Tenable Changes Nessus Licensing

Tenable Network Security is changing the licensing model for Nessus. The new licenses go into effect July 31. They replace the free Registered Feed option where users could update plug-ins after a seven-day period with a free Home Feed that offers updates with no delay and the current Direct Feed, which will be replaced with the Professional Feed. The Professional Feed is aimed for organizational use at an annual cost of $1,200. Current organizational users will have to purchase a Professional Feed to continue to use Nessus in the workplace. In a letter to their users, Tenable said charity and educational organizations can still receive the Professional Feed free.

The biggest benefit in the license change is that there is no longer a delay to the updates for the free Home User feed. As soon as the plug-ins are available, they will be current. However, companies that used Nessus' Registered Feed will now have to pay for the privilege by subscribing to the Professional Feed, which gets you access to plug-ins that are aimed at enterprise use such as host configuration checks that conform to the Federal Desktop Core Configuration requirements and the Center for Internet Security checklists. In addition, the Professional Feed provides the ability to search content for sensitive data.

Many commercial vulnerability scanner companies typically require companies to register network addresses or DNS names as part of the licensing process. One reason is because the products are priced on a per seat basis. The other reason is to keep administrators from using the scanning product on unauthorized computers.

The Home Feed version of Nessus has no restrictions on its use. The license is based on the honor system. Ron Gula, CEO of Tenable, stated in an interview that the decision not to enforce home use from within the product is because, in his experience, the honor system works. Using the Home Feed in a company is a violation of the license and companies are willing to risk violating the license. In addition, placing onerous restrictions on software licenses becomes a support headache that affects legitimate users.

Gula also said they learned a lesson with Newt, an early version of Nessus for Windows. Newt was restricted at a single subnet and Tenable received a lot of negative feedback on the restriction. Rather than alienate users, the restriction was removed.The driver behind the change in the Professional Feed license really has to do with funding the research to develop checks and plug-ins. The time it takes to develop plug-ins is expensive. New network products are showing up in network daily and vulnerabilities are still being found. Keeping a vulnerability scanner up to date takes resources. Some of the improvements to Nessus funded by the Professional Feed fees will make it into the Home Feed version. For example, support for IPv6 is available in both versions because IPv6 is showing up everywhere. Plug-ins that clearly address commercial use, like SCADA scanning, will be available through the Professional Feed. Gula wouldn't speculate on which road-mapped features would fall into Home Feed, but will make that decision on case by case basis.

To ease the transition for companies who use the Registered Feed today, Tenable is offering a 25% rebate on the Professional Feed fee until July 31.