Configuration drift is the gradual deviation of a system’s settings from its established, secure baseline due to manual changes, software updates, or unauthorised modifications. Monitoring for drift is essential because even small changes—such as an accidentally opened port or a disabled security service—can create new vulnerabilities. By using automated tools to detect and alert on these changes, security teams can ensure that systems remain in a known, secure state. Our documentation on maintaining secure configurations provides further context.

For more information, see Industrial Cyber Security Best Practices.