Tenable Introduces Nessus Expert


Tenable have announced the addition of Nessus Expert to its portfolio.

External assets and cloud configurations represent two of the biggest cyber risks facing organisations today. Most enterprises lack good accounting of their external footprint, which is easily exploitable by cybercriminals and other threat actors.

External Attack Surface Management (EASM) removes such blind spots with capabilities such as discovery, attribution and change detection monitoring of all external assets across the enterprise.

At the same time, while organisations are leveraging public clouds, they are frequently deploying cloud security solutions too late in their development cycle.

The best way to gain maximum advantage from the cloud is for organisations to begin with infrastructure as code (IAC) security, catching misconfigurations and software vulnerabilities before anything is ever deployed.

Nessus Expert applies a simplified approach to DevSecOps, enabling users to gain an understanding of an organisation’s external attack surface that could be exposed to threat actors and to assess infrastructure as code (IaC) for vulnerabilities before runtime.

Following the integrations of both Bit Discovery and Terrascan technologies earlier this year, Nessus Expert is equipped with external attack surface discovery and IaC security analysis, providing pen testers, consultants, SMBs and developers with a unique competitive edge with their expanded risk assessment capabilities.

“Nessus is the gold standard for vulnerability assessment. We’ve enhanced capabilities to address cloud instances that are constantly updating and connecting to various sources. We’re upping the ante with Nessus Expert,” said Glen Pendley, chief technology officer, Tenable. “Nessus Expert delivers modern vulnerability assessment capabilities that cover everything from internal and external assets to code and cloud configurations before anything is ever deployed. This is a game-changer for both assessing DevSecOps and infrastructure security.