Nessus Manager disappeared and Tenable.io On-Prem was announced

If you open Tenable Products page right now you will not see Nessus Manager there anymore.  Nessus Manager page “The Power of Nessus for Teams” was also deleted.

Tenable products

However, it is still mentioned in the product comparison. Agent-Based Scanning in SecurityCenter and SecurityCenter Continuous View “* Requires Tenable.io Vulnerability Management or Nessus Manager for agent management.”

And there is also a broken link to Nessus Manager page in the menu:

Tenable menu

It is probably connected to announce of “Tenable.io On-Prem”, that was published last Friday. I think this new product will take a place of Nessus Manager. There are no technical details for the moment. As you can see, in comparison table “Tenable.io Vulnerability Management” is marked only as Cloud.

In the announce it is said that on-prem version “provides the majority of capabilities offered by the cloud-based Tenable.io and a similar user experience, although some capabilities will only be offered in the cloud version.” It’s pretty intriguing what this features will be available only in cloud version.

Tenable.io On-Prem will for sure support:

  • Nessus sensors active scanning
  • Nessus sensors for agent-based scanning
  • Nessus sensors for passive network monitoring (ex-PVS)
  • API/SDK

In the datasheet it is also mentioned that Tenable.io On-Prem will have “elastic asset licensing model”. Somebody was waiting for unlimited scanner with API in exchange for a highly limited Nessus Proffessional 7? Not this case. 😉

I don’t wait for sensation, but it will interesting to see the list of features that will be available only in Cloud version of Tenable.io and prices.

4 thoughts on “Nessus Manager disappeared and Tenable.io On-Prem was announced

  1. Jmodi

    I have a question about using Token value to get the scan information:
    If you use cloud version, you need to get the session token from the tenable IO. and then use that token for various services such as scan list, policy list etc.

    Don’t you think its an insecure process to use as problems such as “Session Hijacking” could occur with such information in the plaintext?

    Example:
    curl -s -k -X GET -H “X-Cookie: token=8bXXXXXXXXXXXXXXXXXXXXXXXXXXXXX025” https://cloud.tenable.com/scans | python -m json.tool

    What could be the solution for such situations?

    Reply
  2. Rafael Matias

    Alexander,

    And about Nessus Manager?

    I subscribe, in 18′ January a lot of licences, and the API to extract results are the bigger winpoint to me. I received today a “alert” to update my Manager to v7, but, when I read the documentation, only founf about APIs on Nessus Professional. I’m afraid thinking if I wish or not update my Nessus Manager :/

    Reply
    1. Alexander Leonov Post author

      Hi Rafael! I don’t know. It seems that there won’t be Nessus Manager anymore. I am curious in how your Nessus Manager will look like after the update. I supposed earlier Tenable could update Nessus Managers to Tenable.io on-prem. But from your words it seems like they will keep Nessus Manager till the expiration of existing licences.

      Reply
      1. Rafael Matias

        In the User GUide of Nessus v7:
        “Nessus Manager is no longer sold as of February 1, 2018. For existing customers, service will continue to be provided through the duration of your contract. For prospective customers, please consider Tenable.io for your vulnerability management needs.”

        Thanks God if Tenable don’t stop to permit Vuln database update for manager

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *