Hardening Before the Audit: A Pragmatic Security Uplift for Internet-Facing Infrastructure

Commercial property operator
Regional operator, multiple sites

The Challenge

An organisation with internet-facing services had grown faster than its security posture. Manual, ad-hoc security practices left critical gaps in visibility, patch management, and configuration hardening. The upcoming compliance audit highlighted significant risk, but the team lacked the bandwidth for a comprehensive, manual remediation project.

The Approach

We ran a structured hardening program: baseline the estate, close the highest-risk gaps first, then encode the controls as automation so they enforce themselves rather than decay. The goal was to establish a defensible, documented security posture with built-in enforcement and continuous validation, turning security from a periodic project into an ongoing operational capability.

System Architecture

Key Components

  • Asset Discovery & Inventory: Automated discovery of internet-facing assets integrated with NetBox as the system of record.
  • Vulnerability Assessment Agent: Scheduled scans using standard tooling with authenticated checks where possible, feeding results into a centralized findings database.
  • Configuration Assessment: Agent-based checks for benchmark compliance on Linux and Windows hosts.
  • Prioritization Engine: Correlates severity, asset criticality, and exploitability to generate a risk-ranked remediation backlog.
  • Remediation Orchestrator: For approved, high-confidence fixes, triggers automated remediation through configuration management workflows and creates tickets where manual intervention is required.
  • Verification & Reporting: Post-remediation validation scans, drift detection checks, and audit-ready reporting.
  • Audit Trail: Immutable log of discovery, assessment, remediation, and verification actions.

What Was Built

The system was implemented as a series of automated workflows in n8n, integrating with existing security tooling and configuration management. Custom scripts were written for checks where native agents were not available. All components were scheduled, logged centrally, and designed to produce evidence that could be reused during audit preparation.

Measurable Outcome

Within the first month, the team reduced critical and high-severity findings by more than 70% through automated remediation of common misconfigurations. Continuous monitoring meant new issues were detected and often addressed within hours, drastically reducing the window of exposure. Audit preparation time dropped from weeks to hours because the reporting was already current and evidence-backed.

Most importantly, the shift from reactive, project-based security to proactive, automated hygiene improved team focus and created a more sustainable operating model.

Lessons Learned

Starting with asset inventory was non-negotiable—you cannot secure what you cannot see. Prioritizing remediation based on risk, not just raw severity, ensured limited effort was spent where it mattered most. Another key insight was that automation is most valuable when it also verifies outcomes, not just makes changes.

Why This Approach Worked

This case study demonstrates that effective hardening is not about one-off fixes. It is about building a repeatable discovery, prioritization, remediation, and verification loop that keeps security controls from drifting over time.