Buurst SoftNAS Security Assurance

Owned by Shawn Fletcher
Apr 11, 2024
3 min read

At Buurst, we prioritize the security and reliability of our products, understanding the critical importance of safeguarding our customers' data. To ensure the highest level of security for SoftNAS, we conduct comprehensive vulnerability scans on a nightly basis utilizing two of the industry's leading vulnerability scanners: Nessus and Qualys.

We selected these tools for their comprehensive coverage, advanced detection capabilities, and up-to-date vulnerability databases. By employing both Nessus and Qualys, we achieve a layered and thorough analysis that significantly enhances our ability to identify and mitigate potential vulnerabilities before they can impact our customers.

Nessus:

Nessus is a vulnerability scanner that performs a variety of scans to identify weaknesses in computer systems and networks. Here's a breakdown of its scanning capabilities and compliance standards:

Scans Performed by Nessus

  • Port Scanning: Nessus checks each port on a system to identify what service is running and then probes for vulnerabilities specific to that service.

  • Vulnerability Assessment: It scans for known weaknesses and misconfigurations in systems and software by checking them against a database of vulnerabilities.

  • Credential Checks: It can be configured to test for weak passwords or common default credentials.

Compliance Standards

Nessus is compliant with the Common Vulnerabilities and Exposures (CVE) architecture. CVE is an industry-standard system for recording and referencing known cybersecurity vulnerabilities. This allows Nessus to easily identify and report vulnerabilities using a common language.

Additional Notes:

  • Nessus offers prebuilt policies for various compliance standards, but achieving compliance might require additional security tools or configurations.

  • Nessus Professional and Tenable Vulnerability Management offer features beyond vulnerability scanning, such as compliance checks and configuration audits.

Qualys Scanning: Vulnerability Management

Qualys offers a cloud-based platform for vulnerability management, providing two main scanning functionalities:

  • Vulnerability Scanning: Qualys scans for known vulnerabilities in operating systems, applications, and configurations across various IT environments (cloud, on-premise). It leverages a vast vulnerability knowledge base to identify weaknesses.

  • Web Application Scanning (WAS): Qualys WAS specializes in scanning web applications and APIs for vulnerabilities like SQL injection, cross-site scripting (XSS), and misconfigurations. It helps secure web applications from common attack vectors.

Compliance Standards

Qualys prioritizes accuracy in its scans, boasting an industry-leading Six Sigma 99.99966% accuracy rate. This high accuracy helps with achieving compliance with various security standards.

Additional Notes:

  • Qualys goes beyond just identifying vulnerabilities. The platform prioritizes risks, provides remediation guidance, and offers tools for tracking and managing the patching process.

  • Qualys integrates with other security tools, allowing for a centralized view of your security posture.

 

Our commitment to security extends beyond just scanning; we actively respond to the findings with prompt and effective remediation measures. This proactive approach to security management ensures that SoftNAS remains a reliable and secure choice for your data storage needs.

 

At SoftNAS, your security is our top priority. We're committed to continuously improving the software and addressing potential vulnerabilities.

Here's how we keep you informed and protected:

  • Regular Release Notes Updates: We consistently update our release notes to reflect the latest Common Vulnerabilities and Exposures (CVEs) that we've identified and mitigated in SoftNAS. This information empowers you to stay informed about potential security risks.

  • Upgrade for Optimal Security: We strongly recommend upgrading to the latest version of SoftNAS to benefit from the security patches and improvements we've implemented. Upgrading to the latest version ensures you have the most secure and reliable SoftNAS experience.

For your convenience, you can find the latest release notes on our website: Buurst® SoftNAS 5 Release Notes - SoftNAS Documentation - Buurst (atlassian.net). Upgrading to the latest SoftNAS version is a simple process. Please refer to our upgrade guide Updating Software - SoftNAS Documentation - Buurst (atlassian.net) for detailed instructions.

By staying up-to-date with the latest SoftNAS version, you can be confident that you're using the most secure and reliable software available. If you have any questions or require assistance with the upgrade process, please don't hesitate to contact our support team.