New Nessus 7 Professional and the end of cost-effective Vulnerability Management (as we knew it)
It’s an epic and really sad news. 🙁
When people asked me about the cost-effective solution for #VulnerabilityManagement I usually answered: “Nessus Professional with some additional automation through #Nessus API”.
With just a couple of #Nessus Professional scanning nodes it was possible to #scan all the infrastructure and network perimeter (see “Vulnerability Management for Network Perimeter“). Price for each node was fixed and reasonable. And you could make your any reports from the raw #scan data, as you like it.
#Nessus Pro was still were best choice even when Tenable:
* Cut off master/slave functionality in #Nessus and created “Nessus Manager”.
* Changed #API completely during the update from 5 to 6 version.
* Gradually increased the price from $1,5k to $2,7k per scanning node per year.
But unfortunately it’s not anymore. End of an era.
And what is even more sad is that #Tenable does not mention disabling the #API and multi-user function in the main #Nessus 7 marketing, as it never was, as if it’s not very important. Just look at “Announcing #Nessus Professional v7” – not a word about “API” or users. Only in additional link:
Only there, in the text (not a video) there is an information about removed features.
The nice little things like “Easily transferable license” and “Emailed #scan reports and custom report name / logo” do not make it any better.
So, what next?
#Tenableio #TenableSecurityCenter #Tenable #SikuliX #Selenium #OpenVAS #NessusManager #Nessus #VulnerabilityManagement #Productology #ComplianceManagement #API
Read more: https://avleonov.com/2017/12/13/new-nessus-7-professional-and-the-end-of-cost-effective-vulnerability-management-as-we-knew-it/
It’s an epic and really sad news. 🙁
When people asked me about the cost-effective solution for #VulnerabilityManagement I usually answered: “Nessus Professional with some additional automation through #Nessus API”.
With just a couple of #Nessus Professional scanning nodes it was possible to #scan all the infrastructure and network perimeter (see “Vulnerability Management for Network Perimeter“). Price for each node was fixed and reasonable. And you could make your any reports from the raw #scan data, as you like it.
#Nessus Pro was still were best choice even when Tenable:
* Cut off master/slave functionality in #Nessus and created “Nessus Manager”.
* Changed #API completely during the update from 5 to 6 version.
* Gradually increased the price from $1,5k to $2,7k per scanning node per year.
But unfortunately it’s not anymore. End of an era.
And what is even more sad is that #Tenable does not mention disabling the #API and multi-user function in the main #Nessus 7 marketing, as it never was, as if it’s not very important. Just look at “Announcing #Nessus Professional v7” – not a word about “API” or users. Only in additional link:
Only there, in the text (not a video) there is an information about removed features.
The nice little things like “Easily transferable license” and “Emailed #scan reports and custom report name / logo” do not make it any better.
So, what next?
#Tenableio #TenableSecurityCenter #Tenable #SikuliX #Selenium #OpenVAS #NessusManager #Nessus #VulnerabilityManagement #Productology #ComplianceManagement #API
Read more: https://avleonov.com/2017/12/13/new-nessus-7-professional-and-the-end-of-cost-effective-vulnerability-management-as-we-knew-it/
Microsoft security solutions against ransomware and APT
Last Tuesday I was invited to #Microsoft business breakfast “Effective protection against targeted and multilevel attacks”. Here I would like to share some of my thoughts on this. Need to mention that the food was delicious and the restaurant of Russian Geographical Society is a very lovely place. 😉 Thanks, Microsoft!
### #Microsoft as a security vendor? O RLY?
#Microsoft products are not actually my topic. To tell you the truth, personally I’d better live in a world without this massive #Windows hegemony in desktop operating systems. I use #Linux mostly. And even when I have to work in a #Windows environment, it’s much easier for me to do all the work in some #Linux virtual machine.
But in the real life almost every office network is build on #Microsoft solutions. And if you are doing #VulnerabilityManagement in any organization, you should deal with them too. The good news is that many security features are available out of the box in the MS products that you have already purchased. It’s just important to know about these features and use them right.
