Why Private AI is becoming the preferred choice for enterprise AI deployment
January 12, 2025
2024 Gartner Magic Quadrant for SD-WAN
January 15, 2025The 3-Step Configuration Review
How to maximize security and efficiency with expert reviews
The 3-Step Configuration Review
How to maximize security and efficiency with expert reviews
Security products are frequently installed with the expectation that they will remain operational for years, even decades. At the outset, significant effort is dedicated to configuring these tools to counter existing threats and comply with regulatory standards. During this phase, post-installation reports are carefully reviewed, tests are performed, false positives are addressed, and regular discussions with vendors to resolve support tickets are commonplace.
Over time, however, as the system stabilizes, focus naturally shifts to other pressing matters. Although proactive security vendors occasionally update customers about new features or recommend adjustments, many organizations only revisit their configurations when faced with a noticeable decline in performance—or worse, a security breach.
Why are configuration reviews so essential?
The security landscape is constantly changing, and solutions that fail to adapt to emerging threats or evolving infrastructure are at risk of becoming obsolete. Misconfigurations, neglected features, and outdated policies can introduce vulnerabilities that compromise an organization’s overall security. Conducting a configuration review helps address these issues, ensuring your solution continues to function effectively. Drawing on years of experience performing hundreds of configuration reviews for large enterprises, I wanted to share valuable insights into the process of evaluating security controls. This blog incorporates real-world examples from my work in the email security cloud, providing you with a clear understanding of what to expect when you request a review from your vendor.
When should you review configurations?
It’s important not to wait for a security incident to take action. Conducting a comprehensive, expert-led configuration review at least annually is essential. However, maintaining the effectiveness and optimization of your solution involves more than just periodic reviews. Teams should consistently follow best practices for their security solutions and perform routine housekeeping tasks much more frequently. Additionally, vendors should engage with customers every six months to discuss product roadmaps and recent updates, enabling better planning for upgrades well ahead of time.
3 steps to conduct a configuration review
A secure configuration review is a process your security vendor can lead, but it helps to know what to expect. You’ll examine and assess your organization’s IT systems, applications and security solutions to identify vulnerabilities, misconfigurations and other security risks that could be lurking. Here’s that process broken down into three steps.
Step 1: Initial meeting
Meet with your security vendor to walk through your solution’s current configurations. This allows for real-time discussion of settings that might deviate from best practices and provides context for decisions that may seem suboptimal on paper but serve specific business needs.
Step 2: Review the findings
After the meeting, your vendor will provide a report outlining their findings. These typically fall into the following categories:
Misconfigurations
These are critical issues that directly impact security or efficacy. Examples include:
- Core features not enabled
- Whitelist entries allowing malicious emails
- Weak access control settings
Suggestions for improvement
These address opportunities to enhance performance or user experience. For instance, adjusting outbound email retry schedules can improve delivery notifications for users.
New features
Often overlooked, new features can significantly improve security and functionality. Highlighting these during reviews ensures they’re not forgotten.
Housekeeping
Regular maintenance tasks center on:
- Admin accounts: Regularly review access permissions to ensure only appropriate individuals have configuration manager access. Implement enforced federated single sign-on to reduce risks.
- Whitelist entries: Temporary entries for mitigating false positives should be reviewed and removed once the vendor adjusts detections.
- Registered domains and routes: As organizations evolve, domain names and email routes must be updated.
- Data protection policies: Ensure these remain accurate and relevant to enforce privacy and compliance.
- Custom settings: Track and review custom configurations periodically to ensure they align with global changes.
An actionable report often organizes the findings by two criteria:
- Risk prioritization: Assess the likelihood of a threat exploiting a vulnerability and its potential impact. For example, a domain added to a spam-approved list and excluded from DMARC scanning poses a high risk of phishing attacks.
- Implementation effort: Evaluate the complexity of changes. Some may require minutes. Others, like enabling a new feature, could necessitate extensive planning, testing and user communication.
Step 3: Take action
Address your findings based on risk prioritization. Simple issues may require minimal follow-up, while complex problems might demand additional meetings, ongoing projects or consultancy engagements. The key is taking timely action to determine needs, mitigate risks and improve performance.
Your first step starts today
Neglecting reviews until issues arise is a costly gamble.By collaborating with your vendor for annual evaluations and maintaining a proactive schedule with periodic assessments, you can save considerable time, effort, and resources. In the end, conducting thorough configuration reviews is a strategic investment in resilience—ensuring your security tools perform as intended, both today and in the future.
When was the last time your organization reviewed its security configurations? If it’s been more than six months, schedule a review today—your organization’s resilience depends on it.