Nessus changes force firms to adjust

Changes in the licensing agreement for Nessus will force some firms to rethink their security strategies, one security company warned this week.

The latest version of Nessus, which had traditionally been an open-source vulnerability scanner, was released earlier this month but is no longer available under the GPL license.

Firms are generally using one of three options to adjust to a different, more costly Nessus, StillSecure said in a statement.

Companies have either continued to use the new Nessus version for free - but only with nearly a week-long delay in updates, paid Nessus' parent company Tenable more than a thousand dollars in fees for the feed or switched to a different management system.

Alan Shimel, chief strategy officer for StillSecure, said Monday that waiting up to seven days for Nessus updates is rarely an option. "With something like Microsoft 'Patch Tuesday,' the chief security officer wants to know what you have by Wednesday," he said. "Five days is a lifetime."

Shimel said his company makes its own 3-year-old vulnerability management platform.

Tenable said its new Nessus platform is both more effective and faster than its last version, citing audit ability, support and access to more than 9,000 vulnerability checks as benefits to the new platform.

"Nessus 3.0 is a more robust version of the vulnerability scanner with better handling of concurrent host scanning. Its scan engine is faster than previous version, achieving up to five times improvement when scanning Windows networks," said Renaud Reraison, chief research officer for Tenable.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.