5 Things You Might Not Know About Nessus Cloud

Share and earn Cybytes
Facebook Twitter LinkedIn Email

By Diane Garey

We introduced Nessus® Cloud last year and have had great feedback from organizations who appreciate the ease and simplicity of deploying and maintaining a cloud-hosted vulnerability management solution. That said, given the long history of Nessus, it’s not uncommon for us to talk to people who still haven’t heard about this cloud-hosted Nessus option. So, whether you’re new to Nessus Cloud or not, in this article we’d like to share five things that you might not know about this new(ish) solution.

1. Nessus Cloud is available in multiple data centers

Tenable currently runs the Tenable Cloud in data centers in North America, Europe and Asia, which means Nessus Cloud is available locally to customers in those geographies. For customers who have strict requirements about where their vulnerability data is archived, such as organizations that fall under the European General Data Protection Regulation, having a local cloud option is a huge benefit.

2. It’s easy to run external scans from all over the world

We use the same Tenable Cloud globally-distributed infrastructure to make scanner pools available for Nessus Cloud from different parts of the world. Customers can use any of five scanner pools, anytime. Using a scanner that is geographically closer to scan targets can maximize scan speeds and minimize network latency. Or, running the same scan using different scanners is an easy and interesting way to see if your vulnerability posture changes if scanning is done from different locations.



3. Nessus Cloud comes with many pre-built integrations

We did a popular webcast about why some vulnerability management programs are more successful than others. One of the reasons for success was actively including stakeholders from outside of the security team in the program. Auditors, managers, developers, systems administrators, executives and more all have a role to play to help the vulnerability management program be successful.

One way Nessus Cloud makes it easier to include others is through pre-built integrations with many of the tools that these stakeholders use. For example, patch management integration can make it easier to compare scan results with the systems administrators on the operations team. Integrations with cloud infrastructure providers like Amazon Web Services and Microsoft Azure can help developers identify vulnerabilities before deploying new applications in these environments. Visit the Technology Integrations page on our website to learn about integrations with mobile, cloud, identity/access, and other complementary solutions.

4. There are flexible options for internal scanning

In addition to running external scans, it’s beneficial for organizations to also regularly run internal network scans. Internal scans are useful as they can show what an attacker could view once the attacker has gotten past your external defenses, or worse, what an internal attacker could access. With Nessus Cloud, customers can run internal scans with Nessus scanners or agents. Most organizations use a mix of both to optimize their scan coverage.

Nessus scanners are available for a variety of Mac, Unix/Linux, and Windows operating systems. There’s no limit on the number of scanners that can be used with Nessus Cloud.

Last year, we introduced agents as another option for running scans. Many customers find agents helpful in extending scanning to hard-to-scan assets like transient laptops that aren’t typically connected to the network when an active scan is taking place. Agents are also useful for running authenticated scans, because once they’re installed, agents can run credentialed scans without the need for ongoing management. Similar to Nessus scanners, agents support Mac, Unix/Linux and Windows operating systems.

5. Nessus Cloud offers multiple ways to view and interpret scan data

If you’re familiar with the Nessus Professional product, you’re used to seeing lists of vulnerability results and having access to search and filter criteria to help you identify those priority vulnerabilities that should be fixed first. Those capabilities are still available with Nessus Cloud, but with the Nessus Cloud solution, you also get rich, graphical dashboard summaries of scans, scan results, and system activity, with easy drill-down to get more detailed information. The dashboard data is based on a selected time-span and can be exported to a variety of file formats. It’s another way to help you quickly identify the amount and severity of the vulnerabilities Nessus Cloud is detecting in your environment.


If you’d like to learn more about these or the many other capabilities of Nessus Cloud, get started with a free trial today.

This content was authored by Diane Garey and originally posted on the Tenable blog.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Tenable
Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include over 50 percent of the Fortune 500, large government agencies and organizations across the private and public sectors. Learn more at tenable.com.
Promoted Content
Five Steps to Building a Successful Vulnerability Management Program
Is your vulnerability management program struggling? Despite proven technology solutions and the best efforts of IT teams, unresolved vulnerabilities remain an ongoing source of friction and frustration in many organizations. Regardless of how many vulnerabilities are fixed, there will always be vulnerabilities that can’t easily be remediated – and too often, finger-pointing between IT teams and business groups can ensue.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?