Find out why organizations like yours choose Carson & SAINT.
Vulnerability Scanning: Why, When and How
Download our whitepaper to learn more about implementing effective preventative measures. This paper covers solutions for internal vulnerability challenges, providing an overview of typical environments.
Next-Generation Vulnerability Management
Download our whitepaper to learn how SAINT Security Suite vulnerability management can help you protect business operations, mitigate risks, simplify compliance, and improve IT management.
SAINT Integration With Cisco Identity Service Engine
Extend your vulnerability management solution by quarantining high-risk assets until vulnerabilities are remediated and verified. Connect SAINT Security Center to the Identify Service Engine (ISE) Management Center as part of Cisco’s ecosystem and prevent high-risk assets from communicating across your environment when high-severity threats are discovered. Download the whitepaper for more information.
SAINT Integration With Cisco FireSIGHT Management Center
Utilize SAINT’s Cisco Partner solutions to interoperate with Cisco FireSIGHT Management Center (formerly Sourcefire) to facilitate impact flag correlation. Download the whitepaper for more information.
The Value of a Dedicated Hardware Appliance vs. a Virtual Machine
Download the whitepaper to learn more about how a dedicated hardware appliance can out-perform a virtual machine.
Jump From MSP to MSSP
Download our whitepaper to learn how to offer valuable security services to clients with minimal investment and delay, quickly delivering new sources of revenue and improving your bottom line.
NIH IT Security Program Support
For two decades we’ve provided security support services to multiple institutes and centers (ICs) at the NIH. Services include:
- System assessment authorization (A&A)
- Policy and procedure development
- Continuous monitoring, including POA&M oversight and validation
- Vulnerability assessment and penetration testing
- Incident response and forensics
- FISMA compliance and reporting
OPM IT Security Program Support
We provide IT security support services for the OPM/EHRI IT Security Program, including:
- System certification and accreditation (C&A)
- System annual security controls testing
- Enterprise architecture support
- System development lifecycle (SDLC) support
- POA&M management
- Policy and procedure development
- Security program compliance reviews
NRC FISMA Review
We have conducted independent FISMA audits/evaluations of NRC’s information security program on behalf of the Inspector General to assess its FISMA compliance. Our team performed an in-depth review of the agency’s security policies and procedures, agency self-assessments, agency certification and accreditation process, system owner security practices and control techniques, privacy processes and controls, testing of system security controls, and plan of action and milestones (POA&M) process.
Internal and external vulnerability assessment scans and penetration testing were performed, using the SAINT network vulnerability security assessment tool to identify exploitable network vulnerabilities.
For numerous commercial customers, we provide IA services, including:
- PCI DSS assessments
- IT security program gap analysis
- Penetration testing
- Vulnerability assessment scanning
- Web application testing
- Social engineering
- IT security policy development
Commercial customers have included Duquesne Light, SharpBanc, Congressional Bank, Encore Marketing International, eCommLink, Hanover Hospital, Advanced Radiology Solutions, Retail Data Systems, and more.
Department of State Portfolio Management CPIC
Carson & SAINT is responsible for the Department of State’s enterprise-wide Capital Planning and Investment Control (CPIC) program management oversight, encompassing all aspects of the IT life cycle, supporting the OCIO. Carson Inc. provides the following services:
- IT management decision support, enterprise architecture, business case development and analysis, and IT system engineering
- High-level strategic and tactical planning to the CIO
- Day-to-day staff to support the IT CPIC governance mechanism
- IT investment portfolio management
- Program management methodologies
DISA Nuclear Command and Control
We are the current contractor for the Battle Staff Certification Support contract to the Defense Information Systems Agency (DISA). For more than 20 years, we’ve supported DISA and the Joint Staff in developing annual assessment exercises for the senior military leadership. This small business contract supports the very narrow field of Nuclear Command and Control (NC2). It provides the Joint Staff with tools to assess warfighter capabilities to support senior civilian leadership in the effective management and execution of nuclear assets, vital to the United States and its allies.
SAINT Security Suite System Requirements
The SAINT Security Suite includes vulnerability assessment, configuration assessment, social engineering, penetration testing, assess management, advanced analytics, incident response, and reporting.
- Amazon Linux 2018.03 or 2
- CentOS 6, 7, or 8
- Red Hat Enterprise Linux 6, 7, or 8
- Ubuntu 16.04 or 18.04 LTS
Note: The operating systems listed are officially supported and recommended. However, SAINT Security Suite offers additional downloads and also runs on other generic Linux/Unix environments.
Administration can be performed locally and/or remotely via any of the supported HTML browsers:
- Internet Explore
Software Memory and Storage Requirements
Minimum: 4GB RAM, 1GB available storage, 1.6 GHZ processor
Recommended small networks: 4GB RAM, 1GB available storage*, 2.3 GHZ processor or faster
Recommended large networks: 8GB RAM or more, 1GB available storage*, 2.6 GHZ processor or faster
* Plus additional storage for scan results and reports.
Virtual Machine Support
In addition to SAINT Security Suite is available in several configurations:
- A cloud-based service: SAINTcloud
- A software download and pre-configured appliance
- A pre-configurated virtual machine (VM) with appliances for both VMware and Oracle Virtualbox