Nessus Manager disappeared and Tenable.io On-Prem was announced

If you open Tenable Products page right now you will not see Nessus Manager there anymore.  Nessus Manager page “The Power of Nessus for Teams” was also deleted.

Tenable products

However, it is still mentioned in the product comparison. Agent-Based Scanning in SecurityCenter and SecurityCenter Continuous View “* Requires Tenable.io Vulnerability Management or Nessus Manager for agent management.”

And there is also a broken link to Nessus Manager page in the menu:

Tenable menu

It is probably connected to announce of “Tenable.io On-Prem”, that was published last Friday. I think this new product will take a place of Nessus Manager. There are no technical details for the moment. As you can see, in comparison table “Tenable.io Vulnerability Management” is marked only as Cloud.

In the announce it is said that on-prem version “provides the majority of capabilities offered by the cloud-based Tenable.io and a similar user experience, although some capabilities will only be offered in the cloud version.” It’s pretty intriguing what this features will be available only in cloud version.

Tenable.io On-Prem will for sure support:

  • Nessus sensors active scanning
  • Nessus sensors for agent-based scanning
  • Nessus sensors for passive network monitoring (ex-PVS)
  • API/SDK

In the datasheet it is also mentioned that Tenable.io On-Prem will have “elastic asset licensing model”. Somebody was waiting for unlimited scanner with API in exchange for a highly limited Nessus Proffessional 7? Not this case. 😉

I don’t wait for sensation, but it will interesting to see the list of features that will be available only in Cloud version of Tenable.io and prices.

One thought on “Nessus Manager disappeared and Tenable.io On-Prem was announced

  1. Jmodi

    I have a question about using Token value to get the scan information:
    If you use cloud version, you need to get the session token from the tenable IO. and then use that token for various services such as scan list, policy list etc.

    Don’t you think its an insecure process to use as problems such as “Session Hijacking” could occur with such information in the plaintext?

    Example:
    curl -s -k -X GET -H “X-Cookie: token=8bXXXXXXXXXXXXXXXXXXXXXXXXXXXXX025” https://cloud.tenable.com/scans | python -m json.tool

    What could be the solution for such situations?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *