Vulnerability ScanningRegularly scheduled scans of public-facing collateral
It is a cybersecurity best practice, and a critical part of NIST 800-53 Rev.4 FISMA compliance, to regularly perform vulnerability scanning of a representative subset of critical systems. This approach ensures that organizations maintain their desired security posture, based on the security categorization determined for each system. We note that new exploits and vulnerabilities are constantly surfacing for COTS hardware and software, requiring constant vigilance on the part of organizations to ensure that the desired levels of system confidentiality, integrity, and availability are consistently maintained. We note that most security breaches tend to result from a failure in configuration management, and the best way to mitigate that risk is through regular system vulnerability scanning.
Most customers engage Aerstone to scan their network quarterly, although more frequent rhythm can be supported. There is no pre-payment or retainer required to engage Aerstone for this service, which is billed upon completion of each vulnerability scanning exercise. Each individual vulnerability scanning is coordinated in advance with your organization, to ensure minimum possible disruption to your business process. After each scan, a report of findings is delivered and debriefed, along with any recommendations for prioritization.
Aerstone supports a variety of tools for regular continuous monitoring, and can adapt to customer requirements in this regard. For most scheduled vulnerability scanning, we find Tenable Nessus to be an outstanding vulnerability assessment tool. Aerstone maintains licenses for this toolset, which eliminates the need for your organization to absorb this cost. Aerstone engineers will also examine the output of a system scan, and triage the results in a plaintext fashion that will allow your system administrators to address any findings.
Aerstone has developed a customized dual-homed VPN-enabled pentesting device, which comes loaded with our full suite of penetration testing software. This device, which may be deployed to a customer’s network to support remote testing engagements, allows Aerstone's testers to securely test your network without having to be physically present on-site. AerStrike™ supports both on-device and network pass-through testing, as well as both wired and wireless connectivity.
Our Experience Sets Us Apart
Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business. We
approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with security professionals across the military, intelligence community, civilian government, and commercial sectors.
Contact our sales team at email@example.com for more information.