On June 2, 2026, the White House signed an Executive Order directing federal agencies to harden their systems with AI-enabled cyber defenses and to stand up a new AI cybersecurity clearinghouse — most of it on a 30-day clock. Here’s what the EO requires and how Tenable can help.Key takeaways:The new…
T
Tenable Nessus
Tenable · Vulnerability Management
The world's most widely deployed vulnerability scanner
Overview
Tenable Nessus is a vulnerability scanner that identifies security weaknesses across your network, servers, endpoints, cloud infrastructure, and web applications. Nessus Essentials is free for up to 16 IPs; Nessus Professional covers unlimited scanning for SMBs.
UK Pricing
Nessus Essentials: Free (16 IPs). Nessus Professional: ~£3,200/yr. Tenable.io for enterprise.
Target Size
Any size — Essentials free tier suitable for smaller environments
Why Use It
Nessus is the benchmark vulnerability scanner. For UK businesses aiming for Cyber Essentials Plus or ISO 27001, regular vulnerability scanning is required — Nessus provides the audit trail and compliance reports needed.
Why Not
OpenVAS (free) and Qualys (cloud-native) are alternatives. If you're already in the Microsoft ecosystem, Defender Vulnerability Management (included in MDE Plan 2) may remove the need for a separate scanner.
Pros & Cons
Pros
- Industry-standard vulnerability detection — most comprehensive plugin library
- Free Essentials tier for small environments
- Covers network devices, servers, cloud, containers, and web apps
- Clear severity ratings with CVSS scores and remediation guidance
- Audit and compliance templates for CIS, DISA, GDPR, and more
Cons
- Scanning can impact network performance if not scheduled carefully
- Professional licence is expensive for SMBs vs. free alternatives
- Results require skilled interpretation to prioritise effectively
- No built-in remediation workflow — integrates with ticketing tools
- Cloud-native environments require Tenable.io (higher cost)
How to Get the Most Out of It
- Run credentialed scans — they find 2–5x more vulnerabilities than unauthenticated scans
- Schedule scans during off-peak hours to minimise network impact
- Integrate with your ticketing system (Jira, ServiceNow) to auto-create remediation tickets
- Use compliance templates to scan against Cyber Essentials and CIS Benchmark controls
- Prioritise remediation by EPSS (exploitability) score, not just CVSS severity
AI: What's New
Claude AI# What's New with Tenable Nessus
• **AI-powered threat detection integration** – Tenable is partnering with Anthropic (Project Glasswing) to embed AI capabilities into vulnerability scanning, meaning your scans will get smarter at identifying AI-era attacks and exposure risks without requiring major workflow changes from your end.
• **Supply chain vulnerability focus** – New attack patterns (npm deception, PyPI campaigns) are being actively tracked; expect Nessus plugins to get faster updates for detecting compromised dependencies and malicious package tactics in your development environments.
• **Federal compliance acceleration** – If your organization serves federal agencies or must comply with the June 2026 AI Executive Order, Tenable is positioning Nessus as a core tool for AI-era exposure management audits, so compliance scans may need recalibration around AI security requirements.
Latest News
All →By participating in Project Glasswing and working with Claude Mythos Preview, Tenable can help customers better understand how emerging frontier AI models behave, their evolving risks and benefits for cybersecurity, and the kinds of controls organizations will need as AI adoption accelerates.Key tak…
Tenable CTO Vlad Korsunsky talks about participating in the World Economic Forum’s Annual Meeting on Cybersecurity and Tenable’s EXPOSURE 2026 conference, where he talked with global leaders about new game-changing AI threats and the groundbreaking benefits of exposure management.Key takeawaysThe pa…
Oracle addresses 35 CVEs in its May 2026 Critical Security Patch Update with 35 patches, including 11 critical updates.Key TakeawaysThe May 2026 Critical Security Patch Update (CSPU) contains fixes for 35 unique CVEs in 35 security updates11 issues (31.4% of all patches) were assigned a critical sev…
Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate.Key takeawaysVolume doesn’t equal trust. Packages with numerous versions and high download counts might seem legitimate, but …
Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploitation, and organizational risk.Key takeawaysThe "patch everything" strategy is dead: Vulnerability prior…
Cybersecurity leaders and practitioners brought their burning AI cybersecurity questions to EXPOSURE 2026. They left with clear answers and a blueprint for building an exposure management program. Get a recap and see highlights from the event in words and pictures. Key takeawaysAs frontier AI m…
A self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know.Key takeawaysMini Shai-Hulud is a self-propagating worm by TeamPCP that steals developer and cloud credentials across the n…