What is VSOS?
Virtual Auditor’s Virtual Security Officer Server (VSOS) is a unique, fully-managed, information security auditing assessment solution that helps you establish a formal information security program within your organization. VSOS is packed with powerful vulnerability, auditing and testing tools that can help identify security vulnerabilities within your environment, as well as gaps in your existing security program.
Virtual Auditor Eliminates
VA helps organizations prepare for, and succeed with, numerous industry compliance requirements. VA supports: ISO 27001/02, GLBA, FFIEC, NYC Part 500, HIPAA, HITRUST, NIST 800-53, and more. Learn more about the compliance solutions VA offers here.
What does virtual
Unlike a third party auditor plugging his/her foreign machine into your network and scanning with a number of unknown or unsafe tools, VA takes a different approach. Imagine taking all of the best assessment security tools in the industry and molding them into one assessment engine. Virtual Audior’s VSOS is such an engine. VSOS is located in your data center, never “in the cloud”.
The server is dedicated to your organization and does not carry the potential malware risks from on-site third party auditors’ laptops that have connected to dozens or hundreds of networks. Rather than being handed a large “snap shot in time” audit without the benefit of a baseline, VA delivers consistent reports of useful data and imagery, based upon progress over time, in a ready-to-present format for management.
VSOS is a repeatable lifecycle auditing tool that delivers bite size information to the IT Administrators for remediation purposes. Just like the old saying, “How do you eat an elephant? One bite at a time!” Virtual Auditor helps to establish a process that makes information security a daily part of the organization, not just once a year at audit time. VSOS can deliver tickets to your standards-based Help Desk platform to facilitate IT and Security remediation on a consistent basis.
Where does it reside?
NOT IN THE CLOUD! This appliance sits within your network and collects data that is never transmitted outside your domain and never sent to offshore resources.
VSOS has been used as tool for Compliance Departments for internal audits and for security within the IT Department itself. Since every organization’s structure is different, different departments may oversee the VSOS process.
How is Virtual Auditor’s VSOS different from other security technologies such as:
a SIEM (Security Information Event Manager)?
A SIEM blindly captures all event logs across the network from devices that have been configured (usually with an agent) to send their logs to the SIEM. Although SIEMs are an excellent log capturing platform, the amount of data transmitted to them are so overwhelming that SIEMs in most organizations become “shelfware” or too expensive to maintain. VSOS is complimentary to a SIEM, not a replacement for it.
an Onsite Security Analyst (consultant
or a full time employee)?
While the VSOS appliance doesn’t purport to be all things to all organizations, in this era of difficult recruiting, training, and retaining technical information security staff, VSOS can provide consistency in collecting, analyzing, reporting, and monitoring technical information security vulnerabilities. VSOS is not subject to turnover, lost documentation, or pointless training or time spent out of the office. Whether as a replacement for a smaller organization, or a valued member of the team in larger organizations, the VSOS is highly proficient in its role.
A Third Party Assessment?
As opposed to a point-in-time snapshot of technical vulnerabilities delivered in an overwhelming mass of data, VSOS provides consistent, manageable reports and remediation steps. Benefit from VSOS’s extensive documentation to help establish your internal program to identify and mitigate vulnerabilities.
Current Audit Modules
VSOS can be implemented into any Active Directory environment running Windows operating systems, Macs, Linux, Cisco devices, SCADA systems, IBM iSeries servers, and databases. VSOS’s vulnerability engine is an agentless auditor of configurations, patches, and web applications.
As VSOS checks for compliance findings it covers PCI DSS, HIPAA / HITECH, NIST, firewalls, routers, and virtualization. VSOS detects, scans, and profiles numerous devices and resources to increase security and compliance across your network.
VSOS covers network devices, virtual hosts, databases, OSes, & web applications. VSOS utilizes extensive configuration and compliance auditing modules for the following areas:
- Antivirus Vendor Audits
- CERT Recommendations
- CIS & NSA Best Practice Guides
- GLBA Guidelines
- HIPAA Profiles
- NIST SCAP & FDCC Content
- PCI Configuration Requirements
- Recommended Vendor Settings
- Cisco Router & Firewall Configurations
- Juniper Router, Firewall & Network Switches
- Palo Alto Networks Firewalls
- Network Inventory Audits
- Active Directory Audits
- Software White List Audits (Acceptable & Unacceptable)