective owners. EN-JAN262015-V5 2

You might also like