Secure Host Configuration

What is a Secure Host Configuration Assessment?


It doesn't matter how secure your software is, if the underlying operating system is not properly hardened, it's only a matter of time before this is taken advantage of to compromise the entire system. That's why we believe that a Secure Host Configuration Assessment is important, as it identifies vulnerabilities that cannot be detected through network-based testing.

Our Secure Host Configuration Assessment will audit your host security configuration against industry best practice standards such as the latest Center for Internet Security (CIS) benchmarks to ensure your hosts are iron-clad when it comes to security.

During the assessment, we will collect the current configuration of your hosts or Standard Operating Environment (SOE) and validate for each security domain, that the host is configured correctly accoridng to industry best practice standards.


Did You Know?

  • According to BulletProof's 2019 cyber security report, 22% of the high- and critical-risk issues reported consisted of missing patches and out-of-date or no longer supported software.

  • A permanent unpatched security vulnerability is known as a 'forever-day' exploit.

  • Nearly 60% of organisations that suffered a data breach in the past two years cite a known unpatched vulnerability as the cause.

  • According to CrowdStrike, the window of time from when an adversary first compromises an endpoint machine, to when they begin moving laterally across your network, is less than two hours.

Why Choose BlackBug?


We've developed tools to automate the collection of data, and use these scripts to help identify high-risk misconfigurations or omissions in your standard operating environment. Each host is measured against the security practices from our methodology. We create a measurement of risk that is comparable between different operating systems and applications, and assess areas including:

  • Account and privilege management practices
  • File management and filesystem security, including encryption of data at rest
  • Current network security configurations to determine if unintended infiltration or exfiltration of data is possible
  • Auditing and logging practices
  • Patch levels of the operating system and key applications