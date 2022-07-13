July 2022 by Marc Jacob

External assets and cloud configurations represent two of the biggest cyber risks facing organizations today. Most enterprises lack good accounting of their external footprint, which is easily exploitable by cybercriminals and other threat actors. External Attack Surface Management (EASM) removes such blind spots with capabilities such as discovery, attribution and change detection monitoring of all external assets across the enterprise. At the same time, while organizations are leveraging public clouds, they are frequently deploying cloud security solutions too late in their development cycle. The best way to gain maximum advantage from the cloud is for organizations to begin with infrastructure as code (IAC) security, catching misconfigurations and software vulnerabilities before anything is ever deployed.

Building on the Nessus brand’s reputation as the industry’s most recognized and widely deployed vulnerability assessment solution, Nessus Expert is the first to address both of these pain points head on. Nessus Expert applies a smarter and simplified approach to DevSecOps, enabling users to gain an understanding of an organization’s external attack surface that could be exposed to threat actors and to assess infrastructure as code (IaC) for vulnerabilities before runtime. Following the integrations of both Bit Discovery and Terrascan technologies earlier this year, Nessus Expert is equipped with external attack surface discovery and IaC security analysis, providing pen testers, consultants, SMBs and developers with a unique competitive edge with their expanded risk assessment capabilities.

Key New Capabilities

Nessus Expert offers the following features in addition to everything offered in Nessus Professional:

● External Attack Surface Discovery – to discover internet-facing assets in domains and subdomains associated with an organization

● Infrastructure as Code Scanning – to establish guardrails in automated GitOps and CI/CD processes that ensure secure deployments with minimal effort with up to 500 pre-built policies.