Tenable Network Security Nessus
Strengths: Powerful, highly compatible scanning, plus malware scanning.
Weaknesses: None found.
Verdict: Superb value for money and good feature set.
Tenable Network Security Nessus is one of the most comprehensive and widely deployed vulnerability assessment tools. It is available as a software package for consumer versions of Microsoft Windows, Windows Server and Linux. It is also available as a preconfigured VM, an Amazon EC2 appliance, a preconfigured hardware appliance or a cloud service. Tenable has a wide variety of plugins which gives Nessus the ability to interface with basically any networked device. In addition, Nessus can be easily integrated with most major patch management systems, which gives administrators the ability to verify that updates are installing as they should be. Nessus can also be deployed with endpoint agents, which allow vulnerability scanning to occur offline and scan results can be collected after. This is valuable for mobile workforces where assets may not always be connected to the corporate network. The endpoint agents also allow Nessus to perform malware scanning. If a zero-day has been identified within the organization, Nessus can be used to quickly check for other machines that have been infected organization-wide.
We received Nessus as an executable installer package for Windows. It took only minutes to install the software into our test network. After we connected the supplied flash drive, we simply ran the installer and waited for it to complete. After the installer finished, we were redirected to the web-based management interface automatically. The web interface was well-designed and very modern looking. We configured basic logon information and installed the provided license key, which downloaded all of the plugins for which we were licensed. Overall, setup was easy and straightforward.
Tenable Nessus has an easy-to-use, but very powerful interface. Policy creation is simple and only requires a few clicks to scan an entire corporate network. Nessus, overall, is straightforward to use and administer. Despite being simple, Nessus is an extremely powerfully scanning tool with tons of functionality. Out of the box it comes with templates for virtually every major networking device on the market, as well as any firewall, virtualization host or cloud service one can think of. It also comes preloaded with the ability to scan every major operating system for vulnerabilities. When creating policies and scans, users can deploy the built-in templates or create custom, organization-specific scans of one's own. The Nessus scanner is fast and extremely detailed. After vulnerability information has been gathered, it is ranked according to CVSS and reports can be generated with just a few clicks.
The evaluation kit we received came in the form of a USB flash drive preloaded with everything needed. In addition to the installation package, we also received a comprehensive documentation package which included instructions on setup as well as a user guide. All of the documentation was well written and included many screenshots. The documentation was helpful in both setting up and becoming familiar with the product.
The initial purchase price of Tenable Nessus is $1,500, and licensing follows a yearly renewal schedule. The yearly renewal cost is $1,200, which also includes access to Tenable support. Tenable offers support from 6 a.m. through 9 p.m. five days a week or 24/7, with maintenance, access to software upgrades, patches and current plug-ins. Support can be by phone, email and live chat. Customers also have access to a web portal with a knowledge base.
With its advanced scanning functionality and attractive pricepoint, we find this product to be of excellent value for the price. The software package price is only $1,500 for the initial purchase, which makes it more accessible for most organizations than other options. Wide compatibility is also a valuable feature. We picked this as a Best Buy.