One more thing, why it’s interesting to learn more about #Microsoft information security products. #Microsoft developers, obviously, have direct access to #Windows source code and know better how their own OS works. Many things are much easier for them to implement than for other security vendors. So, good chances that you will see in #Microsoft products some interesting features, that other vendors don’t have (yet).
### Drowning in data
The event began with an opening speech by #AndreyIvanov from #Microsoft Russia.
I liked his thesis that “we are drowning in security data”:
* Threat Intelligence from different sources that need to be implemented in your infrastructure and somehow validated. A good place to mention Vulners.com #vulnerability feeds 😉
* Threat Detection using logs, scanners, various protection tools, etc.
* The overall number of #SIEM inputs is growing faster than our resources. New IT system = new problems of #SIEM configuration.
So, it would be nice if somebody, for example OS vendor, will provide all this as a service, right? 😉
### Detect the undetectable
Then there was the keynote by #ZbigniewKukowski – one of the leading #Microsoft information security experts.
#### Why is it necessary?
Here is what I would like to note from his report. First of all, great arguments_ why it is necessary_. Ok, this is marketing. But the ability to explain (to sell) necessity of information security is important skill for any information security specialist now. It does not matter if you are working in a security vendor, integrator or customer.
Zbigniew mentioned an interesting case: some Polish company, that lost $ 4.3 million in recent the #Petya attack in 4 days. The cost of Information Security measures will be much less than the potential losses of business.
Another argument – attacks are not the entertainment for some individuals any more. Now it’s a well-organized criminal business. Dozens of people are working on popular #malware tools, like #Petya. That’s why #ransomware tools are so popular now – cyber-criminals just want to return their development costs.
#ZbigniewKukowski #WindowsDefenderCredentialGuard #vulnerscom #VirusTotal #ransomware #Petya #mimikatz #Microsoft #Linux #ControlledFolderAccess #BadRabbit #AndreyIvanov #SIEM #Productology
Read more: https://avleonov.com/2017/12/20/microsoft-security-solutions-against-ransomware-and-apt/
Last Tuesday I was invited to #Microsoft business breakfast “Effective protection against targeted and multilevel attacks”. Here I would like to share some of my thoughts on this. Need to mention that the food was delicious and the restaurant of Russian Geographical Society is a very lovely place. 😉 Thanks, Microsoft!
### #Microsoft as a security vendor? O RLY?
#Microsoft products are not actually my topic. To tell you the truth, personally I’d better live in a world without this massive #Windows hegemony in desktop operating systems. I use #Linux mostly. And even when I have to work in a #Windows environment, it’s much easier for me to do all the work in some #Linux virtual machine.
But in the real life almost every office network is build on #Microsoft solutions. And if you are doing #VulnerabilityManagement in any organization, you should deal with them too. The good news is that many security features are available out of the box in the MS products that you have already purchased. It’s just important to know about these features and use them right.
One more thing, why it’s interesting to learn more about #Microsoft information security products. #Microsoft developers, obviously, have direct access to #Windows source code and know better how their own OS works. Many things are much easier for them to implement than for other security vendors. So, good chances that you will see in #Microsoft products some interesting features, that other vendors don’t have (yet).
### Drowning in data
The event began with an opening speech by #AndreyIvanov from #Microsoft Russia.
I liked his thesis that “we are drowning in security data”:
* Threat Intelligence from different sources that need to be implemented in your infrastructure and somehow validated. A good place to mention Vulners.com #vulnerability feeds 😉
* Threat Detection using logs, scanners, various protection tools, etc.
* The overall number of #SIEM inputs is growing faster than our resources. New IT system = new problems of #SIEM configuration.
So, it would be nice if somebody, for example OS vendor, will provide all this as a service, right? 😉
### Detect the undetectable
Then there was the keynote by #ZbigniewKukowski – one of the leading #Microsoft information security experts.
#### Why is it necessary?
Here is what I would like to note from his report. First of all, great arguments_ why it is necessary_. Ok, this is marketing. But the ability to explain (to sell) necessity of information security is important skill for any information security specialist now. It does not matter if you are working in a security vendor, integrator or customer.
Zbigniew mentioned an interesting case: some Polish company, that lost $ 4.3 million in recent the #Petya attack in 4 days. The cost of Information Security measures will be much less than the potential losses of business.
