Paying for the NESSUS Plugin Feed?
Results 1 to 6 of 6

Thread: Paying for the NESSUS Plugin Feed?

  1. #1
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252

    Question Paying for the NESSUS Plugin Feed?

    Hello all-

    Our team has been discussing with IT Security whether or not we should pay for the NESSUS feeds or not based on our usage. I was wondering if anyone is currently paying for the Direct Feed and believing their nodes are more protected or not from it. Basically - has the benefit (direct/indirect) equalled or surpassed the cost?

    Thanks in advance-

    genXer.

    From http://www.nessus.org - plugin descriptions page:

    Plugins

    As information about new vulnerabilities are discovered and released into the general public domain, Tenable's research staff designs programs to enable Nessus and NeWT to detect the presence of them. These programs are named 'plugins' and are written in the Nessus Attack Scripting Language (NASL). The plugins contain vulnerability information, a generic set of remediation actions and the algorithm to test for the presence of the security issue. In some cases, one plugin may depend upon another. Typically, Tenable Network Security produces plugins for vulnerabilities within 24 hours of its public release.

    Direct, Registered and GPL Feeds

    Three feeds are available - Direct, Registered and GPL.

    A 'Direct Feed' is commercially available which entitles subscribers to the latest vulnerability checks. Customers who purchase a Lightning Console or NeWT Pro scanner receive access to this feed with their annual product maintenance.

    A 'Registered Feed' is available for free to the general public, but new plugins are added seven days after they are added to the 'Direct Feed'. To obtain access to the 'Registered Feed', users are required to enter contact information for tracking and also agree to Tenable's license agreement for the plugins.

    The 'GPL Feed' does not require registration, and includes plugins written by the user community. As manager of the Nessus project, Tenable continues to accept plugins written from the Nessus and NeWT user communities. Plugins accepted with a copyright under the GNU Public License will be distributed to the Direct, Registered and Public feeds at the same time.

    Pricing

    The access to the GPL feed and to the Registered Feed is free.
    Pricing for the 'Direct Feed' is based upon the number of Nessus or complimentary copies of NeWT in use within your organization, consultancy or service. The cost is $1200 per scanner per year. For more information, please contact Tenable's sales staff.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    We currently use the Tenable paid Nessus feed. Simply put, unless you are leveraging Nessus to identify almost zero day issues and new exploits, then waiting 7 days for the plugin to become available is no big deal.

    That said, I have a few non paid nessus boxes around and when I find something that I need to scan for I simply write my own NASL and get busy. Sometimes this is the best way to go because some NASLs come with extra bloat that isn't applicable in your environment.

    has the benefit (direct/indirect) equalled or surpassed the cost?
    I wouldn't say that it equals or surpasses the cost. It's more of a nice to have thing because we have other avenues of identifying new exploits and zero day "stuff". One indirect benefit is that we got excellent marks from an external auditor for having the paid Nessus feed. Management sees this and instantly becomes happy. Isn't that what it's all about?!

    Anyway, if you have any more questions, I'd be happy to answer.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    Thanks for the responses and information. Your avenue of thought is the same we were progressing to, however I want to now question IT Security if we have other ways to id zero-day exploits - if not - then I may change my mind about the purchase of the direct feed.

    Also - I keep seeing notices about version 3 - but no release dates - have you heard anything?

    Last - closed source on NESSUS - I hear good and bad things about it; good, in that it will be better for Tenable, and bad, because it may limit the sources of information coming into the virtual think tank. Any thoughts on this?

    Thanks again-

    genXer.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    if we have other ways to id zero-day exploits
    Remember, if they are solely relying on Nessus for zero day and such, it assumes that they are scanning around the clock. This isn't practical so we use Nessus for auditing purposes and for reactive procedures, such as identifying vulnerable hosts to an exploit that we've received reports on that will become an automated attack soon. This is when the new MS KB plugins become valuable to us (and are only available if you have the paid feed). Here is where the seven day wait may actually hurt us. This was the final item that drove the purchase.

    Also - I keep seeing notices about version 3 - but no release dates - have you heard anything?
    I speak with Renaud every so often (developer of Nessus) and there are no firm dates. This isn't uncommon. No vendor wants to set a hard line for a release date in the event that something comes to light that will kick them in the seat. This is especially true given their circumstances. They are releasing a major revision and it's their first closed source revision.

    Last - closed source on NESSUS - I hear good and bad things about it; good, in that it will be better for Tenable, and bad, because it may limit the sources of information coming into the virtual think tank. Any thoughts on this?
    There are several schools of thought on this. The bright side, looks at OpenSSH as an example of open source that when forked from closed source, great things happened. Since all the current Nessus forks (I know of 3 or 4 right now) are all based on the current 2.5 release, it's too early to tell if the open Nessus forks will die off or flourish.

    Since insiders have told me that rarely have there been code contributions to the engine they decided to close it up. The final straw was when people were taking Nessus and rebranding it and selling it as part of a solution. I can see where that would piss Tenable off. Don't get me wrong, I'm a huge fan of open source and have contributed all NASLs I wrote to Tenable.

    Time will tell on this. My gut tells me that OpenNessus won't do very well right away. One more thing I will bet on and that is that Nessus will also (eventually) go to a full closed solution. No GPL NASLs. However, I don't think that will come too quickly.

    Anyway, my 2 cents.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    Great - thanks for the feedback.

    Reading your response made me think a tick - just one tick - I'm allowed one a day:

    Remember, if they are solely relying on Nessus for zero day and such, it assumes that they are scanning around the clock. This isn't practical so we use Nessus for auditing purposes and for reactive procedures, such as identifying vulnerable hosts to an exploit that we've received reports on that will become an automated attack soon. This is when the new MS KB plugins become valuable to us (and are only available if you have the paid feed). Here is where the seven day wait may actually hurt us. This was the final item that drove the purchase.
    Right. So realizing that scanning around the clock would not work for us - is there a better solution? I ask as I struggle with this quandry and will be checking with our IT Security group to see what their thoughts are.

    Thanks again for the information.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Right. So realizing that scanning around the clock would not work for us - is there a better solution?
    There is. However, it must be customized to your environment. We have several tiers of solutions we use along with good old fashion intelligence operations. There is no single solution magic trick for this. If someone tells you otherwise, they're either a vendor or not in the "know".
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •