I conduct internal Pen Testing for my organization and one factor of the testing is doing vulnerability scanning using Nessus. Sometimes that can be too agressive on the servers being scanned causing compliants of the users. (Please save the "If the servers are vulnerable to scans, they are too vulnerable period" comments. )

I was just wondering what some of your opinions were on "Passive Vulnerability Scanning". If you have used it, how successful it was, etc.

Currently I am considering Tenable's NeVO. http://www.tenablesecurity.com/products/nevo.shtml but am open for suggestions for alternate solutions.

Any advice you could give would be great.