Imprimis Sustainment Services
Once an organization achieves full compliance with the CMMC mandate, NIST 800-171/53 or any other standard or regulation, they need to commit to ongoing efforts to remain in compliance – or sustain compliance. Imprimis provides a full suite of supporting services. These are divided into two groups – Continuous Sustainment Services and On-Demand Services.
The continuous activity includes continuous monitoring of the system, frequent vulnerability scans, part-time CISO (Chief Information Security Officer) support and training. Imprimis also provides support when needed or on-demand. These services include incident response, forensic analysis, annual reassessments and advisory services.
Imprimis provides continuous monitoring via a cloud-based SIEM (Security Information & Event Management) which collects logs and network information from multiple devices and has the ability to correlate activities and identify anomalies. The analysis also includes behavioral analysis utilizing a UEBA (User or Entity Behavioral Analysis) program. Logs and data are collected from key devices within the network and stored in a cloud-based SIEM where the UEBA analysis takes place. Alerts are issued for anomalies and the logs are maintained for at least 12 months. One of the primary benefits of continuous monitoring is tracking logins and failed login attempts. With proper network segmentation activities within the network can be tracked as well.
Another very important capability is to scan the network for vulnerabilities. Vulnerabilities exist within the software used for operating systems and applications. They can also include open ports and exposed network segments. Imprimis installs scanner software within the network to provide the scanning information, the internal scans show open ports, and any un-remediated software vulnerabilities on all devices within the network. The scanning software also performs a discovery scan which is important for asset management - both software and hardware assets. Vulnerability scans of externally facing IP addresses are scanned periodically to ensure no vulnerabilities are exposed outside of the network.
Imprimis provides training as part of the sustainment support. Training is a mandatory compliance requirement and is one of the most important activities a company can provide as part of their cybersecurity program. More than 3 out of 4 successful attacks involve the compromised accounts of someone who is authorized to be on the system.