Greenbone and OpenVAS

OpenVAS is still the most widely used open-source vulnerability scanning product, with over 30,000 installations worldwide.

OpenVAS is now known as the Greenbone Community Edition - its still free to use and as easy to use and effective as ever. But the commercial version is even better! The Greenbone Security Manager provides a complete vulnerability scanning solution for organizations of any industry, size or location

In summary, upgrading to the Greenbone Security Feed and a Greenbone Security manager appliance gives you so much more!

Convenience – Set-up and future upgrades are automatic, you can schedule scans to run whenever you want

Flexibility – Physical and Virtual appliance range allows you to deploy as much scanning power as you need to can thousands of endpoints per hour, and you can even physically distribute scanning using Greenbone Sensors

Peace of Mind – Why settle for scanning for just some known vulnerabilities when you could be testing for ALL known threats? The professional Security Feed is updated daily and provides over 40% more tests.

Download OpenVAS

Instructions for Installation »

Subscribe to our newsletter and keep up to date with all NNT and Greenbone news

Why you should upgrade from the OpenVAS Community Feed to the Greenbone Commercial Feed

The Security Feed for both versions differs in four main areas: Content, quantity, quality and availability.

Features	Greenbone Security Feed	Greenbone Community Feed
NVTs included	Every NVT	Only basic NVTs
Quality Assurance (QA)	Consistent	Variable
Availability	Assured with SLA	No promise
Fixes / Improvements	Assured with SLA	No promise
Support	Assured with SLA	Via community on voluntary basis
Updates	Constantly / daily	Constantly / daily, but without enterprise features
Transfer	Encrypted	Unencrypted
NVT Signatures	SLA for QA / Fixes	Transfer Integrity

Greenbone includes every self-developed Network Vulnerability Test (NVT) into its professional Greenbone Security Feed (GSF), but not into the Community Feed (GCF).

These NVTs can be grouped as:

Group	GSF	GCF
HOT NVTs	Y	Y
NVTs for Home Products	Y	Y
German "Grundschutz"	Y	Y
NVTs for Enterprise Products	Y	N
Compliance (i.e. PCI, ISO27001)	Y	N
Operational Technology (ICS / SCADA)	Y	N
Signed NVTs	Y	N

The following list gives some examples of those professional enterprise-grade products which are only part of the professional Greenbone Security Feed:

Generally, all Enterprise-grade products and all OT (i.e. ICS/SCADA) products
MS Windows Server and back office solutions (e.g. SharePoint, SQL Server, etc.)
Products from Palo Alto Networks, Cisco, Juniper Networks and Fortinet
Oracle Solaris IBM WebSphere products (i.e. IBM WebSphere Application Server)
Lotus Notes or SAP products
VMWare paid products

All in all, the Community Feed encompasses about 30% less NVTs than those included in our professional feed.

What are the benefits of upgrading from OpenVAS (Greenbone Community Edition or GCE) to to Greenbone Security Manager (GSM) professional product range?

The GSM range is delivered as either a Physical or Virtual Appliance so you are up and running within minutes.

	Greenbone Security Manager	Own GCE (OpenVAS) – Installation

Setting-up	Turn-key (10 minutes)	Selection of operating system and hardware, then build on your own or install readily available community packages; perhaps use a community VM
Coverage	Concerted: All OpenVAS modules with several scan tools	Select and align on your own or take community defaults
Feed compatibility	Assured with SLA	Establish your own
Performance	Optimized for hardware	Optimize on your own
Backup/Recovery	Integrated	To be solved individually
Fixes	Assured with SLA	To be managed on your own, perhaps import Community-Fixes
Support	Assured with SLA	Via community on volunteer basis
Updates	Regularly and seamless	On your own pace and method

The Features of GSM and GCE are tailored to the environment:

	GSM (professional environments)	GCE (SOHO environments)
Ways for Updates & Feed	Possible via GSM Sync Port, via Proxy S-Connect, via AirGap, via GSM Master	only Community Feed
Coverage	Concerted: All OpenVAS modules with several scan tools	Select and align on your own or take community defaults
System Update	Contains Security Updates, can update from any version to latest release, Grace Periods for EoL and LTS, Migration of data and configurations between appliances and versions	Not available
Protocols	NTP, GMP, HTTPS, SSH, SNMPv2, SNMP, Syslog, IPv6, LDAP, RADIUS and more	HTTPS only for WebGUI; SSH, IPv6
Integrations and Connectors	Different vendors like PaloAlto, Fortinet, Cisco FireSight, NAGIOS, Splunk, Verinice and more	Not available
Backup/Recovery	Backup for User Data, System Data via LVM, Transfer via SCP or USB, Import of GCE Data, Transfer between appliances	Only via environment (HyperVisor)
Alarms, Schedules	Via Email, via HTTP, via SMS, via connector to a SIEM or Ticket system. complete scheduling possible	Not available
Scan architecture	Master/Slave, AirGap inside of high-sec zones	Not available