The technology impact market research company, Forrester assessed Tenable’s Nessus Vulnerability Scanner as the leading vulnerability risk manager in the world. This is the headline of the Forrester Wave Vulnerability Risk Management report for Q4 2019. A survey by Cybersecurity Insiders discovered that Nessus was the most widely deployed application vulnerability scanner in the world. It has been installed more than 2 million times and is currently working to protect 27,000 businesses around the globe. It has more than 57.000 Common Vulnerabilities and Exposures (CVE) in its dictionary and has the lowest false positive reporting rate in the industry.
With all of these impressive statistics under its belt, you’re probably wondering why you have never heard of the Nessus Vulnerability Scanner.
All about Nessus Vulnerability Scanner
Nessus checks both hardware and software for known vulnerabilities. It watches running processes for abnormal behavior and it also monitors network traffic patterns. Nessus is a sort of firewall/antivirus system, but not quite. Although it has remediation procedures, it isn’t as comprehensive in the solutions section as a typical endpoint protection system would be.
Tenable, Inc began operations in 2002, but Nessus is much older than that. How can a product be older than the company that developed it? The Nessus system was developed by an individual, Renauld Deraison and first released in 1998. At the time, Deraison was 17. He set Nessus up as an open-source project and lead the community development of the software part-time while pursuing a career in IT during the day.
Controversially, Deraison set up Tenable Network Security to manage the commercial possibility of the Nessus software. Although the development project was community-driven, Deraison owned the copyright of the software. When Nessus 3 was released, the open-source project closed down, taking Nessus fully into the business as a proprietary system. Earlier versions are still available under GNU General Public licenses.
The availability of the source code for Nessus 2 led to the creation of forks, providing rivals to the Nessus system. However, with Nessus, Deraison invented the concept of ‘remote vulnerability scanners’. It went from being the only vulnerability scanner in the world to the leading vulnerability scanner. The move to proprietary ownership prevented Nessus from being completely crowded out by re-labeled copies of its own code.
Tenable is relaxed about the continued existence of the Nessus 2 code and the presence of near copies in the market. Under the GNU licensing system, those copies can’t be sold commercially, only given away. By investing in developing Nessus privately, Tenable has ensured that it keeps ahead of its rivals, both free and paid.
Nessus 3 is a considerable advancement to the previous versions and the hobbyists that produced forks of the code don’t have the resources to fully compete with Tenable.
Tenable was formed in 2002 but didn’t come up with a paid version of Nessus until 2005. The move to put a commercial skin on a free open-source product is not unusual. Many open-source projects have a paid alternative.
The commercial logic behind creating a paid version of free software is that most open source projects don’t attract corporate users. Businesses don’t care about the price of software – it is just an expense and can be written off against tax.
The key need for businesses when considering software acquisition is that it should be reliable and supported. This is where the charging structure of a commercial service added on top of open-source software wins.
By creating a charging service provider that is the definitive owner of Nessus, Deraison ensured the uptake of the Nessus Vulnerability Scanner by the business community. The software may be free, but businesses won’t touch it unless it is fully supported. Offering a support package makes Nessus attractive.
So, there was a good income earner waiting to be picked up without removing the commitment to keep Nessus free. The next logical step along the path to commercialization was to invest in a full-time development team. Community developers are very good at producing software for their own use, but they are blind to its faults and unwilling to overhaul it in the face of requests from business users.
Software, even though it is free can soon become a risk to use because the exploits discovered by hackers don’t get shut down through development and testing. The lack of a development budget would have left Deraison unable to close off exploits, ironically making it a vulnerability scanner with vulnerabilities.
Tenable honors the spirit of its open-source origins by making a free version available. Those who enjoyed having a free Nessus without professional support still have it. The big businesses that are prepared to pay for quality now have that available.
Free and paid Nessus
The history of Nessus and the existence of a free version explain why the software is so successful without having much visibility. It’s 2 million downloads are largely due to its longevity and its free version. Look at the numbers: two million downloads, but only 27,000 businesses using it.
The benefit of all of those free users is that the software has been comprehensively tested in real-world situations. This explains its very high success rate in accuracy. So, the free version helps test the system and also creates familiarity. It is an accessible tool for penniless students in network technology. When they graduate and get out into the workforce, they take their familiarity with the Nessus brand out into the companies that hire them. You won’t see the Nessus name on billboards because Tenable doesn’t need a marketing budget – your intern will tell you about it, download it, and set it up for you.
The three versions of the Nessus Vulnerability Scanner are:
- Nessus Essentials
- Nessus Professional
Read more about each option below.
Nessus Essentials is the free version of the scanner. Its scan runs are limited to 16 IP addresses and the tool is aimed at students of networking technology. The website of Tenable makes training sheets available to new users of the system. So, even if you are a business user that intends to go for the paid version, you could start off with Essentials to make sure that you understand the system before recommending it to your boss. Tenable doesn’t restrict the distribution of Nessus Essentials for home use – it’s fine to use it for business.
