Licensing Changes Coming for the Nessus Vulnerability Scanner

Licensing Changes Coming for the Nessus Vulnerability Scanner

Tenable, vendor of Nessus, has changed its licensing structure for the vulnerability scanner. Starting August 1, 2008, the 'RegisteredFeed', used to obtain signatures, will no longer be available. Users of the product have the option of obtaining either the 'HomeFeed' or the 'ProfessionalFeed'. HomeFeed remains free and is licensed only for use on personal home networks. It has the same vulnerability updates contained in the ProfessionalFeed. The new licensing policy does not allow commercial and government users to scan with the latest updates without an upgrade to ProfessionalFeed. The cost of the ProfessionalFeed will be $1200 a year, and includes compliance checks (PCI, etc.). The ProfessionalFeed also provides subscribers with the latest vulnerability and patch audits, configuration and content audits, and commercial support for their Nessus 3 installation.

For Additional Information Refer to:

http://www.nessus.org/news/data/nessus_feed_letter.pdf
http://www.nessus.org/documentation/index.php?doc=feed-faq
http://www.mckeay.net/2008/05/14/changes-to-the-nessus-license/

Security Product Review: Nessus Vulnerability Scanner by Tenable

Security Product Review: Nessus Vulnerability Scanner by Tenable

From time to time, I will be conducting product reviews of a security tool, application or website that I find to be very useful.

As a System Security Assessor, I often use and test many different tools and applications to do my job. One that has amazed me in recent years with excellent performance and results is the Nessus Vulnerability Scanner by Tenable.

Nessus is a free program designed to automate the testing and discovery of known security problems on the network and computer systems. For a free tool, Nessus has many useful capabilities such as using the Nessus Attack Scripting Language (NASL), which allows security professionals to use a simple language to describe individual attacks in conjunction to the provide vulnerability database based on the Common Vulnerabilities and Exposures schema. Another powerful feature of Nessus is the client server technology that allow for distributive architecture. The server portion runs on most flavors of Unix and Linux including the Mac OS X operating system while the clients are available for both Windows and Unix/Linux.

In my testing of Nessus against the more expensive commercial applications such as Foundstone’s Foundscan Security Scanner version 5 and Internet Security Scanner (ISS), Nessus faired much better than ISS in respects to initial setup, time of completion and less false positives. Against Foundscan, Nessus fell a little short in the scanning options and reporting.

My conclusion, for the price and results, Nessus is an excellent primary or secondary tool to use for your security needs. Tenable also offer support at a cost for those who needs it. Check it out and decide for yourself. You can find more information on Nessus at:

www.securityorb.com or www.nessus.org