To our valued Nessus community,
We recently launched a new Tenable Community platform to provide better customer interaction, between customers and with us at Tenable. The new platform combines both the Community and Support in a single location to provide you with a more seamless experience. We migrated all Tenable support customers and existing community members to the new platform on Monday, December 4th. As part of the rollout we created a new Nessus Professional group in the community yesterday, and inadvertently turned on notifications for every post. This triggered a cascade of emails for a subset of Nessus Professional customers for approximately two hours yesterday. We apologize to all customers who were affected by this error.
Upon learning of this issue yesterday, our team immediately identified and quickly resolved it. We are currently implementing system changes to ensure no new notifications will be sent to group members unless you update your own notification preferences. Also, customers will only be added to Collaboration Groups upon their consent. As an extra precaution, we have temporarily disabled the community site as we update the settings. Once the community site is back online we’ll provide instructions on how to update your preferences. In the meantime, if you are in a group and would like to be removed, please email firstname.lastname@example.org directly and we will remove you.
We understand this was annoying and we apologize. This mistake is below the standard we set for ourselves to provide you, our valued customers, with a great experience. We understand the trust that you place in Tenable and we take that responsibility extremely seriously. You have our commitment that nothing like this will happen again.
In spite of this unfortunate error, I’m very excited by the new community site — I look back in time to our original support “channel” for Nessus (venerable mailing lists) and see the contrast and potential to enable each one of you to better share your feedback, knowledge and tips regarding our products, and I simply can’t wait for our team and myself to interact with you this way.
Separately, I also wanted to clarify some of the recent updates to Nessus Professional v7 specific to the API functionality. Nessus has become the gold standard for security practitioners who want fast, comprehensive and accurate point-in-time scans. Starting with version 7, we’ve decided to focus exclusively on this use case and dedicate our development to it. I originally designed Nessus to be used by an individual practitioner or consultant from within the interface. It was never intended for use in a purely automated fashion, using the API to run scans remotely and extract the data into another system. In fact, the first version of Nessus didn’t even have any form of command line support. As a result, we never built any safeguards in the API preventing a script from misusing it and overloading the scanner. Ultimately we decided to let go of this API after having seen some misuse of this functionality which stretched the capabilities of the scanner.
For users who need to initiate and manage scans remotely, we have built a much better user experience in Tenable.io, which offers a robust, supported and better documented API, along with richer reporting options and the ability to manage and federate multiple scanners.
Another point I’d like to cover is the removal of multi-user support in Nessus Professional v7. In the past, you could create multiple, independent users in Nessus Professional v6 and prior versions. We evaluated this feature and realized it adds confusion and falls short of expectations since users can’t share results, so we decided to remove it as well.
These changes were done in the spirit of clarifying our product portfolio so we can focus our development efforts on the features that matter – and what practitioners actually use. Less than 2% of users use the remote scan API, and there are only a handful of scanners out there with multiple users. We believe using our engineering resources to make the scanner more efficient, flexible and scalable rather than focus on corner use cases is the right strategy to providing you with the best experience.
For users who need fast, accurate, point-in-time vulnerability assessment, we want to empower you to get your job done and give you the power and flexibility you need. I’m excited to say that that’s precisely what we’re delivering with Nessus Professional v7. In addition to ongoing improvements in performance and vulnerability coverage, we also made the Nessus Professional license easily transferable (eliminating the 10-day waiting period), removed the “computer tie-in” so you can now install Nessus on a bootable USB stick or cloud instance, enabled you to include your own tailored branding in reports and added automated report delivery upon scan completion.
I’d like to thank each of you for being loyal Nessus users. We are committed to continuing on our heritage of innovation with continual development and improvements to our entire product portfolio. We look forward to delivering advancements that make you more successful, efficient and secure.
Co-founder and CTO
This is a Security Bloggers Network syndicated blog post authored by Renaud Deraison. Read the original post at: Tenable Blog