Tenable Blog

Get your Nessus vulnerability assessment tool up and running with these five easy steps.

With Nessus, you can gain full visibility into your network by conducting a vulnerability assessment. Read on as we guide you through the five steps to run your first Nessus scan. (If you have not yet installed Nessus, please click here to see the installation guide.) 

Moving from Nessus Pro to Tenable.sc or Tenable.io can easily help you mature your vulnerability management program. Here's what you need to know.

Does your vulnerability management workflow involve a spreadsheet at any point? If so, you’re doing it wrong. Well, maybe not wrong per se, but definitely inefficiently.

In my career, I’ve been both the recipient and the creator of some monster-sized vulnerability spreadsheets that triggered “whack-a-mole” remediation exercises. It can be daunting to determine not only what to fix, but in what order.

Security baselines are helpful but to be sure of their effectiveness you need to perform regular audits. Here’s how you can use Tenable.io and Nessus Professional to audit the security baselines included within the Microsoft Security Compliance Toolkit.

Twenty years ago this week, I released the first public version of Nessus. Little did I know at the time the profound impact it would have both on the industry and on me personally.

This post was updated on Jan. 12, 2018 to include additional technical details and supplemental links.  

The recently disclosed Meltdown and Spectre vulnerabilities started off 2018 with a somber note, as the attacks affect everything from desktops, laptops and mobile devices to cloud providers’ infrastructure. The flaws are present in nearly all modern microprocessors and can allow an attacker to access privileged memory by abusing a feature called speculative execution.

We’re pleased to announce Nessus Professional v7. More than 20,000 organizations today use Nessus Professional and there are more than a million and a half Nessus users worldwide. You, the Nessus community, have made Nessus one of the most important and trusted solutions in the industry.

Over nearly 20 years, Nessus has become the gold standard for security practitioners and consultants who want fast and accurate point-in-time scans. Starting with version 7, we are intensifying our focus on performance and accuracy, so you can get the job done even faster and more confidently.

Credentialed scans have long been advocated as the quickest and most accurate way to perform a vulnerability assessment against any network. But like with all things technology, it runs into two usual roadblocks: people and processes.

As a companion to another post on hardening network devices and creating baseline configurations, I wanted to look at another area where standardizing configurations can pay off in a big way. While there is plenty of fertile ground out there, I decided to focus on some specific aspects of databases. As I started reviewing recent research, I noticed a couple of interesting things from the world of finance that likely aren’t radically different from most environments.

On May 1, 2017 Intel disclosed the AMT vulnerability (INTEL-SA-00075), but details of that vulnerability were not made public. However, Tenable researchers were able to overcome this challenge and make Tenable the first to deliver Intel AMT vulnerability detection capabilities to customers, just minutes after Intel’s announcement yesterday.

Kali Linux, a Linux distribution designed specifically for penetration testing, comes prepackaged with many pen test tools. Nessus® provides a penetration tester with a wealth of capabilities that will assist in the engagement, such as: