Nessus: Pen Testing Product Overview and Analysis

Published

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

See our complete list of top penetration testing tools.

Bottom Line

Nessus is a widely used paid vulnerability assessment tool that is best for experienced security teams, as its interface can be a little tricky to master at first. It should be used in conjunction with pen testing tools, providing them with areas to target and potential weaknesses to exploit.

Type of tool: Vulnerability assessment

Key features: Nessus by Tenable conducts vulnerability assessments for more than 27,000 organizations, with two million downloads worldwide. 450 compliance and configuration templates are provided to deal with tasks such as configuration audits and patch management. This helps IT see where there are vulnerabilities, where patches are out of date and where configurations are out of compliance.

Software flaws, missing patches, malware and misconfiguration errors across a wide range of operating systems, devices and applications are dealt with by Nessus. The company encourages feedback to optimize the tool. Ease of use is a big selling point, along with accurate scanning for network holes. It seeks out loopholes that attackers could exploit, and is relied upon by many companies for compliance checks.

Nessus began 20 years ago as an open source tool but has morphed into a proprietary tool. It can detect default passwords remaining in use within the enterprise, attempts to deny access to the intended users of a machine or a network resource, open mail relays that are often exploited by spammers, and vulnerabilities that hackers could use to gain entry or access sensitive information. In addition, it is useful in preparing PCI-DSS audits.

“Nessus offers flexibility in finding vulnerabilities across the network, and implementation is simple. It can scan from outside the firewall, which offers real visibility of vulnerabilities,” said a product manager in the healthcare industry.

Differentiator: Easy to use once learned and a very low false positive rate (.32 defects per 1 million scans).

What it can’t do: It finds vulnerabilities but does not penetrate them.

Cost: One year professional license for $2,190.

Drew Robb Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required