Configuration management is vitally important as part of a sound cybersecurity strategy. We have previously published how patching alone is not enough, as that does not alter a system’s customized configuration.
Source: Tripwire – The State of Security