Vulnerability Management

Continuous Monitoring

It is a cybersecurity best practice, and a critical part of NIST 800-53 Rev.4 FISMA compliance, to regularly perform vulnerability scanning of a representative subset of critical systems. This approach ensures that organizations maintain their desired security posture, based on the security categorization determined for each system. We note that new exploits and vulnerabilities are constantly surfacing for COTS hardware and software, requiring constant vigilance on the part of organizations to ensure that the desired levels of system confidentiality, integrity, and availability are consistently maintained. We note that most security breaches tend to result from a failure in configuration management, and the best way to mitigate that risk is through regular system vulnerability scanning.

Subscription Service

Most customers engage Aerstone to scan their network quarterly, although more frequent rhythm can be supported. There is no pre-payment or retainer required to engage Aerstone for this service, which is billed upon completion of each vulnerability scanning exercise. Each individual vulnerability scanning is coordinated in advance with your organization, to ensure minimum possible disruption to your business process. After each scan, a report of findings is delivered and debriefed, along with any recommendations for prioritization.

Advanced Tools

Aerstone supports a variety of tools for regular continuous monitoring, and can adapt to customer requirements in this regard. For most scheduled vulnerability scanning, we find Tenable Nessus to be an outstanding vulnerability assessment tool. Aerstone maintains licenses for this toolset, which eliminates the need for your organization to absorb this cost. Aerstone engineers will also examine the output of a system scan, and triage the results in a plaintext fashion that will allow your system administrators to address any findings.