Nessus scanner analysis and comparison tool

Network Vulnerability Analyzer (NVA) allows users of the Nessus scanner to combine multiple .nessus files into Composite Scans and derives the data for scan analysis as well as for comparing scans.

NVA is available at: https://nvanalyzer.com

THE NESSUS PROBLEM

Nessus scanners are powerful tools allowing detecting vulnerabilities on many devices in the network.

However there are a few problems with Nessus scanners.

• The amount of time for a scanner to scan numerous devices is going to be also large.

Because of that, while a scan is being run that might take days, lots of things can happen in the network. The organization can be under a hacker attack while the scanner spends days to just scan the vulnerabilities plus the time required to analyze the large scan result.

A solution to this would be to have multiple scanners scanning subsets of the whole amount of devices needing being scanned. However, this requires purchasing more scanners. Another issue with this solution is that each scanner will produce a .nessus file containing the vulnerabilities for the subset of devices scanned. That is not always ideal when one needs to have an overall image of the vulnerabilities in the whole network.

Here is where NVA comes with a different approach. NVA defines Logical Scans. A Logical Scan is an aggregate of multiple .nessus files, each file being produced by a single Nessus scanner run. A single Nessus scanner can be used to scan multiple subsets of the whole number of devices in the network. Each subset will take less time to analyze and can be added immediately to the Logical Scan. Analysis can start right away while the scanner is scanning the next subset of devices. Every time a new subset of devices is scanned, the resulting .nessus scan file can be added to the Logical Scan and the analysis will continue. Since all .nessus files are added to the Logical Scan, the security team can have an overall image of what vulnerabilities exist in the whole network.

• Nessus scanners provide very little to allow comparing two scans. It looks more or less useless unless someone exports that data to Excel and tries to derive it into something more meaningful. However such an operation is time-consuming, error prone, can not produce enough insights to allow an effective comparison between the two scans and can not be used to justify the status of the vulnerabilities in the network on an audit.

NVA introduces the notion of Logical Scan Comparisons.

User selects two Logical Scans and NVA derives the data so that a user can immediately know what vulnerabilities are New and what vulnerabilities are Gone between the two scans.

The New and Gone vulnerabilities are also presented by vulnerability level.

MORE NVA FEATURES

• NVA presents both single Logical Scans and Logical Scans Comparisons from two perspectives.
• The host perspective

Analysis starts from how vulnerabilities are depicted on each host. Drilling down to each host user can continue the analysis for vulnerabilities associated with different plugins.

• The plugins perspective

Analysis starts from how vulnerabilities are depicted for each plugin type. Drilling down to each plugin user can continue the analysis for vulnerabilities on various hosts.

• NVA provides charts showing the distribution of vulnerabilities by hosts and plugins.

This gives a clear idea of the magnitude of potential problems. Especially when combined with filtering and labeling.

• NVA provides filtering in and out capabilities based on: Host Name, Host IP, Port, Plugin ID, CVE, Protocol and Severity.

Filters can be saved as Templates to be later restored or used as a start base of other filters.

• NVA provides the user with labeling capabilities. A vulnerability on a specific host can be labeled.

Labels can be used in filters, therefore users can organize their work based on the labels they define. For example, some vulnerabilities on some hosts can be marked as very urgent or ignored. The way labels and filters can be used is up to each user needs.

• Nessus Security Center provides some of these capabilities but the price is prohibitive, and they charge by IP.

Compared with expensive solutions using pricing by IP, NVA has a scaling pricing model based on how many users need to be logged in at one time.

NVA YouTube channel contains a few videos that are self-explanatory.

https://www.youtube.com/channel/UCvkdzaWrWf6zpDPcP39iiWA/videos