Nessus review 2016

Information Assurance is a successful research and development company that prides itself on superior medical and pharmaceutical products. Due to its achievements Information Assurance is gaining ground in the research and development industry. This has inadvertently attracted cyber criminals which have resulted in attacks to attempt the theft of intellectual property. The stolen intellectual property is then sold to Information Assurance competitors which led to false accusations in 2011. The company has suffered from vandalism of their corporate website and numerous Denial of Service attacks over a 9 month period. These cyber crimes have caused damage to the company’s image and degraded public trust.

In spite of the attacks on the company, Information Assurance has persevered and continues to flourish. The continuous improvement of research and development projects over the years has proven fruitful. In order to maintain momentum and carry on growth, Information Assurance heavily relies on its medical and pharmaceutical advancements. Though the company is currently breathing a sigh of relief, there is still fear of the possibility that valuable intellectual property may become compromised once more. Concern is raised as recent events of cyber theft claims one of Information Assurance’s top competitors who has been strong in the industry for over 40 years. Due to the increasing threat of cyber theft, Information Assurance is beginning to entertain the idea of improving security.

Addressing the Problem

Information Assurance is still a young company whose executives are hesitant in investing in a network security program. As technology advances and cyber attacks are becoming more common, falling behind in this sector of the company could result in great loss in the future. As a result of this, security holes create attack points and vulnerabilities for hackers to steal information, damage assets, and wreak havoc on the infrastructure. Implementing strong network security will greatly decrease attack vectors and vulnerabilities.

In particular, I advise performing a thorough vulnerability assessment that will provide enormous insight into the health of our corporate network. A vulnerability assessment defines, identifies, and classifies security holes in a network that requires attention (Rouse, 2016). Recommendations are then proposed to remedy any concerns discovered concluding the assessment. Once the updates are installed, another scan can be performed to ensure compliance is being met.

The assess, patch, and verify cycle is a standard method of addressing security issues in an organization, and is required by some outside groups (Rogers, 2011). Additionally, this security measure can be used to create trend reports which provide statistics for areas showing improvement and areas still needing improvement. It can also provide insight into post attacks where systems were compromised. Event correlation can show specifics on how the attack was carried out (Rogers, 2011). Using the right tool to carry out the assessment will ensure the best results and is vital in securing a network. A Vulnerability scanner would be a great addition to the security program in safeguarding the company network against cyber criminals.

Nessus

As stated before, choosing a competent security tool to assess your network for vulnerabilities is a very important thing to consider. One tool stands out in particular that I highly recommend. Nessus is a program developed by Tenable Network Security to scan networkable devices for vulnerabilities, compliance, threats, and configuration audits (Kamal, 2014). Many IT professionals in top organizations use Nessus due to its stability, practicality, consistency, and usability. Tenable supplies network security to more than a million customers and more than 20,000 corporate business worldwide (Flick, 2016). Businesswire.com reports “Tenable's customers range from Fortune Global 500 companies, to the U.S. Department of Defense, to mid-sized and small businesses in all sectors” (Flick, 2016). Contrary, hackers also use this tool to assess a network for attack vectors. Realizing this allows the administrator to understand the same techniques used by hackers and eliminate vulnerabilities before a hacker exploits them. Surveys conducted every three years by Sectools.org showed Nessus to be the number 1 vulnerability scanner in 2000, 2003, 2006, and 2009 (Rogers, 2011).

History

Nessus was a project initially ignited by an unfunded security researcher, Renaud Deraison, in 1998 to provide a free network security scanner (LeMay, 2005). This permitted the scanner to be open source allowing for security professionals to contribute to the program by leveraging their expertise. This changed on October 2005 as the company Tenable Network Security, co-founded by Renaud Deraison, moved to Nessus 3 making it a proprietary project (LeMay, 2005). The free registered versions were then removed from their database in 2008. Tenable does allow for a free home version for use on home networks.