Nessus is a widely used vulnerability assessment tool that is best for experienced security teams, as its interface can be a little tricky to master at first. The tool is offered in different formats such as paid and free. The free version only allows scans up to 16 IP addresses, while the paid version is much more robust with extensive support.
Type of tool: Vulnerability assessment
Key features: Nessus by Tenable conducts vulnerability assessments for more than 27,000 organizations, with two million downloads worldwide.450 compliance and configuration templates are provided to deal with tasks such as configuration audits and patch management. This helps IT see where there are vulnerabilities, where patches are out of date and where configurations are out of compliance.
Software flaws, missing patches, malware and misconfiguration errors across a wide range of operating systems, devices and applications are dealt with by Nessus. The company encourages feedback to optimize the tool. Ease of use is a big selling point, along with accurate scanning for network holes. It seeks out loopholes that attackers could exploit, and is relied upon by many companies for compliance checks.
Nessus began 20 years ago as an open source tool but has morphed into a proprietary tool. It can detect default passwords remaining in use within the enterprise, attempts to deny access to the intended users of a machine or a network resource, open mail relays that are often exploited by spammers, and vulnerabilities that hackers could use to gain entry or access sensitive information. In addition, it is useful in preparing PCI-DSS audits.
“Nessus offers flexibility in finding vulnerabilities across the network, and implementation is simple. It can scan from outside the firewall, which offers real visibility of vulnerabilities,” said a product manager in the healthcare industry.
Differentiator: Easy to use once learned and a very low false positive rate (.32 defects per 1 million scans).
What it can’t do: It finds vulnerabilities but does not penetrate them.
Nessus Pro Cost:
- 1 Year – $2,990
- 1 Year + Advanced Support – $3,390
- 2 Years – $5,830 (Save $150)
- 2 Years + Advanced Support – $6,630 (Save $150)
- 3 Years – $8,520 (Save $450)
- 3 Years + Advanced Support – $9,720 (Save $450)
Costs last updated 2022. For an up-to-date cost breakdown, visit their official website by clicking here.
Nessus stuck on Compiling Plugins at startup?
Try the commands below in order to stop the Nessus server and restart the process. The process should only take around 45 minutes when installing Nessus and it goes through the compiling phase. If your asset has been trying to compile for many hours, try reallocating more resources to it such as ram or storage and try again using the steps below in a Linux environment:
# service nessusd stop
# /opt/nessus/sbin/nessuscli fix –reset
# /opt/nessus/sbin/nessuscli fetch –register ACTIVATION-CODE-HERE
# /opt/nessus/sbin/nessusd -R
# service nessusd start
Enabling Nessus in Linux
Inside the Nessus directory or by providing the path, use the below commands to enable Nessus.
Sudo systemctl enable nessusd
Sudo systemctl start nessusd
Confirm it is running:
Systemctl status nessusd.service