Tenable Introduces Nessus Expert with External Attack Surface Management and Cloud Security Capabilities

Tenable has announced the addition of Nessus Expert to its portfolio of trusted vulnerability assessment solutions, giving security consultants, pen testers and security practitioners extended external capabilities and expanded visibility into cloud-native environments.

External assets and cloud configurations represent two of the biggest cyber risks facing organizations today. Most enterprises lack good accounting of their external footprint, which is easily exploitable by cybercriminals and other threat actors. External Attack Surface Management (EASM) removes such blind spots with capabilities such as discovery, attribution and change detection monitoring of all external assets across the enterprise. At the same time, while organizations are leveraging public clouds, they are frequently deploying cloud security solutions too late in their development cycle. The best way to gain maximum advantage from the cloud is for organizations to begin with infrastructure as code (IAC) security, catching misconfigurations and software vulnerabilities before anything is ever deployed.

Building on the Nessus brand’s reputation as the industry’s most recognized and widely deployed vulnerability assessment solution, Nessus Expert is the first to address both of these pain points head-on. Nessus Expert applies a smarter and simplified approach to DevSecOps, enabling users to gain an understanding of an organization’s external attack surface that could be exposed to threat actors and to assess infrastructure as code (IaC) for vulnerabilities before runtime. Following the integrations of both Bit Discovery and Terrascan technologies earlier this year, Nessus Expert is equipped with external attack surface discovery and IaC security analysis, providing pen testers, consultants, SMBs and developers with a unique competitive edge with their expanded risk assessment capabilities.

“Nessus is the gold standard for vulnerability assessment. We’ve enhanced capabilities to address cloud instances that are constantly updating and connecting to various sources. We’re upping the ante with Nessus Expert,” said Glen Pendley, chief technology officer, Tenable. “Nessus Expert delivers modern vulnerability assessment capabilities that cover everything from internal and external assets to code and cloud configurations before anything is ever deployed. This is a game-changer for both assessing DevSecOps and infrastructure security.”

Key New Capabilities
Nessus Expert offers the following features in addition to everything offered in Nessus Professional:

  • External Attack Surface Discovery – to discover internet-facing assets in domains and subdomains associated with an organization
  • Infrastructure as Code Scanning – to establish guardrails in automated GitOps and CI/CD processes that ensure secure deployments with minimal effort with up to 500 pre-built policies.