A host of cybersecurity agencies have teamed up to offer guidance on how to secure edge devices from ever-increasing threats.
The advice covers network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers and internet-facing operational technology (OT) systems.
Issued by the UK's National Cyber Security Centre (NCSC), CISA, and agencies in Australia, Canada, New Zealand, and the US, the guidelines encourage device manufacturers to include and enable standard logging and forensic features that are robust and secure by default.
This, the NCSC points out, should make it easier for network defenders to detect malicious activity and investigate following an intrusion.
The guidelines also set out a set of minimum standards for forensic visibility to help network defenders secure organizational networks, both proactively and when responding to a compromise.
"In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat," said NCSC technical director Ollie Whitehouse.
"In doing so, we are giving manufacturers and their customers the tools to ensure products not only defend against cyber attacks but also provide investigative capabilities post-intrusion."
The NCSC said malicious actors are increasingly exploiting vulnerabilities and insecure design features to gain and maintain valuable accesses. Devices often aren't secure by design or by default, aren't given regular firmware updates, or have weak authentication measures with limited logging, making it hard to detect suspicious activity.
Similarly, many may not be configured securely, lack proper network segmentation, and use unsupported or end-of-life (EOL) hardware, thereby increasing their vulnerability to exploitation.
Last summer, a report from WithSecure identified the mass exploitation of edge services as the year's prevailing trend for attackers.
The year saw a sharp rise in security incidents caused by the mass exploitation of edge devices, including such as MOVEit, CitrixBleed, Cisco XE, Fortinet’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect.
The number of edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) added to the Known Exploited Vulnerability Catalogue (KEV) was 22% higher than in 2023.
Juliette Hudson, CTO of CybaVerse, said the new guidance is much needed given the scale of threats facing edge devices currently.
"These are guidelines that shouldn't be ignored, because when edge devices are insecure, the entire networks they run within are at heightened exposure to attack. Today, all businesses are digital businesses, where they rely on smart devices and the internet to deliver services, but this expands the enterprise attack surface," she said.
"Having good visibility across network assets and running proactive monitoring for threats are essential, but device manufacturers also have a key role to play, and it is essential they practice good security hygiene in the development process."
MORE FROM ITPRO
