Nessus: Pen Testing Product Overview and Analysis

See our complete list of top penetration testing tools.

Bottom Line

Nessus is a widely used paid vulnerability assessment tool that is best for experienced security teams, as its interface can be a little tricky to master at first. It should be used in conjunction with pen testing tools, providing them with areas to target and potential weaknesses to exploit.

Type of tool: Vulnerability assessment

Key features: Nessus by Tenable conducts vulnerability assessments for more than 27,000 organizations, with two million downloads worldwide. 450 compliance and configuration templates are provided to deal with tasks such as configuration audits and patch management. This helps IT see where there are vulnerabilities, where patches are out of date and where configurations are out of compliance.

Software flaws, missing patches, malware and misconfiguration errors across a wide range of operating systems, devices and applications are dealt with by Nessus. The company encourages feedback to optimize the tool. Ease of use is a big selling point, along with accurate scanning for network holes. It seeks out loopholes that attackers could exploit, and is relied upon by many companies for compliance checks.

Nessus began 20 years ago as an open source tool but has morphed into a proprietary tool. It can detect default passwords remaining in use within the enterprise, attempts to deny access to the intended users of a machine or a network resource, open mail relays that are often exploited by spammers, and vulnerabilities that hackers could use to gain entry or access sensitive information. In addition, it is useful in preparing PCI-DSS audits.

“Nessus offers flexibility in finding vulnerabilities across the network, and implementation is simple. It can scan from outside the firewall, which offers real visibility of vulnerabilities,” said a product manager in the healthcare industry.

Differentiator: Easy to use once learned and a very low false positive rate (.32 defects per 1 million scans).

What it can’t do: It finds vulnerabilities but does not penetrate them.

Cost: One year professional license for $2,190.

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Related articles