For situations where gathering up the domain passwords for sensitive divisions of an organization is a hard sell to upper management, using the agent-based version of the Nessus vulnerability scanning tool is a way to step around the issue, according to Ron Gula, CEO of Tenable Network Security.
"We've had a lot of organizations come to us and say, 'Gee, we want to go and find malware, we want to do patch audits, we want to figure out our configurations on Windows for our laptops,'" Gula said in this interview, recorded at the 2015 RSA Conference. SearchSecurity editorial director Robert Richardson sat down with Gula to discuss recent releases of Tenable's flagship Nessus scanner. "We recently added agents -- these agents are low impact. When they're not auditing your system they don't take any CPU, but when they do audit it, they do it with the exact same logic and research that Tenable performs.
"If you're used to doing a patch audit or Department of Defense STIG (Security Technical Information Guide) audit," Gula said, "the agents are identical, which means you can uniformly do credentialed scans to deployed agents and feed that back into the Nessus manager or the Nessus Cloud version of that."
Gula said Nessus Cloud, which was released in February of this year, brought the company's vulnerability management to asoftware as a service platform, building on a previous cloud iteration called Nessus Enterprise Cloud and providing remote management of distributed scanners and collaboration features that allow various departments beyond just the security team to work together on monitoring and managing vulnerabilities.
Nessus is one of the grand old master tools of the Internet, dating back to 1998 when it began as an open source tool. By some measures, it has on occasion been the most widely used security tool in the world, even after the tool became a proprietary product in 2005 (a free "Home" version of the tool is still available for download).