Operational Services
Configuration Audit
Verify your systems' compliance with security best practices
Why audit your configurations?
Configuration errors are one of the main causes of information system compromise. A configuration audit identifies deviations from security best practices and industry standards.
Key statistic
80% of successful attacks exploit configuration errors or unchanged default settings.
Audit perimeters
Active Directory
Complete audit of your AD environment
- ✓Architecture and topology
- ✓Password policy
- ✓Privileged and service accounts
- ✓GPO and delegations
- ✓Attack paths (BloodHound)
Azure/M365 Cloud
Security of your Microsoft Cloud environments
- ✓Entra ID (Azure AD) configuration
- ✓Conditional access and MFA
- ✓Microsoft 365 and Exchange Online
- ✓Azure RBAC and IAM
- ✓Microsoft Defender
Network infrastructure
Configuration of your network equipment
- ✓Firewalls and segmentation
- ✓VPN and remote access
- ✓Wi-Fi and NAC
- ✓Switches and routers
- ✓Load balancers and WAF
Systems and servers
Server hardening
- ✓Windows Server
- ✓Linux (RHEL, Ubuntu, Debian)
- ✓Containers and Kubernetes
- ✓Databases
- ✓Web services (Apache, Nginx, IIS)
Reference frameworks used
Our audits are based on industry-recognized frameworks
CIS Benchmarks
Center for Internet Security
NIST
National Institute of Standards
ANSSI
ANSSI Guidelines
Microsoft
Security Baselines
STIGs
Security Technical Implementation Guides
Our methodology
1
Collection
Automated extraction of current configurations
2
Analysis
Comparison with frameworks and best practices
3
Prioritization
Classification of gaps by criticality
4
Remediation
Detailed action plan with correction scripts