uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites,’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.


SANS Critical Control 4: Continuous Vulnerability Assessment and Remediation

As part of SANS 20 Critical Security Controls mapping with Unified VRM series, today I am going to discuss Critical Control 4: Continuous Vulnerability Assessment and Remediation.

This is really the Unified VRM SaaS solution specialty.

Most of our customers tell us that prior to using Unified VRM, they were performing either a vulnerability scan every quarter or a full penetration testing once a year – the most sophisticated ones.

Performing a Continuous Vulnerability Risk Management process means that the organization can perform vulnerability scans on-demand, on most the enterprise critical infrastructure (including wired and wireless network and web applications) and it has a process to completely remediated discovered vulnerabilities after they have been discovered. Most organizations in fact fail in the remediation process, not in the detection!

The SANS Critical Control 4 continues by mentioning the following essential steps for implementing the control:

“Step 1: Vulnerability intelligence service provides inputs to vulnerability scanner

Step 2: Vulnerability scanners scan production systems

Step 3:Vulnerability scanners report detected vulnerabilities to a vulnerability management system (VMS)

Step 4: The VMS compares production systems to configuration baselines

Step 5: The VMS sends information to log management correlation system

Step 6: The VMS produces reports for management

Step 7: A patch management system applies software updates to production systems.”


Unified VRM excels in all the previous points and features by:

1. Vulnerability Detection Signature are produced QAed every day by a team of expert coders and penetration testers at NopSec.

2. Vulnerability scans can be performed on-demand by the customers on all critical infrastructure, including wired and wireless networks and web applications. The scanning engines are absolutely production-safe, as they automatically throttle if they sense reduced response times from target hosts.

3. Vulnerabilities are reported the Unified VRM and automatically verified by our patent-pending artificial intelligence engine, that also prioritize the vulnerabilities based on their impacts on the organization’s critical infrastructure.

4. The security configuration module can test and rate your critical hosts’ security configurations against best practice and compliance configuration standards.

5. Correlation among different assets with the same IP address happens, correlating for example network based vulnerabilities on web server with web application based vulnerabilities.

6. Results can be filtered and drilled against all the vulnerabilities key metrics and against custom established meta-tags. An easy-t-use report generator helps generating reports for management, auditors and technical decision makers – network administrators and code developers.

7. Unified VRM interacts with most of commercial and open source patch management (Microsoft, Puppet, etc.), and trouble ticketing systems (Jira, Remedy, etc.) through its RESTful authenticated interface. Unified VRM also helps generating Web Application Firewall blocking and logging rules to temporarily block discovered web application vulnerabilities.

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.