Tenable, a cyber exposure company, announced Nessus now includes Terrascan, an open-source cloud security analyzer that helps developers secure Infrastructure as Code (IaC). The integration furthers Tenable’s broader cloud strategy, helping enterprises secure their cloud stacks during build time and at runtime. The combined solution helps the Nessus users address security operations and cloud application infrastructure.
Terrascan is an open-source IaC security analyzer that enables cloud developers to scan infrastructure code and find security issues as part of the software delivery process. With more than 500 out-of-the-box policies, it helps identify issues such as missing or misconfigured encryption on resources and communication, and inadvertent exposure of cloud services.
Terrascan enables cloud engineers to test infrastructure code against security policies early in the development process when it’s least costly and disruptive to fix. It provides more confidence when “shifting left” and makes secure design an integral part of the DevOps process.
As organizations migrate to the cloud, ‘as code’ and containerization projects, they increase their attack surface. Nessus with Terrascan lets them innovate and simultaneously address security concerns.
The benefits that Terrascan adds to Nessus include:
- Increased delivery speed – eliminates lengthy pre-production security gates by automating cloud-native security assessments early in the software development lifecycle.
- Reduced risk – helps Cloud DevOps teams avoid releasing insecure software into the cloud and reduces potential windows of risk.
- Rapid time to value – takes advantage of over 500 predefined, standards-based policies to test a broad range of IaC for alignment with security benchmarks.