Nessus
What is Nessus?
Nessus is a platform developed by Tenable that scans for security vulnerabilities in devices, applications, operating systems, cloud services and other network resources.
Originally launched as an open source tool in 1998, its enterprise edition became a commercial product in 2005. Nessus now encompasses several products that automate point-in-time vulnerability assessments of a network's attack surface, with the goal of enabling enterprise IT teams to stay ahead of cyber attackers by proactively identifying and fixing vulnerabilities as the tool discovers them, rather than after attackers exploit them.
Nessus identifies software flaws, missing patches, malware, denial-of-service vulnerabilities, default passwords and misconfiguration errors, among other potential flaws. When Nessus discovers vulnerabilities, it issues an alert that IT teams can then investigate and determine what -- if any -- further action is required.
Key features of Nessus
Nessus is known for its vast plugin database. These plugins are dynamically and automatically compiled in the tool to improve its scan performance and reduce the time required to assess, research and remediate vulnerabilities. Plugins can be customized to create specific checks unique to an organization's application ecosystem.
Nessus contains a feature called Predictive Prioritization, which uses algorithms to categorize vulnerabilities by their severity to aid IT teams in determining which threats are most urgent to address. Each vulnerability is assigned a Vulnerability Priority Rating (VPR), which uses a scale from 0 to 10, with 10 being the highest risk, to rate its severity: critical, high, medium or low. IT teams can also use pre-built policies and templates to quickly find vulnerabilities and understand the threat situation.
Another Nessus feature is Live Results, which performs intelligent vulnerability assessment in offline mode with every plugin update. It removes the need to run a scan to validate a vulnerability, creating a more efficient process to assess, prioritize and remediate security issues.
Nessus also provides the ability to create configurable reports in a variety of formats, including Hypertext Markup Language, comma-separated values and Nessus Extensbile Markup Language. Reports can be filtered and customized depending on what information is most useful, such as vulnerability types, vulnerabilities by host, vulnerabilities by client, etc.
Another important feature is Grouped View. Nessus groups similar issues or categories of vulnerabilities and presents them in one thread, enabling easier vulnerability assessments and prioritization.
Meanwhile, the Nessus packet capture feature enables teams to debug and troubleshoot scanning issues quickly. In this way, it minimizes interruptions and provides continuous protection for the enterprise IT environment.
Benefits of Nessus vulnerability scanner
New security vulnerabilities are emerging every day. Organizations need to be aware of these vulnerabilities and act proactively to prevent them from harming their assets.
Nessus provides a fast, user-friendly way to find and fix vulnerabilities in many kinds of IT assets, including cloud-based and virtualized resources. As of April 2023, it covers more than 76,000 Common Vulnerabilities and Exposures. Tenable Research, the cybersecurity research arm of Nessus' manufacturer, maintains and continually updates a library of more than 185,000 plugins that can be used to augment the platform. Plugins contain scripts to identify, remediate and test for the presence of specific vulnerabilities. Tenable releases about 100 new plugins weekly and within 24 hours of vulnerability disclosure. Plugins can be downloaded through the Nessus interface or a web-based catalog.
Nessus provides more than 450 pre-configured templates for commonly used vulnerability scans and configuration audits to simplify use of the platform. For example, the Audit Cloud Infrastructure template can be used to audit the configuration of Amazon Web Services, Google Cloud Platform, Microsoft Azure, Rackspace, Salesforce and Zoom. The interface is easy to navigate and provides a simple set of remediation actions to fix the vulnerabilities and protect the affected system. Teams can also audit configuration compliance against Center for Internet Security benchmarks and other best practices.
Another benefit of Nessus is that it has a low false-positive rate of 0.32 defects per 1 million scans. Too many false positives can overwhelm security teams and lead to alert fatigue, causing legitimate threats to be overlooked.
Finally, Nessus is a highly portable vulnerability scanner, making it a useful tool for security professionals who are required to move between locations. Examples include penetration testers and security consultants.
Nessus Professional vs. Nessus Expert
Nessus is available in two enterprise versions: Professional and Expert. Both offer unlimited IP address scanning and other key features, such as access to an extensive plugin database. Nessus Expert offers a few additional features for organizations with more advanced needs.
The Professional version is ideal for security consultants, security practitioners and pen testers looking for a tool that provides unlimited point-in-time assessments, configurable assessments and live results. This tool can be used anywhere and provides configurable reports that can be used by security teams to understand vulnerabilities and address them.
The key features of Nessus Professional are as follows:
- It provides access to a library of more than 185,000 plugins to identify, remediate and validate protection against emerging vulnerabilities.
- Plugins are dynamically compiled, which reduces the Nessus plugin database footprint and increases scan performance.
- Custom audit files simplify verifications of configuration requirements and compliance standards.
- Seamless integration with multiple commercial threat intelligence feeds generates useful insights into potential malware and ransomware running on hosts in the IT environment.
In addition, the Professional license can be transferred between computers or run on a Raspberry Pi for high portability and simplified use.
These benefits notwithstanding, Nessus Professional is not suitable for organizations that need to do the following:
- Scan their external attack surface.
- Add domains.
- Scan cloud infrastructure.
- Use pre-built scanning policies to save time.
Nessus Expert fills in these gaps and provides greater breadth and depth of coverage into the enterprise attack surface. Expert includes everything in the Professional version and additional features to address risks outside of traditional IT assets. It does this by assessing all infrastructure-as-code repositories for vulnerabilities before they are pushed to production and by discovering internet-exposed IT assets, including cloud services.
In this way, Nessus Expert is designed to provide the following benefits:
- Greater visibility into the internet-facing attack surface.
- Discovery of unknown security issues that may be part of the software development lifecycle.
- A more proactive and reliable approach to vulnerability assessment for cloud workloads and newly discovered assets.
Nessus Expert is suitable for security consultants, pen testers, developers, and small to medium-sized businesses that require a more expansive feature set.
Tenable offers a free version of Nessus, known as Nessus Essentials, that limits scanning to 16 IP addresses and lacks the full feature set of the enterprise editions. It is intended for home use.
More on Vulnerability Priority Rating capability in Nessus
Both versions of Nessus evaluate the severity of various threats using Tenable's VPR tool, a component of Nessus' Predictive Prioritization feature. VPR assigns a score to each finding, based on its potential threat and impact, to identify the vulnerabilities that pose the greatest risk to an organization's IT and internet-facing environments. The goal of VPR is to help IT teams prioritize the vulnerabilities most in need of immediate remediation.
Nessus generates VPR scores after analyzing various sources of raw data -- including threat intelligence feeds, exploit repositories and security advisories -- using machine learning models and comparing that result with the Common Vulnerability Scoring System framework.
Compare the top five vulnerability scanning tools for security teams, and learn five steps to follow in a network security audit checklist. See how to build an enterprise penetration testing plan, and check out this complete guide to penetration testing best practices.