Tenable Nessus can be used to conduct discovery scans and network audits to identify any type of system, laptop, printer, router, wireless access point or network device in a rapid and accurate manner. For each discovered node on the network, Nessus will identify the operating system and running services.

For larger network topologies, multiple Tenable Nessus scanners can be managed by a single instance of Tenable SecurityCenter. This allows multiple scanners to work together for faster scans or to be used by multiple users and organization for different simultaneous audits. Scanners can be placed into zones and independently targeted for large scale scans, scans from the Internet and scans within overlapping yet distinct RFC1918 networks.

For real-time discovery, Tenable offers the Passive Vulnerability Scanner. This product sniffs network traffic in real-time to identify new hosts, open ports, browsed ports and their applications. Passive network monitoring identifies activity on any host, port or protocol in real-time. This is an excellent and often more in-depth compliment to active scans. Most users often limit scans to a subset of the network range and don’t perform a full port scan on every port or both UDP or TCP ports.

When managed by Tenable SecurityCenter, results from active and passive network scanning can be combined for analysis. Passively discovered hosts can be targeted for active scans. Comparisons between active and passive data can be performed.