Summary
There was once a time when I would have fought tooth and nail with anyone who claimed that Nessus was not the best vulnerability scanner available. Those days however, are long since gone. Changes to the once great open-source project left me disenchanted for several years. Furthermore, the lack of early support for PCI compliance scanning disqualified the commercial Nessus solution from environments where I learned to love solutions like Qualys Qualysguard, nCircle IP360, and Foundstone Security scanner (granted they are really in different price ranges). Things were so bad during Nessus version 3 that I felt the need to write this mock break-up letter. Thankfully Tenable has made drastic changes to the Nessus product to remain more competitive with other vulnerability management solutions.
Most notably Nessus now utilizes a web interface located directly on the Nessus server at port 8834/TCP. This is in contrast to the previous client-server model that leveraged port 1241/TCP. This change has a number of benefits including the standardization of the Nessus client across multiple platforms.
Things I like
- The user interface is beautiful
- The user interface is simple to use
- Interface access is easy
- Installation is simple
- The port scanning engine is powerful
- Vulnerability checks are comprehensive
- Integration with ImmunitySec Canvas
Things I dislike
- The user interface lacks useful right-click capabilities
- Vulnerability checks take up a ton of system space
- Scans can be too harsh and if not properly configured can easily take down overloaded/underpowered network appliances, mainframes (from experience), and firewalls with small connection tables
- There is a seven day delay for updates in the Home Feed
- The lack of continued support for command-line access to Nessus in the Home Feed version
- Web based usage requires Flash which depending on how well Adobe is playing with Linux in any given release can be a real pain
Thoughts
Tenable has made significant improvements to Nessus from the 3.x versions. However, with the advancements of major market leaders like nCircle, Qualysguard, McAfee, and the newly emerging Rapid7, these significant improvements are not necessarily enough when strictly speaking about vulnerability management. Of course from a more broad perspective Tenable has made great strides with their Security Center and making the best use of the data that Nessus can produce.
Speaking specifically about vulnerability management and especially free vulnerability management, such as Nessus Home Feed or NeXpose Community Edition, Nessus may have unfortunately lost a step. On the one hand Nessus does require significantly less RAM than NeXpose Community Edition. On the other hand, Nessus lacks out-of-the-box integrations the way that NeXpose Community Edition does. The shear simplicity of leveraging Rapid7 Community Edition with the open source Metasploit Framework, makes it a choice solution for most lab environments. From Tenables perspective this is an unfortunate reality as Nessus and Metasploit once went hand-in-hand in terms of open-source integrations. At this point, from the SecAnalysis perspective, when considering vulnerability management solutions for home use (primarily Nessus Home Feed, NeXpose Community Edition, or OpenVAS) it is really a toss up between Nessus and NeXpose, however, SecAnalysis is currently leaning towards NeXpose.
Check It Out
Check out the latest version of Nessus Home Feed (*for home use only) in the downloads section of Tenables website http://www.nessus.org/download/
