Tenable's Nessus active scanner with its Passive Vulnerability Scanner (PVS) captures vulnerabilities in static assets, transient systems and cloud access, reducing exposure to zero-day disclosed vulnerabilities and out-of-cycle emergency patches.
Nessus provides scheduled vulnerability scanning, web application auditing and credentialed patch analysis. In addition to daily content updates SC-CV provides malicious process checks and mobile device scanning, allowing Microsoft Exchange and Apple profile manager to uncover and audit all mobile devices in the network. Also, patch management integration automates the cross reference of vulnerability checks with enterprise patch management, and compliance/configuration auditing of firewalls, routers and virtual infrastructure is included.
Vulnerabilities identified as exploitable further qualify the exploit source, including the ease of exploitation via the exploitability index. The HTML5 interface allows users on several different platforms and devices to access the same interface without the need for an app.
Nessus displays vulnerabilities based on standard formats - Common Vulnerability Scoring System (CVSS) v2 score and Common Vulnerabilities and Exposures (CVE) ID - and exports into a variety of formats. IPv6 address spaces are too big for scanning with active scanners alone. PVS adds dynamic discovery of vulnerable assets that connect to both IPv4 and IPv6 network. PVS also provides database logging and monitoring, detection of encrypted traffic and cloud application use. It identifies new hosts and applications, assessing security and compliance risks from mobile, cloud and virtual infrastructure that may not be present during active scans. SC-CV brings it all together with active and passive scanning, and provides a real-time view of vulnerability, threat and compliance risk for all assets on their respective networks with advanced analytics, visualisation and reporting. Outcome-based auditing allows managers to set a desired security posture and receive proactive reports when assets are out of compliance.
Installation can be done with software, a VMware Virtual Appliance or a hardware appliance. There are a number of hardware configurations based on the products and the number of hosts to be managed. Tenable has provided a list of examples that includes settings for Windows, Apple, Red Hat Linux, FreeBSD, CentOS and more. For this evaluation, we used an ESXi host with a CentOS x86 64-bit server to host SC-CV, PVS and Nessus. Software and keys for the products were provided on a USB device.
Software installation was flawless and within 20 minutes the basic application settings were completed. Configuring the settings is straightforward. The top-level graphic menu provided a fairly intuitive set of screens that walk administrators straight through the configurations. If there is an error in a configuration setting, a message is provided describing the issue and a recommended change. Overall, the performance of the product was excellent.
Documentation is comparable to other solutions with an intuitive help feature with screenshots, a support portal, discussion forum, searchable knowledgebase and other documentation, as well as product certification training and a library of video tutorials.
At a cost of c£13,870 for a one-time software licence for 500 IPs and c£1,000 for the Nessus standalone with Professional feed, we found SecurityCenter Continuous View to be good value for the money.
This solution is an excellent product at a reasonable cost