Tenable.IO is there newest product. It has a faster scanning engine and more integration capabilities (web app scanning).
Here is the high level architecture of the tool. The product provides all of the functionality of the old nessus scanner and has added multiple things:
- Active Scanner - Like old Nessus product
- Passive Scanner - Captures network information across the wire to inventory and alert for changes in the environment (between active scans)
- Agent - Install agent on end points for on demand/scheduled VM scans
- API and SDK to start creating integrations with other systems in your environment
- Third-party sources - System is building 'connectors' to allow other systems to send information into the tenable.io product. (example they used was AWS. You enter your creds for AWS environment it will pull and load the CloudTrial logs and provide vulnerability information off of that data)
- Container Security - Plugin for scanner to detect Containers running on servers/assets
- OPS: Start utilizing scanner during on-boarding process of new devices and changes to understand your environments/assets
- OPS/IT: Utilize the active scanner to keep a baseline of your network/asset. Use the passive scanner as a way to keep an eye on things in that environment 'between' active scans.
- DEVELOPMENT: If you using Docker or any other Container type technology and want to add another layer of security into your Security Lifecycle. Part of the tenable.io suite allows for scanning of Docker Containers, this could be added to your CI/CD server to run scans against containers every time there is a build and add some additional security to your SDLC process.
- Research/Intel : Pull output from tenable.io tool and match it with current threat details in your Threat Management Tool (i use Recorded Future to help with this piece). If done right it will take the vulnerability information and match it against the 'threats/risks' and provide a good guide on where to start with patching and the timeline needed .