Nessus Pro is a well-established commercial vulnerability assessment tool in the market. Recently, Tenable released a new product called Nessus Expert, which builds upon the features of Nessus Pro and offers additional functionalities.
Nessus Expert provides vulnerability assessment for modern attack surfaces, including Infrastructure as Code (IaC) scanning and external attack surface discovery capabilities. With 500 prebuilt policies, Nessus Expert checks configuration files and code repositories for security and configuration issues before production. This helps to prevent costly mistakes that can arise when vulnerabilities and misconfigurations are unknowingly pushed into production.
Nessus Expert also contains external attack surface management functionality to continuously discover and inventory an organization’s internet-facing assets from an attacker’s perspective. This allows users to gain important contextual information about internet-facing assets and easily launch a scan on newly identified assets.
In addition, Nessus Expert edition comes with a compliance audit module for cloud infrastructure, which works with AWS, Azure, GCP, Rackspace, and Salesforce. It provides a list of issues that need to be resolved for better configuration and compliance.
Nessus Expert has all the features of Nessus Pro, with additional features for external attack surface scanning and compliance audits of cloud infrastructure. The basic license model remains the same, with single install and unlimited IP scanning.
External Attack Surface Management (EASM) is a relatively new concept in the cybersecurity industry, which refers to a set of tools and techniques designed to help organizations identify and manage risks associated with their internet-facing assets and systems. This emerging product set was first coined by Gartner in 2021 and is distinct from the more established term, Attack Surface Management (ASM).
ASM encompasses the processes, technology, and professional services deployed to discover vulnerabilities in external-facing enterprise assets and systems. This includes servers, credentials, public cloud service misconfigurations, and third-party partner software code vulnerabilities that malicious actors could exploit. In contrast, EASM focuses specifically on the risks associated with internet-facing assets and systems that an organization may be unaware of.
While EASM is a new term, it overlaps with other established security domains such as third-party risk assessment (TPRM), vulnerability assessment, and digital risk protection services. Additionally, there are complementary domains such as penetration testing (pentesting) and cloud security posture management (CSPM). However, given the nascent stage of EASM, it may be subject to future changes.
It is important to note that ASM covers more than just EASM. ASM covers a broader set of risks that organizations may face from their external-facing assets and systems. Therefore, while EASM is an important aspect of ASM, it should not be mistaken for the entirety of ASM. As organizations continue to evolve and adopt new technologies, EASM will undoubtedly remain an important area of concern in ensuring the security of their internet-facing assets and systems.
In addition to overlapping with other security domains, EASM also has complementary markets such as penetration testing (pentesting) and cloud security posture management (CSPM), among others. However, since EASM is still a new and emerging concept, it may be subject to future changes as the industry evolves.
It’s important to note that ASM covers more than just EASM. While EASM specifically focuses on identifying risks from internet-facing assets and systems, ASM encompasses the processes, technology, and professional services deployed to discover vulnerabilities in all external-facing enterprise assets and systems. This includes not only internet-facing assets, but also internal-facing ones such as servers, credentials, and third-party partner software code.
In summary, EASM is a new term introduced by Gartner in 2021 to refer to a product set that helps organizations identify risks coming from internet-facing assets and systems they may be unaware of. While EASM overlaps with other security domains such as TPRM, vulnerability assessment, and digital risk protection services, it also has complementary markets such as pentesting and CSPM. However, it’s important to keep in mind that ASM covers more than just EASM, as it encompasses all external-facing enterprise assets and systems.
E-SPIN, as a Tenable partner since 2005, can help businesses understand their requirements and propose solutions that work for their business case and context. If interested in learning more about Nessus Expert and its pricing, feel free to contact E-SPIN for any related inquiry.
You may also be interested in other posts.