How to Make the Most of Your Nessus Trial
There's plenty you can do during Nessus Professional's free trial period to experience the strength of the No. 1 vulnerability assessment platform.
It's not always easy to know what to make of free trials, and software in particular can sometimes be so limited in trial mode that it is hard to get a sense of what the full version can do.
But that isn't the case with Nessus Professional. Registering for a free trial of the No. 1 vulnerability scanning and assessment solution allows you to experience many of its key features – including dynamic vulnerability scanning and the always-on coverage of Live Results. In this post we'll take an in-depth look at what you can do with Nessus during your trial to get the most out of your evaluation.
Getting started: Tenable Community
Beginning your Nessus Professional trial requires creating a Tenable Community account before you install the software. Why is this important? Simple – the Tenable Community is your one stop for product management and helpful resources and information. In your account, you can manage your trial and purchases, report problems and request product enhancements. You'll also have the ability to interact directly with other Nessus users as you navigate the product during your seven days of free use. If you have any issues with the first few scans, or simply want to know more about certain processes, you can search the Topic Library or post a question to ask other members. You can also access a variety of help resources, including webinars, blog posts, product documents and more. (Don’t forget to check out the Nessus Professional Trial Guide, which can help you get up to speed quickly.)
The Community forums are divided into dedicated sections. You'll likely find the following most helpful early on: Install & Orchestration, Configuration, Reports, Dashboards & Templates, Licensing and Asset Scanning & Monitoring.
Scanning as a trial user
Once you have activated your Nessus trial with the activation code from your Community account and downloaded the product, set up an administrator login and take a bit of time to get familiar with the program's interface. Then, you're ready to start your first vulnerability assessment.
Navigating to the Scans page from the top bar, click the New Scan button and choose a scan template, also known as a policy. Many of the pre-built templates included in the program's full version are available in the trial. From there, you can:
- Conduct basic scans of your entire network
- Look for infamous vulnerabilities and malware, such as DROWN, WannaCry, Spectre and Meltdown, with scan templates specifically designed for critical vulnerabilities
- Target scans to search for vulnerabilities in specific applications, hosts or network areas
- Find unpatched software within your hosts
We generally recommend that users go with the most straightforward templates, like Basic Network Scan, while working with Nessus during the trial period. But if you're experienced with information security, don't feel like you have to limit yourself. Additionally, you can adjust the configurations of pre-built policies before you initiate a scan. In fact, we typically advise that you check the configuration settings so that there aren't any issues with your system's environment. Specifically, review settings in the Discovery, Assessment, Report and Advanced categories.
Last but not least, hit Launch Scan. Keep in mind that this process will take some time, so it will be best if you run your trial scans outside regular business hours or at another time when network activity and congestion are particularly low. Additionally, while you can conduct as many vulnerability scans as you want during the seven days of your trial, keep in mind that you're limited to assessing 32 IPs until you have a full Nessus license.
Key features to demo
Some functions of Nessus included in your trial version are features that the software's users often rave about. Take a look:
- Credentialed scanning: A vast majority of vulnerabilities can't be detected unless you conduct a credentialed scan. In this mode, Nessus can have all the permissions of an administrator or root user – or any other set of privileges you deem appropriate – and fully examine any area of the network. Set credentials up to your liking as part of initial scan configuration.
- Dynamic vulnerability scanning: With this feature, you can set up a vulnerability scan template focused on hyper-specific points of potential risk, such as CVEs included in recent Microsoft Knowledge Base advisories, or flaws within Java-based applications. Create your dynamic filters by selecting plugin attributes you wish to monitor, and pertinent plugins will be automatically added to your policy as Tenable releases them.
- Live Results: Every time there's a plugin update, this feature performs an offline vulnerability assessment by looking at historical scan data, without slowing down other network operations. If you have an infrequent or inconsistent scan schedule, Live Results covers you by alerting you to potential issues in real time.
Making the case for Nessus
Your trial scan will offer an actionable assessment of vulnerabilities and weaknesses throughout your network. Once it's complete, you can create reports that outline those scans' results, which will be helpful in persuading other organizational stakeholders of Nessus' value. Reports are exportable in simple HTML or PDF formats, and you can customize them to be as comprehensive or succinct as you see fit.
While you can't harness the full potential of Nessus Professional during the trial, the breadth of things you can do will help you complete a full evaluation. Get yourself a head start on leveraging Tenable's widely acclaimed vulnerability scanning solution today.
Related Articles
- Nessus
- Vulnerability Scanning