Tenable, the Cyber Exposure company, announced that Terrascan, the open-source cloud security analyzer that helps developers secure Infrastructure as Code, is now included in Nessus® (IaC). Tenable’s integration into Nessus advances the company’s broader cloud strategy by assisting enterprises in securing their full cloud stacks both during build and runtime. The combined solution assists the Nessus user community in dealing with security operations and cloud application infrastructure.
Terrascan is an open-source IaC security analyzer that allows cloud developers to scan infrastructure code for security flaws during the software delivery process. With over 500 out-of-the-box policies, it assists in identifying issues such as missing or misconfigured encryption on resources and communication, as well as inadvertent cloud service exposure.
Terrascan enables cloud engineers to test infrastructure code against security policies early in the development process, when fixing is the least expensive and disruptive. It boosts confidence when “shifting left” and integrates secure design into the DevOps process. Organizations’ attack surface grows as they accelerate their cloud, “as code,” and containerization projects. Nessus with Terrascan enables them to innovate while also addressing security concerns.
“Infrastructure as Code is about making development and cloud delivery programmatic and efficient. Adding Terrascan to Nessus will enable the Nessus community to more easily validate the configuration state of modern infrastructure before it gets deployed, giving cloud developers peace of mind, knowing that the process can be managed securely,” said Glen Pendley, chief technology officer, Tenable. “Terrascan will remain open source. We are not changing the model, and we value and are committed to the Terrascan community, with plans for additional development and investments to increase usability and accessibility.”
The benefits that Terrascan adds to Nessus include:
