A Partner’s Guide to Mastering Nessus - Enhanced Workflows and Advanced Risk Prioritization

Mastering Tenable Nessus: Enhanced Workflows and Key Value

Learn how Tenable Nessus helps you continuously assess your IT environment, prioritize vulnerabilities with precision, and streamline your security operations. This webinar dives into the features and value of Tenable Nessus, from powerful scanning capabilities to advanced reporting and community support.

[00:00:00] Introduction and House Rules

This opening segment introduces the webinar hosts, Raymond Cana and Sebastian, covering global regions and their roles.

• Webinar Overview: The session is designed to be short (40-60 minutes) and is being recorded. A replay link will be sent to attendees, and it will later be available on tenable.com/webinars.
• Q&A and Feedback: You are encouraged to use the Q&A button for questions, and a post-webinar survey will allow for further topic suggestions or unanswered questions.

[00:02:40] Tenable Nessus 10.12 Release Updates

This section details the new features and improvements introduced in the Tenable Nessus 10.12 release.

• Quality of Life Changes: The user interface now supports drag-and-drop for uploading scan results, which is particularly useful for consultants and customers with multiple Tenable Nessus licenses.
• Technical Enhancements: We added support for OpenSSL 3.5 and FIPS 140.2 (relevant for federal US environments).
• Enterprise Integration: Tenable Nessus can now use Sensor Proxy to connect to Tenable Security Center version 6.9 and later, with added parameters for CLI and Docker commands to link managed Tenable Nessus scanners.
• API Authentication: For enhanced security, API requests for exporting scan results must now be authenticated with a session token.
• Functionality Changes: Role-based access control (RBAC) features specific to Tenable One Vulnerability Management and Tenable Security Center mean unauthenticated requests for file downloads are no longer supported, and API access for plugin rules is removed for new users with basic permissions.
• Security Updates: We fixed a vulnerability in the Windows installer to prevent unauthorized system file deletion, and addressed an issue where basic/standard permission users could access Tenable agent report download endpoints.
• Platform Expansion: Tenable Nessus now supports Windows ARM 64. You can find more details on supported platforms via the provided link.

[00:07:05] Tenable Nessus Features and Value: In-Depth Walkthrough

This segment begins an in-depth exploration of the core features and unique value propositions of Tenable Nessus.

• Core Capabilities: Tenable Nessus provides a quick overview of its features, which we will elaborate upon to highlight its true value to your customers.

[00:07:40] Unlimited IT Vulnerability Assessments

This section explains the broad scanning capabilities of Tenable Nessus Pro and Tenable Nessus Expert.

• Scanning Scope: Tenable Nessus allows you to scan any IP-reachable device within your network, effectively providing unlimited IT vulnerability assessments, provided valid network routes exist.
• Plugin Engine: The core of Tenable Nessus' detection capability lies in its plugins, which are highly specialized "interrogation scripts." Each plugin targets specific security flaws, like missing patches or misconfigured software, and flags assets as vulnerable to specific CVEs.

[00:09:50] The Power of Tenable Research and Plugins

We explore the unparalleled strength of Tenable's research team and its plugin library.

• Tenable Zero Day Research Team: This dedicated team tracks over 100,000 CVEs and maintains nearly 300,000 plugins in the library, ensuring comprehensive coverage.
• Rapid Updates: Over 100 new plugins are released weekly, guaranteeing detection of zero-day vulnerabilities within 12-24 hours of public disclosure, empowering you to act swiftly.
• Key Selling Statement: Tenable boasts the largest, most accurate, and most frequently updated plugin library in the industry, offering customers not just a scanner, but the expertise of a world-class vulnerability research team.

[00:11:45] Tenable Nessus Scan Templates Demo

This live demonstration showcases the various scan templates available in Tenable Nessus, highlighting their ease of use and flexibility.

• Discovery Scanning: Lightweight scans that ping the network and map open ports, showing alive assets—because you can't secure what you can't see.
• Basic Network Scan: An optimized "scan and go" template that fingerprints devices and applies only relevant plugins, simplifying vulnerability assessment for general use.
• Advanced Scan: Provides power users with total control to explicitly toggle specific plugin families on or off, allowing for highly specific scans (e.g., testing for 7-Zip vulnerabilities).
• Advanced Dynamic Scan: A hybrid template that intelligently filters plugins based on user-defined qualities, such as release year or VPR score, to focus scans on specific risk criteria.
• Specialized Scans: Includes templates for malware scanning, credential checking, Active Directory audits, and a "Find AI" template.
• Find AI Template: Actively crawls the network to detect unauthorized AI usage and installations, helping customers identify shadow AI and regain control over their corporate environments.

[00:18:00] Vulnerability Scoring: CVSS, EPSS, and VPR

This section explains the different vulnerability scoring metrics available in Tenable Nessus, emphasizing the unique value of Vulnerability Priority Rating (VPR).

• CVSS (Common Vulnerability Scoring System): The industry-standard metric, which is static and assigns a score based on attack method, difficulty, prerequisites, and potential impact on confidentiality, integrity, and availability. It assumes an attack will happen.
• EPSS (Exploit Prediction Scoring System): Predicts the probability of a vulnerability being exploited within the next 30 days. This dynamic metric uses machine learning to analyze historical exploitation activity and provide a percentage likelihood.
• VPR (Vulnerability Priority Rating): Tenable's proprietary, dynamic metric that translates real-world urgency into an intuitive 0.1-10.0 score. It tracks the actual threat landscape, including Dark Web chatter and public exploits, to tell you if attackers are actively exploiting a bug right now.
• VPR's Impact: VPR dramatically reduces the number of critical and high vulnerabilities security teams need to prioritize from over 160,000 down to approximately 4,200, making remediation efforts highly efficient and targeted.
• Market Differentiation: Tenable pioneered this concept, and our predictive machine learning algorithms are years ahead, backed by a massive, unmatched scale of global data and the Tenable Research team.
• Intelligent Security Advisor: By combining CVSS, EPSS, and VPR, Tenable Nessus acts as an intelligent security adviser, filtering out noise, cutting through alert fatigue, and telling your IT team exactly which vulnerabilities to fix first to prevent attacks.

[00:24:20] Configuration, Compliance, and Security Audits

This segment explores how Tenable Nessus helps you audit system configurations for compliance and security best practices.

• Compliance Scanning: Host-specific scans check if devices (e.g., Windows Server 2022) comply with industry standards like CIS benchmarks or DISA STIGs, focusing on configurations and settings (e.g., password policies, guest accounts).
• Proactive Security: Many cyber attacks exploit misconfigurations, not just complex hacker tools. Tenable Nessus finds both missing patches (vulnerabilities) and dangerous settings, ensuring systems are secure and compliant.
• Framework Support: Tenable Nessus provides partial technical compliance for major frameworks:
  • ISO 27001: Provides technical proof for Annex A controls A.8.8 (continuous vulnerability tracking) and A.8.9 (automated configuration audits).
  • PCI DSS: Satisfies internal compliance for requirement 11.3.1 (internal vulnerability scanning) and requirement 2 (auditing for vendor defaults and insecure protocols).
  • CERT-In (India): Serves as a primary engine for mandatory vulnerability assessments, including discovery scans for shadow IT.
  • CIS Controls & Essential 8: Provides officially certified CIS benchmarks scorecards (covering controls 4 and 7) and validates OS patching and admin privilege restrictions.

[00:29:40] Configurable Reports and Automation

This section highlights Tenable Nessus' flexible reporting capabilities and automation options.

• Customized Reports: You can customize report templates to include only relevant information (e.g., solution and plugin output), making reports shorter and more actionable for IT teams. This bridges the gap between security and IT by providing targeted instruction manuals.
• Streamlined Remediation: Configurable reports translate complex security data into simple, focused insights, speeding up remediation and saving staff time.
• Automation Workflows: Tenable Nessus supports semi-automated workflows through scan scheduling and automatic export of results via email (e.g., CSV files for SIEM ingestion) or APIs.

[00:33:10] Community Support and Tenable Connect

This segment emphasizes the comprehensive post-sales support ecosystem available through Tenable Connect.

• Tenable Connect Hub: A centralized operational hub for community, support, education, and license tracking.
• Zero-Cost Enablement: The "Learn" tab provides access to Tenable University for structured cybersecurity training, onboarding tracks, live office hours with engineers, and a global community forum with knowledge base articles.
• Customer Ambassador Program: The "Engage" tab allows influential accounts to apply for a program to showcase their unique security use cases.
• Unified Support: The "Unify" tab is a secure gateway for managing product licenses, tracking renewals, and opening technical support or customer care tickets.
• Value for Customers: Tenable Connect provides 24/7 technical backing, structured learning paths, and an active global network, easing administrative pressure on your internal teams and protecting recurring renewal revenue.

[00:36:10] Web Application Scanning and External Attack Surface Discovery (Tenable Nessus Expert)

This section details the advanced capabilities of Tenable Nessus Expert for securing web applications and external attack surfaces.

• Web Application Scanning (DAST Tool): Tenable Nessus Expert includes a dynamic application security testing (DAST) tool that identifies known vulnerabilities (outdated components) and unknown vulnerabilities, such as the OWASP Top 10, by testing web applications via payload and response analysis. It provides documentation to help development teams replicate and remediate issues.
• FQDNs: Each Tenable Nessus Expert license includes a pack of five FQDNs for web application scanning.
• External Attack Surface Discovery: Maps the entire subdomain layout of a root domain, providing IP addresses, ports, and DNS records. It also comes with five root domains standard.
• Integrated Security: Tenable Nessus Expert combines network scanning with powerful, automated DAST and external attack surface discovery in one product, eliminating the need for separate tools to secure infrastructure and web applications.
• Ease of Use: A key highlight is Tenable Nessus' "zero hand-holding" approach to web application scanning; once configured, it runs without constant user intervention.

[00:39:40] Q&A Session

The session concludes with answers to audience questions about Tenable products and features.

• Tenable Nessus vs. Tenable One Vulnerability Management: Tenable Nessus (Pro/Expert) is a small, on-premise scanner limited to its network jurisdiction. Tenable One Vulnerability Management acts as a "police chief," managing multiple Tenable Nessus scanners deployed across different environments (e.g., behind firewalls, for work-from-home users via Tenable Nessus Agents), providing a single pane of glass and role-based access control.
• Tenable Nessus Licensing with Tenable Security Center: When you purchase Tenable Security Center or Tenable One Vulnerability Management licenses, you are already using the Tenable Nessus engine. You can deploy as many Tenable Nessus scanners as needed and link them, without needing to purchase separate Tenable Nessus licenses. The Tenable Nessus scanners provide the data, while Tenable Security Center or Tenable One Vulnerability Management provide the analytics and dashboards.
• Plugin Exclusion from Reporting: For enterprise solutions (Tenable One Vulnerability Management, Tenable Security Center), you can use vulnerability recasting to hide specific results or set them to informational status, preventing them from appearing as critical in reports. For Tenable Nessus, you can exclude plugins during scan configuration in the advanced scan template.
• VPR Availability: VPR is available for all findings in Tenable Nessus, not limited to just the top 10. The only exceptions are items that are not vulnerabilities, such as end-of-life software or warning flags for misconfigurations that require attention but are not directly exploitable.
• Tenable Nessus Integrations: Tenable Nessus (standalone Pro/Expert licenses) does not have extensive third-party integrations; the closest is API access for exporting scan results. Integrations are primarily available with Tenable One Vulnerability Management, Tenable Security Center, and Tenable One. Documentation for these integrations can be found on docs.tenable.com and connect.tenable.com.

Watch the Full Webinar

We encourage you to watch the complete webinar recording for a full demonstration and deeper insights into mastering Tenable Nessus and enhancing your vulnerability management workflows. A replay link will be sent to your email, and the recording will soon be available on tenable.com/webinars.