Another argument – attacks are not the entertainment for some individuals any more. Now it’s a well-organized criminal business. Dozens of people are working on popular #malware tools, like #Petya. That’s why #ransomware tools are so popular now – cyber-criminals just want to return their development costs.
#ZbigniewKukowski #WindowsDefenderCredentialGuard #vulnerscom #VirusTotal #ransomware #Petya #mimikatz #Microsoft #Linux #ControlledFolderAccess #BadRabbit #AndreyIvanov #SIEM #Productology
Read more: https://avleonov.com/2017/12/20/microsoft-security-solutions-against-ransomware-and-apt/
Vulners Nmap plugin
In previous post about Vulners #vulnerability detection plugins for Burp and #GoogleChrome, I mentioned that it would be great to have a plugin for some free publicly available tool, like #Nmap. And guys from the Vulners Team have recently released #Nmap plugin. Isn’t it awesome? 🙂
To detect vulnerabilities with Vulners #Nmap plugin, you need to download the script and run it like this:
$ wget -O vulners.nse https://raw.githubusercontent.com/vulnersCom/nmap-vulners/master/vulners.nse
$ nmap -sV --script vulners.nse corporation.com
The output you can see on the screenshot above.
First of all, I need to say that it’s not the full analogue of the plugins for Burp and #GoogleChrome.
In the current version it doesn’t analyse the content and headers of the site. It doesn’t detect vulnerabilities of standard Web applications. From the other hand, this plugin can detect vulnerabilities of network services, that plugins for Burp and Chrome obviously won’t detect.
#vulnerscom #python #OpenSSH #NmapNSE #Nmap #Lua #Exploit #exim #CPE #VulnerabilityManagement
Read more: https://avleonov.com/2017/12/29/vulners-nmap-plugin/
In previous post about Vulners #vulnerability detection plugins for Burp and #GoogleChrome, I mentioned that it would be great to have a plugin for some free publicly available tool, like #Nmap. And guys from the Vulners Team have recently released #Nmap plugin. Isn’t it awesome? 🙂
To detect vulnerabilities with Vulners #Nmap plugin, you need to download the script and run it like this:
$ wget -O vulners.nse https://raw.githubusercontent.com/vulnersCom/nmap-vulners/master/vulners.nse
$ nmap -sV --script vulners.nse corporation.com
The output you can see on the screenshot above.
First of all, I need to say that it’s not the full analogue of the plugins for Burp and #GoogleChrome.
In the current version it doesn’t analyse the content and headers of the site. It doesn’t detect vulnerabilities of standard Web applications. From the other hand, this plugin can detect vulnerabilities of network services, that plugins for Burp and Chrome obviously won’t detect.
#vulnerscom #python #OpenSSH #NmapNSE #Nmap #Lua #Exploit #exim #CPE #VulnerabilityManagement
Read more: https://avleonov.com/2017/12/29/vulners-nmap-plugin/
Vulchain Scanner: 5 basic principles
New Year holidays in Russia lasts 10 days this year! Isn’t it an excellent opportunity to start a new project? So, I decided to make my own active network #vulnerability #scanner – #Vulchain.
Why? Well, first of all, it’s fun. You can make the architecture from scratch, see the difficulties invisible from the user side and try something new in software development as well.
Basic principles of the project. This is not a dogma, but rather a general direction.
1. Data layers. I would like to have this independent sets of data:
* Raw data collections
* Software versions detected from the raw data
* Vulnerabilities detected from the software versions
* Exploitability assessment data for the detected vulnerabilities
2. Modularity. Most of functionality will be performed by the independent modules which read some data from one data level, and create some data on other data level.
3. Transparency. Data is stored constantly on the all levels. You can easily figure out how the data was processed, track the errors and modify modules.
4. Neutrality. All modules are independent and easily replaceable. For example:
* You can use #Nmap or other port #scanner to detect services. You can refuse active scanning completely and collect data from local agents or from your cmdb.
* You can use the Vulners Burp #API and #Linux Audit #API to detect software vulnerabilities, use can use some other service or you can write your local detection scripts using #NVD or Vulners Collections (see also “Vulnerability Assessment without Vulnerability Scanner“).
