In addition to missing patches and security updates, a weak device or application configuration can significantly assist an attacker during an initial attack on your environment or when pivoting an attack from an already-compromised host.
Typical weak configuration settings can include weak or default credentials, insecure service permissions, unused management services being present, weak password & account lockout policies, ineffective event logging or a lack of application security hardening – all of which can prove valuable to an attacker.
A secure configuration review provides an in-depth inspection of your devices or applications to identify configuration weaknesses that may reduce their resilience to attack.