Vulnerability assessments play a critical role in an organization’s ability to defend against security threats. They also help grade the effectiveness of technical controls already in place.
Not all vulnerabilities should be treated the same. Some will need to be addressed immediately while others may be addressed at a later date. Our reporting will give your customer an actionable roadmap for remediation. While other security companies simply run a tool and provide a 400-page report, we spend time ensuring that the results are concise, actionable, and without noise.
Cyberstone will look for areas of weaknesses such as missing patches, outdated firmware, unnecessary open shares, default passwords, incorrect permissions, and rogue devices. We then provide your customer with a prioritized “fix first” remediation report and step them through what needs to be done to close gaps in their defenses.
We follow the globally-recognized NIST SP-800 115 standard when performing vulnerability assessments.
Cyberstone’s vulnerability assessment services will help your customers comply with the following regulations.
- PCI Requirement 11.2.1 & 11.2.2
- New York State DFS 23 NYCRR 500 §500.05(a)(2)
- Gramm-Leach-Bliley Act §501(b)
- Federal Trade Commission 16 CFR Part 314
Click below to learn more about our other services: