Technology is often blamed for cyber security incidents, but many security weaknesses manifest because new technology hasn’t been deployed and configured correctly. Or even not configured at all when default settings aren’t updated.

These misconfigurations are now the primary cause of cyber security issues in the Cloud, and misconfigured storage services have been blamed for a significant number of breaches over the past two years.

Our on and off-prem build and configuration reviews assess operating systems, devices, services and cloud environments to ensure they are in line with security best practices. A good review will achieve the best balance between security and functionality for a business’s critical assets.

Mitigating the risk with build and configuration reviews


Build and configuration reviews should be part of a holistic approach to security. A configuration review will look at system environments, devices, and services to identify misconfigurations and weaknesses that potentially increase the vulnerability of the system.

Our services will highlight and demonstrate security opportunities that could be implemented to ‘harden’ your technical infrastructure and increase its resilience.

At its most basic level, this includes disabling unnecessary guest accounts to prevent their use by an intruder and verification that updates have been installed.

PGI has a team of experienced technical consultants who can carry out secure build and configuration reviews of your corporate IT infrastructure and cloud-based environments to reduce the risk of compromise.

How PGI can help secure your infrastructure


Organisations can appropriately manage risk by ensuring that settings are reviewed and benchmarked against industry best practice and your organisation’s risk appetite. In cases where an organisation chooses to accept the risk they can do so knowing that a specialist review has taken place to provide insight into the nature of the issue and its potential impacts.

  • Cloud configuration reviews Read more Read less

    Cloud computing is growing in popularity—especially after the radical workplace changes that were imposed in 2020 by the COVID-19 pandemic—and this has caused concern for many organisations around how to best secure these systems and their data from attack. With increasing amounts of data and content being stored in cloud-based systems, cloud security is becoming ever more important. Performing a security configuration review of a cloud-based environment will provide an important security benchmark for the organisation using that environment.

    Just because an organisation’s cloud systems ‘work’, in that they support business as usual (BAU) operations, does not mean that they are secure. A huge number of cloud storage solutions have been left exposed to the internet for intruders to explore in recent times.

  • Device build and configuration reviews Read more Read less

    Network device configuration reviews aim to identify misconfigurations in network devices by assessing their running configuration. This assessment reviews whether a network device is correctly configured and managed.

    Devices may include:

     

    Switches, routers and firewalls
    Many organisations rely on firewalls and network devices as key elements of their security controls, so it is important to ensure that they have been set up correctly. Our tests aim to identify security vulnerabilities, such as failure to achieve best practice or instances of incorrect firewall configuration. The scope of each review can be adjusted to suit individual circumstances.

    One of the critical issues our team see is that switches, routers and firewalls may receive updates or patches and that some organisations fail to apply these as rigorously as on laptops and servers due to an ‘out of sight, out of mind’ mentality.

    Desktops and laptops
    Assuring the hardware and software on these key business tools is an important aspect of mitigating cyber risk. Our consultants identify vulnerabilities and weaknesses in current configurations that could be used to gain unauthorised access to sensitive data, systems or networks.

    Servers
    We review the configuration of a wide range of servers to ensure they have been deployed and set up in line with security best practice. As key components that provide applications and services to your organisation, operation reliability is vital to business operations and protecting company assets. We can help you determine the risks associated with patching to ensure that you continuously deploy updates while maintaining the highest possible service availability levels.

    Gold builds
    Organisations use templates to create specific deployments of desktops, laptops and servers, configured for the purpose at hand. Gold build templates assessed against industry best practice provide high deployment efficiency and security assurance, reducing the risk of user error at deployment time.

    iOS and Android mobile devices
    Losing track of a smartphone that isn’t correctly configured can result in your organisation’s data being accessed inappropriately, so it is vital that these devices are secure. This is of especially high risk due to the mobility of such devices; they may be moved on a constant basis with members of staff and exposed to the risk of loss and theft.

Ready to get started? Speak to one of our experts.

If you have any questions about our services or would like to learn more about our consultants here at PGI, please get in touch with us and speak with one of the team, call us on +44 (0)845 600 4403 or email us at sales@pgitl.com

Get in touch

The benefits of conducting a build or configuration review


  • Minimise your risk

    A configuration review will provide you with detailed insight into your IT infrastructure, ensuring the features are configured in line with your risk appetite and profile and industry best practice.

  • Keep your data safe

    Due to the complex nature of cloud-based environments and the default settings of many electronic devices, security misconfigurations can have a significant impact on the confidentiality, integrity and availability of data that is managed within the environment.

  • Save on the cost of re-deployment

    By reviewing builds and software configurations before rolling them out across your organisation and you will save on the costs of needing to redeploy if something isn’t quite right.

Why choose PGI to review your builds and configurations?


 

All of our secure configuration reviews are conducted in line with recognised security hardening standards, such as those produced by the Center for Internet Security (CIS). And, where required, guidelines produced by the National Cyber Security Centre (NCSC), ISO 27001 and PCI Security Standards Council, along with the guidelines produced by application and device vendors.

Using these industry-recognised hardening standards ensures our consultants can deliver an accurate benchmark of your devices or applications, providing peace of mind.

Want to find out more?