Nessus
What is Nessus?
NessusA commercial vulnerability scanner from Tenable that identifies missing patches, misconfigurations, and exposed services across networks, endpoints, and cloud workloads.
Nessus is one of the most widely deployed vulnerability scanners, originally released as open source by Renaud Deraison in 1998 and now developed and sold by Tenable. It performs authenticated and unauthenticated scans against operating systems, databases, network devices, web servers, containers, and cloud workloads, mapping findings to CVE, CVSS, EPSS, and compliance benchmarks such as CIS and PCI DSS. Security teams use Nessus for routine vulnerability management, pre-engagement reconnaissance during penetration tests, and as a data source for risk-based prioritization tools. Like any scanner, it can cause service disruption and must be scoped, throttled, and authorized before use.
● Examples
- 01
Running an authenticated Nessus scan against a Windows fleet to identify missing patches and risky services.
- 02
Exporting Nessus findings to a vulnerability management platform for ticketing and SLA tracking.
● Frequently asked questions
What is Nessus?
A commercial vulnerability scanner from Tenable that identifies missing patches, misconfigurations, and exposed services across networks, endpoints, and cloud workloads. It belongs to the Defense & Operations category of cybersecurity.
What does Nessus mean?
A commercial vulnerability scanner from Tenable that identifies missing patches, misconfigurations, and exposed services across networks, endpoints, and cloud workloads.
How does Nessus work?
Nessus is one of the most widely deployed vulnerability scanners, originally released as open source by Renaud Deraison in 1998 and now developed and sold by Tenable. It performs authenticated and unauthenticated scans against operating systems, databases, network devices, web servers, containers, and cloud workloads, mapping findings to CVE, CVSS, EPSS, and compliance benchmarks such as CIS and PCI DSS. Security teams use Nessus for routine vulnerability management, pre-engagement reconnaissance during penetration tests, and as a data source for risk-based prioritization tools. Like any scanner, it can cause service disruption and must be scoped, throttled, and authorized before use.
How do you defend against Nessus?
Defences for Nessus typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Nessus?
Common alternative names include: Nessus Professional, Tenable Nessus.
● Related terms
- defense-ops№ 1218
Vulnerability Scanning
Automated process that probes systems, applications, or containers against known vulnerability signatures to produce a list of potential weaknesses.
- defense-ops№ 1217
Vulnerability Assessment
A systematic review of an environment to identify, classify, and prioritize security weaknesses, typically without active exploitation.
- vulnerabilities№ 1216
Vulnerability
A weakness in a system, application, or process that an attacker can exploit to violate confidentiality, integrity, or availability.
- vulnerabilities№ 259
CVE (Common Vulnerabilities and Exposures)
A public catalogue that assigns a unique identifier to each disclosed software or hardware vulnerability so they can be referenced unambiguously across the industry.
- vulnerabilities№ 261
CVSS (Common Vulnerability Scoring System)
An open framework, maintained by FIRST, that produces a 0–10 severity score for a vulnerability based on its exploitation characteristics and impact.
- defense-ops№ 802
Patch Management
The end-to-end process of identifying, testing, deploying, and verifying software updates that fix vulnerabilities or bugs.
● See also
- № 740Nmap