Security Configuration Management

Collect and evaluate security configuration data to manage compliance with hardening guidelines and best practices.

"Some kind of network or service misconfiguration is encountered on an internal penetration test over 96% of the time. These misconfigurations could be leveraged over 80% of the time."
Rapid7, Under The Hoodie report 2018

Hardening systems is a daunting task

In an ideal world, every system in your IT environment is hardened to best withstand attacks. In reality, system administrators inherit IT environments in which hardening guidelines have not been applied and they face a daunting task.

Complex environments, legacy systems, and configuration drift

System hardening would be a breeze if all systems would be set up from the same master image, but that’s often not the case. Even in environments where this is true, deviations in configurations will occur over time due to various implemented changes.

Security Configuration Management: Getting systems in line

Getting an overview of the current state of hardening in a complex environment is hard to achieve without the right tools. Davinsi Labs offers solutions to test the hardening compliance level of large amounts of systems, independent of the vendor’s management solutions.

Not only do our solutions offer much-needed visibility, but they also provide analytics to choose the right actions to take and provide capabilities to register policy rule exceptions. Features for reporting, dashboards, and integration with ticketing systems help close the operational loop and help implement a process at scale.

Improving hardening in complex environments with legacy systems is a challenge. Rapid7 InsightVM provides the features to gain visibility, to define worthwhile actions and to make the process scale.

Let's go for excellence

Don’t hesitate to contact us if you need more information, have a question or believe we can assist you in your quest for Digital Service Excellence.

I have read and agree with the privacy policy

"Recent breaches have revealed that not only are many security experts guilty of focusing on the bright shiny new products while overlooking the more mundane evolutionary upgrades of traditional defenses. Of course, security threats are constantly changing – but is that a reason to ignore the first principles of IT security: assessing vulnerabilities, hardening the infrastructure, and checking for unexpected changes?"

Mark Kedgley