The Tenable product portfolio can holistically assess, manage and measure cyber-risk in business terms across a wide range of business sizes and budget.
Tenable very much adheres to the principle that there is no one-size-fits-all approach to cyber-security with their products.
As a vendor that S4 Applications represents, Tenable Nessus is one of the most widely-deployed security technologies in the world and the go-to product for security professionals.
Tenable product overview
Benefits
- Improve efficiency with pre-configured templates for a range of IT and mobile assets as well as customisable views and reporting
- Save time and money with access to live results for rapid detection, prioritisation and remediation
- Access community support, professional training and guidance to develop a best practice approach to security
History
Like so many companies, the current Tenable product portfolio is defined by where it came from which helps explain things.
Tenable’s first product was a stand-alone scanner. It was, and continues to be, the best scanner available. This is currently marketed as the Tenable Nessus Pro.
The Nessus Pro product though lacked an enterprise view, so Tenable.SC was created to allow an aggregation of data. Tenable.IO was then created to move that aggregation tool to the cloud.
The Nessus Pro scanning engine only looks at infrastructure issues, it doesn’t look at web applications, containers or OT technologies. Tenable therefore acquired companies with technologies that have these scanner features and plugged them into their data aggregation tools and central consoles.
Adding a corporate view adds complexity such that only some scanners work with particular consoles. This is a marketing decision (Tenable want to be a SaaS vendor) there is no logical reason for it.
Tenable.io provides actionable and accurate data that can be used to identify, investigate, and prioritise the remediation of vulnerabilities. It is available as a cloud-delivered solution.
- Improve resilience with broad vulnerability coverage
- Improve detection and save money with active and passive network monitoring and assessment and dynamic asset tracking
- Improve speed using predictive prioritisation
- Improve efficiency with an intuitive dashboard visualisations, automated workflows, and flexible API
Tenable.sc provides a comprehensive picture of your network, while keeping your data under your control. An on-premise solution, Tenable.sc discovers unknown assets and vulnerabilities, and monitors unexpected network changes before they turn into breaches.
- Improve resilience with active and passive assessment of systems, networks and applications that has continuous monitoring of users, applications and infrastructure
- Improve visibility with comprehensive visibility into your IT environment
- Improve efficiency through custom reports and dashboards plus real time alerts and notifications
- Improve speed and save money with intelligent vulnerability prioritisation
Helping Consultants
Probably the most famous product in the Tenable portfolio is the Tenable Nessus Pro.
Tenable Nessus is one of the most widely-deployed security technologies in the world and the go-to product for virtually every security professional. Whether you choose the Essentials or Pro version, Nessus is designed to make vulnerability assessment simple, easy and intuitive.
Nessus Pro (or Nessus for short) is generally recognised as the industry’s best vulnerability scanner. You can point this at an environment and collect the complete list of vulnerabilities. In most tests it does a better detection job than any other product.
The Nessus Pro product is focused on a consultant doing a one-time vulnerability assessment. This means that there is no link between subsequent scans.
- Best detection in the business at an affordable price
- No limit to the number of IPs or assessments
- Easily transferable license between computers
- Customise reports with client name and logo
- Email directly to the client after every assessment
- Nessus is trusted by more than 30,000 organisations globally, with 50% of the Fortune 500 relying on Nessus technology
Nessus Restrictions
If you run a scan for example with 1,000 servers, you’ll get an extensive report. If you fix some issues and run the same scan again after 4 weeks, you’ll get a new report that has no connection to the first report. There is no way to know that of the total number of servers, 50 have been decommissioned, 50 have been added, or 700 have been updated and 250 have not been touched.
This information can be worked out by careful analysis, but the tool does not provide it.
A Nessus Pro product license is per install and has unlimited IPs; this works for a consultant role where it is installed on a laptop that they move around. For a corporate office with 15 different locations, this means that you’ll probably need 15 copies; one per site.
Whilst it is possible to scan through a router to a different network segment, for a number of technical reasons it is not a recommended option.
If you want the Nessus scanner with centralisation and history, you’ll need to look at the tools higher up in the portfolio.
Enterprise tools
The Tenable portfolio has 2 products aimed at the enterprise user, Tenable.sc (was Security Centre) and Tenable.io.
The enterprise level features enable scanners to be placed throughout an organisations network and have them all report back to the central console. The central console has the ability to control all the scanners, collecting and reporting on the data.
This is a feature that makes it possible to view new machine additions, machines being decommissioned, what has been patched, what has not, and so on.
The scanners that are used are the exact same Nessus Pro scanners, but with a different license type that allows them to report centrally.
The Tenable.io (is a SaaS based console) and Tenable.sc (is an on-premise console) are licensed based on the number of assets (or IPs) being scanned and include as many scanners as needed. So, if your organisation has 1,000 assets and 15 offices, then the cost is based on the 1,000 assets and you can have as many scanners as needed.
For enterprise users, Tenable offers:
- Broad vulnerability coverage
- Continuous monitoring of users, applications and infrastructure
- Active and passive network monitoring
- Assessment and dynamic asset tracking
- Intuitive dashboard visualisations, automated workflows, and flexible API
Other scanners
Over the years the Tenable portfolio has developed (and added) other scanning products that complement the Nessus scanner and feedback into the same consoles. These include a web application scanner (WAS) and an industrial security scanner (SCADA).
There are some restrictions around what scanners can connect to which consoles, and these provide additional information adding to the Nessus scan, they don’t replace it.
Tenable.io vs Tenable.sc
The Tenable.io. is the newest product in the portfolio and gets more of the development work, so if you are agnostic on the SaaS / on-premise conversation we would recommend it.
Tenable.sc has been around longer and has been successfully deployed where there are very large user communites, it therefore has some more advanced functionality compared to Tenable.io. Whilst the products have different user interfaces they are roughly the same.
The Tenable platform can holistically assess, manage and measure cyber-risk across the modern attack surface and communicate the risk in business terms to enhance strategic decision making.
Book a free consultation.
Training
All Tenable subscriptions come with platform updates and vulnerability updates. Nessus Pro only gets electronic support i.e. portal and email (the “Standard” program), the other products also get telephone support (the “Advanced” program). More recently Tenable have started to offer the Advanced program to Nessus Pro users as an additional cost item.
Read more about: Staying safe with Risk Based Vulnerability Management in our blog.
Next steps
Tenable – Translating vulnerability data into business insights for security teams.
As a Tenable partner, S4 Applications works with clients to help them understand their attack surface, priorities, and goals. We develop a roadmap to deploy the right solution for your needs. Read more about our Tenable case studies, learn more about Tenable or contact S4 Applications to request a demo.