5. Rationality. If it is possible to use some security utility, service or product, we will integrate with them, rather than writing our own analogue. We spend resources only on what will give us the maximum profit at a minimum of costs. 😉
#vulnerscom #VulnersAudit #Vulchain #Pycharm #NVD #Nmap #json #Vulchain
Read more: https://avleonov.com/2018/01/05/vulchain-scanner-5-basic-principles/
New Year holidays in Russia lasts 10 days this year! Isn’t it an excellent opportunity to start a new project? So, I decided to make my own active network #vulnerability #scanner – #Vulchain.
Why? Well, first of all, it’s fun. You can make the architecture from scratch, see the difficulties invisible from the user side and try something new in software development as well.
Basic principles of the project. This is not a dogma, but rather a general direction.
1. Data layers. I would like to have this independent sets of data:
* Raw data collections
* Software versions detected from the raw data
* Vulnerabilities detected from the software versions
* Exploitability assessment data for the detected vulnerabilities
2. Modularity. Most of functionality will be performed by the independent modules which read some data from one data level, and create some data on other data level.
3. Transparency. Data is stored constantly on the all levels. You can easily figure out how the data was processed, track the errors and modify modules.
4. Neutrality. All modules are independent and easily replaceable. For example:
* You can use #Nmap or other port #scanner to detect services. You can refuse active scanning completely and collect data from local agents or from your cmdb.
* You can use the Vulners Burp #API and #Linux Audit #API to detect software vulnerabilities, use can use some other service or you can write your local detection scripts using #NVD or Vulners Collections (see also “Vulnerability Assessment without Vulnerability Scanner“).
5. Rationality. If it is possible to use some security utility, service or product, we will integrate with them, rather than writing our own analogue. We spend resources only on what will give us the maximum profit at a minimum of costs. 😉
#vulnerscom #VulnersAudit #Vulchain #Pycharm #NVD #Nmap #json #Vulchain
Read more: https://avleonov.com/2018/01/05/vulchain-scanner-5-basic-principles/
Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine
If you use Vulners.com #vulnerability #searchengine, you probably know that it has a real “Time Machine”.
Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI:
In most cases, the vendor just corrects typos or adds more details. But sometimes the message can change significantly.
### #CERT.org
For example, in a case of latest #Meltdown and #Spectre #vulnerability. Initial cert.org VU:584653 recommendation was “Replace CPU hardware”. 🙂
#vulnerscom #Tenable #Spectre #Nessus #Meltdown #CERTorg #CERT #VulnerabilityManagement #VulnerabilityDatabases
Read more: https://avleonov.com/2018/01/11/tracking-changes-in-cert-bulletins-and-nessus-plugins-using-vulners-time-machine/
If you use Vulners.com #vulnerability #searchengine, you probably know that it has a real “Time Machine”.
Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI:
In most cases, the vendor just corrects typos or adds more details. But sometimes the message can change significantly.
### #CERT.org
For example, in a case of latest #Meltdown and #Spectre #vulnerability. Initial cert.org VU:584653 recommendation was “Replace CPU hardware”. 🙂
#vulnerscom #Tenable #Spectre #Nessus #Meltdown #CERTorg #CERT #VulnerabilityManagement #VulnerabilityDatabases
Read more: https://avleonov.com/2018/01/11/tracking-changes-in-cert-bulletins-and-nessus-plugins-using-vulners-time-machine/
Confluence REST API for reading and updating wiki pages
In previous posts I wrote how to automate the work with #Atlassian Jira, including automated ticket labeling. Now let’s try to use REST #API of another popular #Atlassian product – Confluence wiki engine.
What you may want to automate in Confluence? Obviously, it may be useful to read the pages that your colleagues regularly update and then use this data in some scripts as an input. You may also want to update your own Confluence pages, for example to post Vulnerability Scanning results. 😉
#python #json #base64 #AtlassianConfluence #Atlassian #API
Read more: https://avleonov.com/2018/01/18/confluence-rest-api-for-reading-and-updating-wiki-pages/
In previous posts I wrote how to automate the work with #Atlassian Jira, including automated ticket labeling. Now let’s try to use REST #API of another popular #Atlassian product – Confluence wiki engine.
