Business Case: Nessus Tenable Vulnerability Assessment Scanner
Executive Summary
Our current vulnerability management solution is obsolete due to infrastructure changes. We urgently need a replacement to maintain a robust cybersecurity posture and comply with external requirements. The proposed Nessus Tenable solution, with 100 agent-based licenses, offers proactive internal vulnerability assessment for our servers and end-user devices. This investment will significantly improve our security and demonstrate compliance while providing a potential path toward additional revenue.
Problem Statement
Our cloud-centric environment renders our existing on-premises Nessus installation ineffective, creating critical security gaps.
The lack of automated, comprehensive vulnerability assessment leads to inefficient resource allocation, unidentified weaknesses, and increased risk of data breaches.
We need to meet internal and third-party requirements for continuous asset monitoring and protection.
Proposed Solution
Implement Nessus Tenable with an initial 100 agent-based licenses (expandable as needed).
Key Features:
Continuous, automated scanning of up to 100 assets
Detailed reporting and real-time alerts
Configuration assessments and compliance checks
Integration with existing IT infrastructure
Deployment
Install agents on all ISHelp and Gridsmart managed servers and end-user devices (Apple and Windows).
Configure monthly scanning with integration into our monthly security reporting.
Enable high-priority vulnerability alerts.
Benefits
Enhanced Security: Proactive scanning ensures timely identification and mitigation of vulnerabilities.
Compliance Assurance: Meet internal (ITHC) and external standards, potentially including defense WARP processes for assured systems.
Potential Revenue Stream: Option to resell agent-based scanning services to customers (e.g., VCISO offering).
Considerations
Cloud-based Service: Requires careful management of sensitive data, especially if processing OS-level information. A detailed security review is essential prior to handling such data.
Cost Analysis
Annual subscription: £3000 (includes updates, vulnerability database, and support).
Approximate cost per asset per month: £2.50
Return on Investment (ROI)
Risk Reduction: Proactive vulnerability management significantly lowers the risk and potential costs of data breaches.
Compliance Adherence: Avoid penalties and reputational damage associated with non-compliance.
Potential Revenue Generation: Expand service offerings to customers.
Conclusion and Recommendation
Our current vulnerability management solution is inadequate for our cloud-based environment. The Nessus Tenable solution offers essential risk mitigation and compliance benefits. While careful data handling is paramount, the advantages outweigh the risks.
Recommendation:
Approve the Nessus Tenable subscription.
Initiate a detailed security risk assessment and implement appropriate controls.
Develop a formal vulnerability management program.
Add this solution to the company risk register, initially marked as high risk.