In the event of a security incident, our Rapid Response Force is available 24/7.
The configuration audit provides a comprehensive analysis of the configurations of market products and solutions used by our customers. We analyze the consequences of non-conformities and determine priority remediation actions to optimize our customers’ efforts.
5
Poor security configurations are 5th in the OWASP 2021 Top 10 – a global reference ranking the most frequently encountered vulnerability categories.
OWASP 2021
Using an off-the-shelf product rather than developing it yourself, moving to the Cloud rather than maintaining an On-Prem infrastructure, integrating a third-party brick at the heart of a business application… there are many good reasons for our customers to use third-party solutions. Yet few of them are aware that configuring third-party solutions is often their responsibility.
Easy configuration extraction
We have developed our own tool for extracting target configurations without installation, with code visibility for administrator review, and including encryption of results for transit to the auditor.
A default, modular audit grid
Our solution integrates several repository sources (CIS, ANSSI…) and can integrate repositories specific to your company.
Risk-oriented results
Risk assessment for each non-conformity is essential. Our aim is to advise our customers on priority actions.
Formind has been qualified PASSI RGS audit provider by ANSSI since January 2019, and on all 5 scopes since 2021. Each of our services benefits from PASSI procedures and expertise, particularly regarding customer data confidentiality.
With security repositories containing hundreds of criteria, it’s easy to get lost in information. Our team’s experienced eye can identify what’s important and optimize correction efforts.
Our team has already carried out configuration audits on over 70 technologies and versions. We capitalize on repositories and automate as we go along, to make each mission more efficient.
How often should I consider carrying out a configuration audit on my equipment and products?
The frequency depends on various factors, such as changes in infrastructure. In general, it is recommended to perform them regularly, especially after major upgrades or modifications to your IT environment.
How does a configuration audit work, and how long does it usually take?
A configuration audit involves an in-depth analysis of your system parameters. The duration depends on the size and complexity of your infrastructure but can vary from a few days to a few weeks. Our aim is to ensure a thorough assessment without compromising quality.
What are the main vulnerabilities that a configuration audit can identify?
A configuration audit can identify various vulnerabilities, such as incorrectly configured parameters, excessive authorizations, too large an exposure surface, and other weak points that could be exploited by attackers.
How do I know if my company needs a configuration audit?
If your company has recently undergone major changes to its infrastructure, implemented new technologies, or if you want to proactively strengthen your security, a configuration audit is highly recommended.
What are the consequences of neglecting a configuration audit?
Neglecting a configuration audit exposes your company to increased security risks. Incorrect configurations can be exploited by cybercriminals, resulting in data breaches, service disruptions and even significant financial damage.
Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!