VULNERABILITY ASSESSMENT SERVICES PROVIDED BY WETSTONE TECHNOLOGIES
As a trusted leader in the cyber security industry, WetStone Technologies has a proven reputation of independently and objectively conducting vulnerability assessments for enterprise customers, in large or small environments, to evaluate the organization’s security posture. Companies can be assured the evaluation will be performed with honesty and transparency. The team of certified vulnerability experts at WetStone has experience scanning many different types of environments, both large and small. Following the completion of vulnerability scanning, WetStone Technologies provides a remediation plan to the customer that details a prioritized remediation strategy for any identified vulnerabilities. WetStone can also evaluate customer networks for compliance with regulations such as PCI or HIPAA.
TYPES OF VULNERABILITIES THAT CAN BE DETECTED
Using some of the leading vulnerability assessment tools available, WetStone can detect the following vulnerabilities:
- Default usernames and passwords
- Missing software patches
- Database misconfigurations
- Web application vulnerabilities
- Non-essential services running on a machine
- Unnecessarily-open ports on a machine
- Outdated application installations
HOW WETSTONE SCANS A NETWORK ENVIRONMENT FOR VULNERABILITIES
WetStone’s vulnerability scanning tools are designed to perform non-intrusive scans on network devices in order to identify vulnerabilities. Scans can be performed either with or without credentials. For the most complete view of the devices, read-only domain administrator credentials should be used so that the scanner can authenticate to the systems to analyze them.
WetStone utilizes one of the best network vulnerability scanners available—Tenable Nessus. WetStone leverages the power of Nessus to authenticate to a variety of hosts running many different operating systems and applications. Tenable Nessus is deployed in the customer’s environment using a small virtual appliance file to get the scanner operational in minutes. Once the scanning appliance is deployed, the team at WetStone will remotely login to the device and configure the appropriate scans for the devices on the network.
In addition to scanning operating system-level vulnerabilities, the scanning appliance can authenticate to database instances and scan for vulnerabilities such as outdated database versions, published exploits against the database instance version, and other types of vulnerabilities, such as weak user passwords, database misconfigurations, and DISA STIG vulnerabilities.
WetStone Technologies’ reporting, following a network vulnerability assessment, is what sets it apart from the competition. WetStone does not merely deliver the reports that are generated from the Nessus scanner. WetStone’s cyber security experts review the raw data from the vulnerability scan results and build detailed reports that provide both high-level and low-level information regarding the vulnerabilities found on the network. These reports can be delivered to management. They can also be used by IT professionals to give them a prioritized remediation strategy for patching the security vulnerabilities identified by the WetStone team.
RE-SCAN AFTER REMEDIATION
If the customer requests, the team of professionals at WetStone will re-scan the network after they have made remediations that were recommended at the conclusion of the initial vulnerability assessment. This will provide the organization with an overview of the effectiveness of the remediation efforts that have been performed so far. It will also allow them to clearly see what additional effort is required to remediate the remaining vulnerabilities.