Vulnerability assessment solution provider Tenable is enhancing its Nessus vulnerability scanning product by adding Nessus Expert to its family of solutions to bring expanded capabilities and visibility into cloud native environments.
Nessus Expert, an enhancement to the company’s flagship vulnerability assessment tool Nessus and building upon Nessus Professional, is designed to address emerging cyberthreats across cloud infrastructure by applying a “smarter and simplified approach to DevSecOps,” according to Tenable.
The company says this enables users to gain an understanding of an organization’s external attack surface that could be exposed to threat actors and to assess infrastructure-as-code (IaC) for vulnerabilities before runtime.
The launch of Nessus Expert comes after the integrations of Bit Discovery and Terrascan earlier this year, giving Nessus Expert external attack surface discovery and IaC security analysis capabilities.
The key capabilities of Nessus Expert are external attack surface discovery that allows IT and security professionals to discover internet-facing assets in domains and subdomains associated with an organization, the company says. In addition, Nessus Expert features IaC scanning that establishes guardrails in automated GitOps and CI/CD processes to ensure secure deployments with minimal effort with up to 500 pre-built policies.
Nessus Expert is essentially a more advanced version of Nessus Professional, offering external attack surface scanning, the ability to add domains and scan cloud infrastructure, all of which are not available with Nessus Professional.
Glen Pendley, chief technology officer at Tenable, in a statement called Nessus the “gold standard” for vulnerability assessment. Nessus Expert is an enhanced version that addresses cloud instances that are constantly updating and connecting to various sources, he said.
“Nessus Expert delivers modern vulnerability assessment capabilities that cover everything from internal and external assets to code and cloud configurations before anything is ever deployed,” Pendley said. “This is a game changer for both assessing DevSecOps and infrastructure security.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!