A host of cybersecurity agencies have teamed up to offer guidance on how to secure edge devices from ever-increasing threats.
The advice covers network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers and internet-facing operational technology (OT) systems.
Issued by the UK's National Cyber Security Centre (NCSC), CISA, and agencies in Australia, Canada, New Zealand, and the US, the guidelines encourage device manufacturers to include and enable standard logging and forensic features that are robust and secure by default.
This, the NCSC points out, should make it easier for network defenders to detect malicious activity and investigate following an intrusion.
The guidelines also set out a set of minimum standards for forensic visibility to help network defenders secure organizational networks, both proactively and when responding to a compromise.
"In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat," said NCSC technical director Ollie Whitehouse.
"In doing so, we are giving manufacturers and their customers the tools to ensure products not only defend against cyber attacks but also provide investigative capabilities post-intrusion."
The NCSC said malicious actors are increasingly exploiting vulnerabilities and insecure design features to gain and maintain valuable accesses. Devices often aren't secure by design or by default, aren't given regular firmware updates, or have weak authentication measures with limited logging, making it hard to detect suspicious activity.
Similarly, many may not be configured securely, lack proper network segmentation, and use unsupported or end-of-life (EOL) hardware, thereby increasing their vulnerability to exploitation.
Last summer, a report from WithSecure identified the mass exploitation of edge services as the year's prevailing trend for attackers.
The year saw a sharp rise in security incidents caused by the mass exploitation of edge devices, including such as MOVEit, CitrixBleed, Cisco XE, Fortinet’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect.
RELATED WHITEPAPER
The number of edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) added to the Known Exploited Vulnerability Catalogue (KEV) was 22% higher than in 2023.
Juliette Hudson, CTO of CybaVerse, said the new guidance is much needed given the scale of threats facing edge devices currently.
"These are guidelines that shouldn't be ignored, because when edge devices are insecure, the entire networks they run within are at heightened exposure to attack. Today, all businesses are digital businesses, where they rely on smart devices and the internet to deliver services, but this expands the enterprise attack surface," she said.
"Having good visibility across network assets and running proactive monitoring for threats are essential, but device manufacturers also have a key role to play, and it is essential they practice good security hygiene in the development process."
MORE FROM ITPRO
- Five Eyes raises alarm over 'living off the land' attacks
- How edge computing can benefit businesses
- Check out the best VPNs for enterprises
-
Edge devices are now your weakest link: VPNs, firewalls, and routers were the leading source of initial compromise in 30% of incidents last year – here’s whyNews Compromised network edge devices have rapidly emerged as one of the biggest attack points for small and medium businesses.
-
CISA issues warning in wake of Oracle cloud credentials leakNews The security agency has published guidance for enterprises at risk
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Warning issued over ‘fast flux’ techniques used to obscure malicious signals on compromised networksNews Cybersecurity agencies have issued a stark message that too little is being done to sniff out malware hiding in corporate networks
-
So long, Defender VPN: Microsoft is scrapping the free-to-use privacy tool over low uptakeNews Defender VPN, Microsoft's free virtual private network, is set for the scrapheap, so you might want to think about alternative services.
-
Billions of IoT devices will need to be secured in the next four years – zero trust could be the key to successNews Researchers have warned more than 28 billion IoT devices will need to be secured by 2028 as attacks on connected devices surge.
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
2024 was a record year for commercial cyber attacksNews China-backed attacks on IoT systems helped keep numbers high
