Nessus - An Advanced Vulnerability Scanner

Nessus - An Advanced Vulnerability Scanner

Nessus is a vulnerability scanner that is capable of high-speed asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery and more.

Features:

  • Reporting and Monitoring:

    • Flexible reporting: Customize reports to sort by vulnerability or host, create an executive summary or compare scan results to highlight changes.
      • Native (XML), PDF (requires Java be installed on Nessus server), HTML and CSV formats.
    • Targeted email notifications of scan results, remediation recommendations and scan configuration improvements.

  • Scanning Capabilities:

    • Discovery: Accurate, high-speed asset discovery.
    • Scanning: Vulnerability scanning (including IPv4/IPv6/hybrid networks).
      • Un-credentialed vulnerability discovery.
      • Credentialed scanning for system hardening and missing patches.
      • Meets PCI DSS requirements for internal vulnerability scanning.
    • Coverage: Broad asset coverage and profiling
      • Network devices: firewalls/routers/switches (Juniper, Check Point, Cisco, Palo Alto Networks),printers, storage.
      • Offline configuration auditing of network devices.
      • Virtualization VMware ESX, ESXi, vSphere, vCenter, Microsoft, Hyper-V, Citrix Xen Server.
      • Operating systems: Windows, OS X, Linux, Solaris, FreeBSD, Cisco iOS, IBM iSeries.
      • Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL, MongoDB.
      • Web applications: Web servers, web services, OWASP vulnerabilities.
      • Cloud: Scans the configuration of cloud applications like Salesforce and cloud instances like Amazon Web Services, Microsoft Azure and Rackspace.
      • Compliance: Helps meet government, regulatory and corporate requirements.
      • Helps to enforce PCI DSS requirements for secure configuration, system hardening, malware detection, web application scanning and access controls.
    • Threats: Botnet/malicious, process/anti-virus auditing
      • Detect viruses, malware, backdoors, hosts communicating with botnet-infected systems, known/unknown processes, web services linking to malicious content.
      • Compliance auditing: FFIEC, FISMA, CyberScope,GLBA, HIPAA/ HITECH, NERC, SCAP, SOX.
      • Configuration auditing: CERT, CIS, COBIT/ITIL, DISA STIGs, FDCC, ISO, NIST, NSA, PCI.
    • Control Systems Auditing: SCADA systems, embedded devices and ICS applications.
    • Sensitive Content Auditing: PII (e.g., credit card numbers, SSNs).

Key Benefits

  • Reduce the attack surface: Prevents attacks by identifying vulnerabilities that need to be addressed.
  • Comprehensive: Meets the widest range of compliance and regulatory standards.
  • Scalable: Start with a Nessus Professional single user license and move to Nessus Manager or Tenable.io as your vulnerability management needs increase.
  • Low total cost of ownership(TCO): Complete vulnerability scanning solution for one low cost.
  • Constantly updated: New content continually being added by the Tenable research team.


Source: www.effecthacking.com
Nessus - An Advanced Vulnerability Scanner Nessus - An Advanced Vulnerability Scanner Reviewed by Anonymous on 12:45 AM Rating: 5