System Hardening and Vulnerability Management

Secure Configuration – No compromise


Full range of CIS Benchmark hardening reports are built-in at no extra cost. NNT are one of a handful of CIS Certified Vendors – The Center for Internet Security are the industry's authoritative source of secure configuration guidance. STIGs and any other SCAP/OVAL automated content can also be used.


Remediation Guidance? Vulnerability Details? All yours

Vulnerability Details

Hardening doesn't have to be Hard! Clear, concise guidance makes hardening systems an almost 'paint-by-numbers' process. Rationale for any hardening measures provided in plain English, together with all remediation commands and settings needed.

Auditor-ready reports to prove compliance


And for compliance, get all the evidential reports you and your auditor could wish for – dashboards, exceptions-only, estate-wide. Full change tracking shows where any Planned Changes have been approved – compliance doesn't have to be a drag.


Key Issues - System Hardening and Vulnerability Management

1. How do you make systems truly secure?

A hardened system is one that is fundamentally secure and rendered hack-proof. Hardening a device requires known security 'vulnerabilities' to be eliminated or mitigated. A 'vulnerability' is any weakness or flaw in software design, implementation, administration and configuration of a system, which provides a mechanism for an attacker to exploit. A secure, locked down configuration requires care to achieve a good balance between security and operational function.

Vulnerability management and maintaining a hardened build standard are inextricably linked to tight change control. Any configuration changes, be it a through patching or other system maintenance, may introduce vulnerabilities so visibility and control of changes is an essential security best practice.

» Learn more about Configuration Management/Change Control and File Integrity Monitoring here

2. How do you get comprehensive and authoritative hardening checklists for all IT systems?

Authoritative hardening checklists for all platforms, database systems and applications – CIS Benchmarks

While there are numerous reference sources for such checklists – The SANS Institute, NIST, Microsoft and Oracle all publish hardening best practice checklists, plus there are numerous guides and forums across the internet - these different sources can lead to contradictory advice, provided in inconsistent formats.

The Center for Internet Security are the information security industry's Number One authority on secure-configuration guidance. CIS Benchmarks are recognized as the Industry-standard for System hardening and Vulnerability Mitigation guidance.

And because CIS Benchmark vulnerability mitigation intelligence is consensus-derived from a variety of manufacturer, security specialist and academic sources, this approach delivers the most complete and accurate hardening checklists available.

Included for each vulnerability is a detailed description, rationale and testing direction for auditing compliance. Where vulnerabilities are identified, easy-to-understand remediation advice is presented.

Best of all, CIS Benchmarks are consistently presented for all

  • Windows, Linux and Unix platforms
  • Database Systems such as SQL Server, Oracle, DB2 and MySQL
  • Applications such as web servers, email servers, LDAP, DNS and Browsers
  • Virtualization Platforms such as ESX Server
  • Mobile platforms such as iOS and Android
  • Network Devices and Firewalls such as Cisco, Juniper and CheckPoint

NNT are one of a handful of CIS Certified Vendors – NNT provide a full range of CIS Benchmark reports that can be used to audit enterprise networks and then monitor continuously for any drift from your hardened build-standard. This ensures systems stay within compliance 24/7.

» Learn more about CIS Benchmarks and File Integrity Monitoring here

» Learn more about database hardening and File Integrity Monitoring here

3. How do you measure and maintain compliance with your hardened build standard and governance standard?

Hardening checklists are usually lengthy, complex to understand and time-consuming to implement, even for one server, let alone a whole estate. A typical checklist for an operating system like Windows or Linux will run into hundreds of tests and settings.

The typical approach to testing for vulnerabilities and measuring compliance with a hardened build standard is to use a vulnerability scanner, such as Qualys®, Rapid 7®, Nessus® or Tripwire®/nCircle®.

There are two problems with this – first, scans are simply a snapshot of compliance and any configuration drift between scans will not be detected leaving systems vulnerable to attack until the next scheduled scan. The other major problem is that a scanner is blind to zero day threats and doesn't provide any file integrity monitoring to detect breach activity. NNT's non-stop file integrity monitoring provides continuous compliance assessment and real-time breach detection.

» Learn more about Continuous Compliance and File Integrity Monitoring here

» Learn more about Breach Detection and File Integrity Monitoring here

Contact us for a no-strings, no-sales pressure trial and see the coolest compliance solution in action for yourself

NNT Products
Trusted by:
USA Offices
New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common

Tel: 01582 287310
email [email protected]
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2018, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.