A Secure Configuration review is a detailed review and verification of configuration settings of IT infrastructure components including systems, network devices & applications to measure the security effectiveness of the IT environment. Typically, when deploying, maintaining or enhancing computing systems/network/network security devices, the expected secure configuration settings may not be implemented or maybe missed. Any poorly configured component of the IT environment then becomes a weak link that may allow adversaries to gain unauthorized access, leading to possible outages and security breaches. Therefore, periodically evaluating the secure configuration of the IT environment is vital to ensure ongoing security within the organization. A typical secure configuration review activity is conducted in a white-box mode where the assessment team have access to the in-scope IT infrastructure configuration files to identify misconfigurations.
Our team of security experts assist our customers by conducting a comprehensive secure configuration review of the various components within the IT environment while considering multiple global industry standard benchmarks along with corporate policies and regulatory requirements as applicable. Depending of the in-scope IT component, the configuration reviews are conducted using automated scripts/tools or manually using checklists. Such reviews require authenticated scans that require the scanning scripts/tools to remotely login to the target systems to conduct a comprehensive assessment of the current configuration settings.
SecurEyes provides a comprehensive Secure Configuration review service for the IT environment of our customers and covers a wide range of 100+ types of IT components such as:
The below list indicates sample coverage of the control Areas covered as part of the Configuration review:
The stepwise flow of our Secure Configuration review engagements is as follows:
Our comprehensive Secure Configuration review engagements are aligned to the following standards:
You can get in touch with us at sales@secureyes.net to utilize our Cyber Security Testing services for your organization today.