What you may want to automate in Confluence? Obviously, it may be useful to read the pages that your colleagues regularly update and then use this data in some scripts as an input. You may also want to update your own Confluence pages, for example to post Vulnerability Scanning results. 😉
#python #json #base64 #AtlassianConfluence #Atlassian #API
Read more: https://avleonov.com/2018/01/18/confluence-rest-api-for-reading-and-updating-wiki-pages/
Kenna Security: Analyzing Vulnerability Scan data
I’ve been following #Kenna Security (before 2015 Risk I/O) for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various #vulnerability #scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts and reports are highly specific for my employer’s infrastructure and needs. And guys from #Kenna team make a standardized scalable cloud solution that should be suitable for everyone.
I think their niche is really great. They do not compete directly with #VulnerabilityManagement vendors. They can be partners with any of them, bringing additional features to the customers. Perfect win-win combination. That’s why #Kenna speakers regularly participate in joint webinars with VM vendors.
I couldn’t lose a great opportunity to see #Kenna Security service in action. 😉
In this post I will try to make a very brief review of #Kenna functionality and formulate pros and cons of the solution.
When you submit trial request at https://www.eu.kennasecurity.com/signup (or https://app.kennasecurity.com/signup if you are not in Europe) you will get a link to your company account:
https://corporation.eu.kennasecurity.com/
The login screen will look like this:
#Tenable #RiskIO #Rapid7 #Qualys #Outpost24 #OpenVAS #Nexpose #Nessus #Kenna #Exploit #Elasticsearch #CVE #VulnerabilityManagement #API
Read more: https://avleonov.com/2018/01/21/kenna-security-analyzing-vulnerability-scan-data/
I’ve been following #Kenna Security (before 2015 Risk I/O) for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various #vulnerability #scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts and reports are highly specific for my employer’s infrastructure and needs. And guys from #Kenna team make a standardized scalable cloud solution that should be suitable for everyone.
I think their niche is really great. They do not compete directly with #VulnerabilityManagement vendors. They can be partners with any of them, bringing additional features to the customers. Perfect win-win combination. That’s why #Kenna speakers regularly participate in joint webinars with VM vendors.
I couldn’t lose a great opportunity to see #Kenna Security service in action. 😉
In this post I will try to make a very brief review of #Kenna functionality and formulate pros and cons of the solution.
When you submit trial request at https://www.eu.kennasecurity.com/signup (or https://app.kennasecurity.com/signup if you are not in Europe) you will get a link to your company account:
https://corporation.eu.kennasecurity.com/
The login screen will look like this:
#Tenable #RiskIO #Rapid7 #Qualys #Outpost24 #OpenVAS #Nexpose #Nessus #Kenna #Exploit #Elasticsearch #CVE #VulnerabilityManagement #API
Read more: https://avleonov.com/2018/01/21/kenna-security-analyzing-vulnerability-scan-data/
Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for #Google Chrome browser. You can read my description of the version 1.0 at “Vulners.com #vulnerability detection plugins for #BurpSuite and #Google Chrome“.
Killing feature of Vulners web #scanner v. 2.0 is that you can now see all vulnerabilities on all scanned sites in a single window. You don’t need to checks all #Google Chrome manually.
Moreover, if some sites make request to other servers, for example googleapis.com, this servers will be checked automatically.
The plugin was fully refactored and now it is #React driven. It works faster, analysis more data sources and detects vulnerabilities more accurately.
#WAS #vulnerscom #React #PHP #GoogleChrome #Google #CVSS #CVE #VulnerabilityManagement
Read more: https://avleonov.com/2018/01/24/vulners-web-vulnerability-scanner-plugin-for-google-chrome-v-2-0/
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for #Google Chrome browser. You can read my description of the version 1.0 at “Vulners.com #vulnerability detection plugins for #BurpSuite and #Google Chrome“.
Killing feature of Vulners web #scanner v. 2.0 is that you can now see all vulnerabilities on all scanned sites in a single window. You don’t need to checks all #Google Chrome manually.
Moreover, if some sites make request to other servers, for example googleapis.com, this servers will be checked automatically.
The plugin was fully refactored and now it is #React driven. It works faster, analysis more data sources and detects vulnerabilities more accurately.
