Nessus - An Advanced Vulnerability Scanner
Nessus is a vulnerability scanner that is capable of high-speed asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery and more.
Features:
- Reporting and Monitoring:
- Flexible reporting: Customize reports to sort by vulnerability or host, create an executive summary or compare scan results to highlight changes.
- Native (XML), PDF (requires Java be installed on Nessus server), HTML and CSV formats.
- Targeted email notifications of scan results, remediation recommendations and scan configuration improvements.
- Scanning Capabilities:
- Discovery: Accurate, high-speed asset discovery.
- Scanning: Vulnerability scanning (including IPv4/IPv6/hybrid networks).
- Un-credentialed vulnerability discovery.
- Credentialed scanning for system hardening and missing patches.
- Meets PCI DSS requirements for internal vulnerability scanning.
- Coverage: Broad asset coverage and profiling
- Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks),printers, storage.
- Offline configuration auditing of network devices.
- Virtualization VMware ESX, ESXi, vSphere, vCenter, Microsoft, Hyper-V, Citrix Xen Server.
- Operating systems: Windows, OS X, Linux, Solaris, FreeBSD, Cisco iOS, IBM iSeries.
- Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB.
- Web applications: Web servers, web services, OWASP vulnerabilities.
- Cloud: Scans the configuration of cloud applications like Salesforce and cloud instances like Amazon Web Services, Microsoft Azure and Rackspace.
- Compliance: Helps meet government, regulatory and corporate requirements.
- Helps to enforce PCI DSS requirements for secure configuration, system hardening, malware detection, web application scanning and access controls.
- Threats: Botnet/malicious, process/anti-virus auditing
- Detect viruses, malware, backdoors, hosts communicating with botnet-infected systems, known/unknown processes, web services linking to malicious content.
- Compliance auditing: FFIEC, FISMA, CyberScope,GLBA, HIPAA/ HITECH, NERC, SCAP, SOX.
- Configuration auditing: CERT, CIS, COBIT/ITIL, DISA STIGs, FDCC, ISO, NIST, NSA, PCI.
- Control Systems Auditing: SCADA systems, embedded devices and ICS applications.
- Sensitive Content Auditing: PII (e.g., credit card numbers, SSNs).
Key Benefits
- Reduce the attack surface: Prevents attacks by identifying vulnerabilities that need to be addressed.
- Comprehensive: Meets the widest range of compliance and regulatory standards.
- Scalable: Start with a Nessus Professional single user license and move to Nessus Manager or Tenable.io as your vulnerability management needs increase.
- Low total cost of ownership(TCO): Complete vulnerability scanning solution for one low cost.
- Constantly updated: New content continually being added by the Tenable research team.
Source: www.effecthacking.com
Nessus - An Advanced Vulnerability Scanner
Reviewed by Anonymous
on
12:45 AM
Rating: