.

Tenable Updates Plugin Subscription Model for Nessus

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri May 23, 2008 11:38 pm

Tenable Updates Plugin Subscription Model for Nessus

Huh? I had to read this a few times, and I'm still not sure I get it all based solely on this press release. Bottom line is that it is no longer free for companies. Free options still there for homes and non-profits. How many of you out there will suddenly have complex home networks, so you can get your plugin updates at "no charge and with no delay?"

Either way, this is how their site spins it:

Tenable Network Security Inc. today announced an update to its subscription model that will benefit home user and qualifying charities around the world.

Please read the letter to the Nessus community here.


What do you think of this new $1200 per year model?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Sat May 24, 2008 12:25 pm

Re: Tenable Updates Plugin Subscription Model for Nessus

I knew it was just a matter of time. Hmmm, yes my network at home just got a little bigger. As far as the $1200 a year, I would rather go with GFIlanguard if I am going to have to pay. I feel its  more complete and way more options for tweaking your scans.
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Sat May 24, 2008 8:02 pm

Re: Tenable Updates Plugin Subscription Model for Nessus

I think the companies that depend/use Nessus mostly will have to suck it up (resulting in higher fees to their clients possibly) or look for a new product as previously mentioned. 
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

LSOChris

Post Sat May 24, 2008 9:38 pm

Re: Tenable Updates Plugin Subscription Model for Nessus

i'll be looking into openVAS
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Thu Jul 10, 2008 11:24 am

Re: Tenable Updates Plugin Subscription Model for Nessus

We are dealing with this issue. Nessus along with a few other tools have been part of our kit for a while. Now there is a work around form what here that does not involve a more complex home network. there is supposedly a company that will be publishing plug ins for nessus for free becasue they are upset with Tennable.

Kev,

I just got done playing with LANguard and I felt that it left things unfound and had a few too many false possitives for us. Namely, it was telling me in our lab that on one of the machines that ports 21, 25, and 110 weree open. After checking both the machine itself and using nmap, the ports were all closed. It also missed bo2k. With that said, I would be careful with whatever tool you decide to use.

Mike
Mike Conway
CISSP
CompTia Security +
C|EH
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Jul 10, 2008 4:59 pm

Re: Tenable Updates Plugin Subscription Model for Nessus

I am sticking with Nessus for a while.  I don't think GFI LanGuard is a legit product replacement for Nessus.  I will also be watching OpenVAS, like Chris.  Nessus is still free for "home" users for now.  It's accuracy has picked up in the last couple of releases and it seems dependable. 

At the same time, I see no reason to switch, even if there is a $1200 fee.  If you look at SAINT, Retina, Qualsys, etc, they are about the same on the accuracy scale.  I don't think that they have anything on Nessus.  I may just spend the $1200 a year if OpenVAS doesn't pan out. 

Anyone think that CANVAS is worth the investment?  Or is Metasploit plenty?

Ketchup
~~~~~~~~~~~~~~
Ketchup
<<

LSOChris

Post Thu Jul 10, 2008 5:34 pm

Re: Tenable Updates Plugin Subscription Model for Nessus

not to totally hijack the thread but what do you need canvas for?  its hard to answer your question otherwise. 

its a decent tool, but any time you have to pay you really need to take a look at why. 
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Jul 10, 2008 9:58 pm

Re: Tenable Updates Plugin Subscription Model for Nessus

I was just looking at CANVAS as an additional exploit engine.  They seem to have some of the exploits that Metasploit doesn't.  At $1400 or so, it's not a bad investment to compliment Metasploit, maybe?
~~~~~~~~~~~~~~
Ketchup
<<

LSOChris

Post Thu Jul 10, 2008 10:38 pm

Re: Tenable Updates Plugin Subscription Model for Nessus

yes its a good supplement, the mosdef stuff is pretty nice from a post exploitation perspective, newer exploits, etc.

documentation is lacking so be for-warned on that one.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Fri Jul 11, 2008 9:53 pm

Re: Tenable Updates Plugin Subscription Model for Nessus

The real key to making metasploit a contender is understanding how to add your own exploits to the database. My feeling is you should first learn metasploit inside and out and then learn how to add new exploits to it, see how far this gets you.  Even if you have someone else paying for an expensive tool, its good to be familiar with well known tools that are often used in the wild.
<<

LSOChris

Post Sat Jul 12, 2008 9:41 am

Re: Tenable Updates Plugin Subscription Model for Nessus

yeah but if people dont have the ability to write their own exploits then canvas is the  next cheapest option.

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software