<%image(20080514-nessus.jpg|76|73|Nessus)%>
I came across this post by Martin McKeay on the Network Security Blog today talking about changes to the Nessus license that Tenable will be starting July 31st. Martin makes some really good points and I recommend you read his post. Basically as a corporate user you will need to pay for the new “ProfessionalFeed”. A corporate user is classified as anyone that uses Nessus in a corporate environment, including MSSP’s and security consultants (some exceptions apply for non-profit and charities). From the Nessus announcement:
“…Tenable’s “Direct Feed” will be re-named to the “ProfessionalFeed” and the “Registered Feed” will be discontinued. The ProfessionalFeed will entitle subscribers to the latest vulnerability and patch audits, configuration and content audits and commercial support for their Nessus 3 installation. The ProfessionalFeed will serve as Tenable’s commercial subscription and will be required for individuals and organizations that want to use Tenable’s Nessus plugins commercially.”
Looks like you are now getting everything that you would have gotten if you were a previous “commercial” user including support for Nessus 3. Home users will still be allowed to download the free “HomeFeed”.
My thoughts are that I personally get a ton of value out of Nessus…it’s simply the most versatile vulnerability scanner out there (from a pentest and customization perspective especially). Now that it is going to this “pay for plugins” model it doesn’t really change much for me..I think the Tenable guys do great work and now that they will have more cash flowing in I would suspect the Nessus product offering will only get stronger.
Oh, and don’t forget that Tenable is offering a limited time rebate for corporate users:
“Tenable is offering a 25 percent rebate for the Direct Feed subscription service (normally available at $1200 per year), beginning May 14, 2008 until July 31, 2008 only when purchased through Tenable’s e-commerce site.”
iam using regitered feed but still scaning is working and i can able to update the plugin when it will going to discontinue??
There are some other possibilities to get feeds apart from Nessus. You can use a nessus port (OpenVas.org) wich is free. And you can download free feeds for Nessus from some companies wich started to offer it after the Tenable announcement. For example, http://www.alienvault.com/f… has an automatic free feed daily updated, or http://www.secpod.org has another one, manually installed. So you won’t need to pay anymore to get nessus plugins.