There is also a Nessus user forum where you can pick up tips from other users. Nessus can be extended by plug-ins. Most of these are charged for, but you can pick up free plug-ins from the community.
Nessus Professional is the on-premises version of the two paid versions of the vulnerability scanner. This deal gets you full support, but the software you use is the same as the free versions but without the 16 IP address space cap.
You need to hop up to one of the paid versions to get compliance checks for PCI, CIS, FDCC, and NIST and content audits. Nessus Professional gives you live results in the dashboard and the system sweeps can be scheduled and run repeatedly. You have the choice of accessing the community forums for support or you can send support queries to the Tenable help desk by email.
Nessus Professional is charged for by subscription. However, this is a yearly fee and there isn’t a monthly payment plan. You can buy a multi-year subscription to get discounted rates. The license is available on a 1, 2, or a 3-year subscription. Each period is available with a standard or an advance support plan. The advanced options enable you to contact support technicians via live chat and phone. You can get a 7-day free trial of Nessus Professional.
This is the cloud-based version of Nessus Pro. It only comes with the Advanced support package and it’s charging structure is a little different from the on-premises version. Nessus Professional as the same price no matter how many nodes you want to scan on your network. Tenable.io starts with a base price for 65 nodes but the price increases with the number of nodes you have above that.
Nessus System Requirements
Nessus Essential and Nessus Pro run on Windows, Windows Server, Mac OS, Free BSD Unix, Debian, SUSE, Ubuntu, RHEL, Fedora, and Amazon Linux. Unfortunately, the Windows version will only run on a 32-bit system. There is no Nessus version for 64-bit systems.
On-premises users have several releases to choose from with the latest being 8.7.2.
Nessus Vulnerability Scanner’s competitors & alternatives
Nessus is in a peculiar position because it occupies a market niche that it invented itself. Essentially vulnerability scanners are part of the cybersecurity market, so true competitors for this software aren’t just systems that directly identify as vulnerability scanners. For example, most modern next-generation AV systems include vulnerability risk assessment and so qualify as competitors to Nessus.
If you are unsure whether Nessus fits your needs, check out trial offers from the following:
- Crowdstrike Falcon – a cloud-based AI-driven endpoint protection system that includes vulnerability assessment.
- OpenVAS – The leading fork of Nessus, which is still free and unlimited.
- Metasploit – An open-source system vulnerability checker in free and paid versions.
- Intruder – A vulnerability scanner and security service for internet-facing systems.
- Probely – A cloud-based vulnerability scanner for websites.
Although Nessus is excellent at spotting vulnerabilities, it isn’t that great at plugging them up. There are other, more comprehensive tools on the market that represent strong challenges to the dominance of Nessus in its niche market.
One example of a more comprehensive system that encompasses the functionality of Nessus is Crowdstrike Falcon. This online system crowdsources vulnerability and attack data in order to know what weakness to look for when it scans a system. It covers both hardware and software vulnerabilities and includes very comprehensive remediation procedures that far exceed the capabilities of Nessus. Although there isn’t a free version of Falcon, Crowdstrike does offer it on a 15-day free trial.
OpenVAS is a very close competitor of Nessus and it has stayed true to its origins. A fork of the original Nessus code, it has remained free and open source. OpenVAS avoids the pitfalls of most open-source projects because it is controlled and professionally managed by Software in the Public Interest. The commitment of this non-profit organization prevents the software development effort for OpenVAS from stagnating.
Metasploit is another open-source project that went commercial when it was taken over by Rapid7. This is a very popular penetration testing tool and it is widely used in the cybersecurity industry. Like Nessus, it stayed true to its roots by maintaining a free community-supported version. In fact, there are two free versions: Metasploit Framework Edition, which is a command-line utility and is packaged with Zenmap, and Metasploit Community Edition, which has a decent web-based interface, modeled on the paid version but with limited capabilities. Rapid7 produces two paid versions of the system, called Metasploit Express and Metasploit Pro.
Intruder and Probely are focused on protecting websites and other internet-facing networks. Intruder is hailed for its ease-of-use and excellent vulnerability exposure. It is cloud-based and requires no setup. The scan operates continually, producing live feedback in the online console as well as offering historical data analysis. The graphs shown in the dashboard are simple, stylish and attractive. There are three service plans for Intruder and none of them are free. However, you can get a 30-day free trial.
Probely is another cloud-based vulnerability scanner that is specifically aimed at assessing web services. This cloud-based subscription service has four service plans, including a free version. You can also get a 14-day free trial.
Although Nessus was the original vulnerability scanner, it is not the only one available. Check out the rivals and decide which is best for you.