Tenable has announced the addition of Nessus Expert to its portfolio of vulnerability assessment solutions which is designed to give security consultants, penetration testers, and security practitioners extended external capabilities and expanded visibility into cloud-native environments.
Nessus Expert is claimed to be the first service to address managing external assets and cloud configurations head-on. Tenable argues that most enterprises lack good accounting of their external footprint, which is easily exploitable by cybercriminals and other threat actors.
In the cloud journey, security tools are deployed in the later part of the journey, To gain maximum advantage from the cloud is for organizations to begin with infrastructure-as-code (IaC) catching misconfigurations and software vulnerabilities before anything is ever deployed. This is where Nessus Expert steps in.
The service applies a smarter and simplified approach to DevSecOps. The goal is to enable users to understand external attack surfaces that could be exposed to threat actors and to assess IaC for vulnerabilities before runtime.
The service is equipped with external attack surface discovery and IaC security analysis, providing pen testers, consultants, small to medium-sized enterprises, and developers a competitive edge with their expanded risk assessment capabilities.
New capabilities in Nessus Expert include
- External attack surface discovery to discover internet-facing assets in domains and subdomains associated with an organization.
- IaC scanning in the new release establishes guardrails in automated GitOps.
- Provides for continuous integration and continuous deployment or CI/CD processes that ensure secure deployments with minimal effort, using up to 500 pre-built policies.