Nessus can perform vulnerability scans of network services as well as log in to servers to discover any missing patches.
However, a lack of vulnerabilities does not mean the servers are configured correctly or are “compliant” with a particular standard.
The advantage of using Nessus to perform vulnerability scans and compliance audits is that all of this data can be obtained at one time. Knowing how a server is configured, how it is patched and what vulnerabilities are present can help determine measures to mitigate risk.
At a higher level, if this information is aggregated for an entire network or asset class, security and risk can be analyzed globally. This allows auditors and network managers to spot trends in non-compliant systems and adjust controls to fix these on a larger scale.
When configuring a scan or policy, you can include one or more compliance checks.
|Audit Capability||Required Credentials|
|Amazon AWS||Amazon AWS|
|Blue Coat ProxySG||SSH|
|Check Point GAiA||SSH|
|Dell Force10 FTOS||SSH|
|IBM iSeries||IBM iSeries|
|Microsoft Azure||Microsoft Azure|
|Mobile Device Manager||AirWatch/Apple Profile Manager/MobileironÂ|
|NetApp Data ONTAP||SSH|
|Palo Alto Networks PAN-OS||PAN-OS|
|Salesforce.com||Salesforce SOAP API|
|Unix File Contents||SSH|
|VMware vCenter/vSphere||VMware ESX SOAP API or VMware vCenter SOAP API|
|Windows File Contents||Windows|