Tenable have an ever growing number of products and modules within their portfolio, in this short blog post we aim to position each one and the relevant merits.
Tenable have a number of products, their first and most famous is Tenable Nessus Pro.
Nessus Pro (or Nessus for short) is generally recognised as the industry’s best vulnerability scanner. You can point this at an environment and get the complete list of vulnerabilities. In most tests it does a better detection job than any other product.
The Nessus Pro product is focused on a consultant doing a one-time vulnerability assessment. This means that there is no link between subsequent scans.
If you run a scan against say 1,000 servers, you will get a report. If you fix things up and run the same scan again in 4 weeks, you will get a new report, that has no connection to the first report.
There is no way to know that 50 servers have been decommissioned, 50 have been added, 700 have been updated and 250 have not been touched.
This information can be worked out by careful analysis, but the tool does not provide it.
Nessus Pro is licensed per install and has unlimited IPs; this works for the consultant who has it installed on a laptop that they move around. For a corporate with say 15 sites, this means that you probably need 15 copies; one per site. Whilst it is possible to scan through a router to a different network segment, it is not ideal for a number of technical reasons.
If you want the Nessus scanner with centralisation and history you need the next tools up in the portfolio.
Tenable then developed 2 tools for the enterprise, Tenable.sc (was Security Centre) and Tenable.io. These tools essentially solve the same problem, just one is SaaS and one on-premise.
What the enterprise tools allow you to do is scatter scanners throughout your network and have them all report back to the central console. This central console then allows you to control all scanners from one point and to report upon the data as it evolves over time.
Here it would be possible to see new machine additions, machines being decommissioned, what has been patched, what has not, and so on.
The scanners that are used are the exact same Nessus Pro scanners, but with a different license type that allows them to report centrally.
The Tenable.io (SaaS based console) and Tenable.sc (on premise console) are licensed based on the number of assets (or IPs) being scanned and include as many scanners as needed. So, in the situation where you have 1,000 assets and 15 offices, then the cost is based on the 1,000 assets and you can have as many scanners as needed.
Over the years Tenable have developed other scanners that sit bedside their Nessus scanner and feedback into the same consoles. These include a web application scanner (WAS) and an industrial security scanner (SCADA).
There are some restrictions around what scanners can connect to which consoles, and these provide additional information adding to the Nessus scan, they don’t replace it.
Tenable.io vs Tenable.sc
The Tenable sales force will try and push everyone to Tenable.io. In truth this is the newest product and gets more of the development work, so if you are agnostic on the SaaS / on-premise conversation we would recommend it.
Tenable.sc has been around longer and deployed at some massive sites, it therefore has some areas of functionality that are ahead of Tenable.io (say in managing large user communities). Whilst the products have different user interfaces they are roughly equivalent.