#WAS #vulnerscom #React #PHP #GoogleChrome #Google #CVSS #CVE #VulnerabilityManagement
Read more: https://avleonov.com/2018/01/24/vulners-web-vulnerability-scanner-plugin-for-google-chrome-v-2-0/
Alexander V. Leonov
Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. My description of the version 1.0 you can see at Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome. Killing feature…
Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted
The last time I was developing dynamic web applications years ago. I used CGI and #PHP back then. 🙂 Now I am really interested in a modern approach, when you have a Single Page Web Application (SPA) written in HTML and #JavaScript, that makes http requests to some external #API.
It’s pretty cool, because your application becomes API-centric naturally. You work on human interface and improve integration capabilities at the same time. And the task of securing your web app mostly reduces to securing your formalized #API.
The very best way to learn something new is to write a post about this stuff. 😉 Here I will reproduce my own steps of making a very basic web app:
1. Launch #Apache web-server with http/https.
2. Make a simple #API service: #Nmap wrapper.
3. Make a web-application with “multipage” experience. There should be at least two pages: Scan and About.
4. On Scan page it will be possible to input a target (hostname or IP), #scan arguments and launch #scan by clicking on the button. The same behavior will be if the target will be passed as a parameter in address bar.
5. On other pages should be some static text.
As you can see, it is a very limited task, but it should clear up the most confusing parts of the process.
#Twisted #SSL #python #Nmap #nginx #JavaScript #GoogleChrome #Firefox #CORS #Apache #AngularJS #API
Read more: https://avleonov.com/2018/02/05/making-simple-nmap-spa-web-gui-with-apache-angularjs-and-python-twisted/
The last time I was developing dynamic web applications years ago. I used CGI and #PHP back then. 🙂 Now I am really interested in a modern approach, when you have a Single Page Web Application (SPA) written in HTML and #JavaScript, that makes http requests to some external #API.
It’s pretty cool, because your application becomes API-centric naturally. You work on human interface and improve integration capabilities at the same time. And the task of securing your web app mostly reduces to securing your formalized #API.
The very best way to learn something new is to write a post about this stuff. 😉 Here I will reproduce my own steps of making a very basic web app:
1. Launch #Apache web-server with http/https.
2. Make a simple #API service: #Nmap wrapper.
3. Make a web-application with “multipage” experience. There should be at least two pages: Scan and About.
4. On Scan page it will be possible to input a target (hostname or IP), #scan arguments and launch #scan by clicking on the button. The same behavior will be if the target will be passed as a parameter in address bar.
5. On other pages should be some static text.
As you can see, it is a very limited task, but it should clear up the most confusing parts of the process.
#Twisted #SSL #python #Nmap #nginx #JavaScript #GoogleChrome #Firefox #CORS #Apache #AngularJS #API
Read more: https://avleonov.com/2018/02/05/making-simple-nmap-spa-web-gui-with-apache-angularjs-and-python-twisted/
Nessus Manager disappeared and Tenable.io On-Prem was announced
If you open #Tenable Products page right now you will not see #Nessus Manager there anymore. #Nessus Manager page “The Power of #Nessus for Teams” was also deleted.
However, it is still mentioned in the product comparison. Agent-Based Scanning in SecurityCenter and SecurityCenter Continuous View “* Requires #Tenable.io #VulnerabilityManagement or #Nessus Manager for agent management.”
#Tenableio #Tenable #NessusManager #VulnerabilityManagement
Read more: https://avleonov.com/2018/02/05/tenable-security-killed-nessus-manager-and-anounced-tenable-io-on-prem/
If you open #Tenable Products page right now you will not see #Nessus Manager there anymore. #Nessus Manager page “The Power of #Nessus for Teams” was also deleted.
However, it is still mentioned in the product comparison. Agent-Based Scanning in SecurityCenter and SecurityCenter Continuous View “* Requires #Tenable.io #VulnerabilityManagement or #Nessus Manager for agent management.”
#Tenableio #Tenable #NessusManager #VulnerabilityManagement
Read more: https://avleonov.com/2018/02/05/tenable-security-killed-nessus-manager-and-anounced-tenable-io-on-prem/