Secure Configurations for Remote Endpoints with CIS-CAT Pro

Many servers, operating systems, and applications come with default settings that prioritize convenience, not security. Cyber threat actors (CTAs) know this well. They're dedicated to trying to exploit weak configurations so that they can gain access to your network, pivot to your systems, and steal your data. 

There are ways to prevent them from succeeding. You can use secure configuration management to harden your systems against these attack attempts. But you might need to overcome certain challenges along the way. Let's explore more below.

The Challenges of Managing Secure Configurations

By moving away from default settings to a more secure option, you can protect your systems and data against threats such as denial of service or unauthorized data access. The Center for Internet Security (CIS) wants you to be successful in these efforts, which is why we've been developing hardening guidelines since 2000. These CIS Benchmarks provide free configuration recommendations for more than 100 technologies across 25+ vendor product families.

Depending on the nature of your environment, however, you might run into some difficulties managing your secure configurations. Your IT teams can easily become overwhelmed between various standards, compliance requirements, and security options as they try to harden all your different systems. As a result, they could make errors or overlook certain systems, leaving your systems and data vulnerable. This is especially true in a remote environment, as IT personnel don't have physical access to all the systems they need to harden.

Automating the Process with CIS-CAT Pro

It's important to keep your systems' secure configurations top of mind as you offer flexibility and convenience to your employees. One of the ways you can do this is by automating your secure configuration management efforts. Through CIS SecureSuite Membership, your organization can take advantage of resources to help automate configuration review.


Membership gives you access to CIS-CAT Pro, a configuration assessment tool for analyzing a target endpoint’s settings. CIS-CAT Pro compares a target machine to the secure recommendations in the CIS Benchmarks and provides a compliance score of 1-100. Its reports then demonstrate remediation steps for any non-compliant settings to help you improve your cyber defenses after each assessment.

Do you have remote devices to secure? Not a problem! You can use CIS-CAT Pro to assess remote machines through a command line (CLI) or graphical user interface (GUI). Using the CLI, you can specifically target Microsoft Windows endpoints using WinRM.

Where Security Meets Flexibility

Configuration management can be difficult, especially when remote work comes into play. Whether your team works in two offices or twenty, it’s never been easier to ensure everyone is working on secure configurations. You can help harden your organization’s endpoints and implement a secure baseline by remotely assessing with CIS-CAT Pro Assessor v4. It will also help improve your compliance to the consensus-developed security recommendations contained within the CIS Benchmarks.