Enterprise IT Vulnerability Management System with Nessus

Abstract

Technical Vulnerability management in corporate networks has become a key requirement and an expensive task due to the high cost of vulnerability management tools. Nessus is one of the most efficient and affordable vulnerability scanner among many commercial and open source/free tools. But the use of Nessus in enterprises were limited due to it’s limitations in enterprise features compared with other commercial vulnerability management tools. After closing the source code, the sole distributer, Tenable Network Security has developed enterprise features as a separate product but the price of that is not affordable to small and medium size enterprises. This project is an effort to integrate the enterprise features with free Nessus scanner engine and the commercial vulnerability signature feed from Tenable Network Security making it the choice for small to medium size enterprises. This report discusses the functionality of the Nessus vulnerability scanner, the analysis of similar efforts with Nessus by other parties, the features added in this project, the design and the implementation of the project and the future work.