(301) 760-7604

Vulnerability Management

Regularly scheduled scans of public-facing collateral

Ideal for


Continuous Monitoring

It is a cybersecurity best practice, and a critical part of NIST 800-53 Rev.4 FISMA compliance, to regularly perform vulnerability scanning of a representative subset of critical systems. This approach ensures that organizations maintain their desired security posture, based on the security categorization determined for each system. We note that new exploits and vulnerabilities are constantly surfacing for COTS hardware and software, requiring constant vigilance on the part of organizations to ensure that the desired levels of system confidentiality, integrity, and availability are consistently maintained. We note that most security breaches tend to result from a failure in configuration management, and the best way to mitigate that risk is through regular system vulnerability scanning.

Subscription Service

Most customers engage Aerstone to scan their network quarterly, although more frequent rhythm can be supported. There is no pre-payment or retainer required to engage Aerstone for this service, which is billed upon completion of each vulnerability scanning exercise. Each individual vulnerability scanning is coordinated in advance with your organization, to ensure minimum possible disruption to your business process. After each scan, a report of findings is delivered and debriefed, along with any recommendations for prioritization.

Advanced Tools

Aerstone supports a variety of tools for regular continuous monitoring, and can adapt to customer requirements in this regard. For most scheduled vulnerability scanning, we find Tenable Nessus to be an outstanding vulnerability assessment tool. Aerstone maintains licenses for this toolset, which eliminates the need for your organization to absorb this cost. Aerstone engineers will also examine the output of a system scan, and triage the results in a plaintext fashion that will allow your system administrators to address any findings.

Our Experience Sets Us Apart

Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.

We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with security professionals across the military, intelligence community, civilian government, and private industry.

More Products

PCI Compliance

PCI Qualified Security Assessments for payment card acceptance


CMMC Readiness Assessments for DoD Contractor Companies

Red Flag Rules

Compliance With FTC Identity Theft Legislation


Connect with Aerstone's cybersecurity experts today.

Let us know what you’re interested in and we’ll get back to you within 24 hours.