Jan Hichert, CEO and co-founder of Astaro
Many companies don't change the default policy of a security appliance once it's installed, and they also leave default passwords remain unchanged. A security appliance can pose a security risk when not properly configured.
We also see a lot of companies that use email security appliances mistakenly setting them as open relays. This opens the door for spammers to relay millions of messages through their unit, which not only spams people, but has the adverse side effect of getting them on real time blackhole lists (RBLs). So even after they fix the problem, they have to approach each RBL separately and go through their removal process, which can be very time consuming.