Five Eyes cyber agencies issue guidance on edge device vulnerabilities
Cybersecurity agencies have issued guidance encouraging manufacturers to implement security-by-default


A host of cybersecurity agencies have teamed up to offer guidance on how to secure edge devices from ever-increasing threats.
The advice covers network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers and internet-facing operational technology (OT) systems.
Issued by the UK's National Cyber Security Centre (NCSC), CISA, and agencies in Australia, Canada, New Zealand, and the US, the guidelines encourage device manufacturers to include and enable standard logging and forensic features that are robust and secure by default.
This, the NCSC points out, should make it easier for network defenders to detect malicious activity and investigate following an intrusion.
The guidelines also set out a set of minimum standards for forensic visibility to help network defenders secure organizational networks, both proactively and when responding to a compromise.
"In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat," said NCSC technical director Ollie Whitehouse.
"In doing so, we are giving manufacturers and their customers the tools to ensure products not only defend against cyber attacks but also provide investigative capabilities post-intrusion."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The NCSC said malicious actors are increasingly exploiting vulnerabilities and insecure design features to gain and maintain valuable accesses. Devices often aren't secure by design or by default, aren't given regular firmware updates, or have weak authentication measures with limited logging, making it hard to detect suspicious activity.
Similarly, many may not be configured securely, lack proper network segmentation, and use unsupported or end-of-life (EOL) hardware, thereby increasing their vulnerability to exploitation.
Last summer, a report from WithSecure identified the mass exploitation of edge services as the year's prevailing trend for attackers.
The year saw a sharp rise in security incidents caused by the mass exploitation of edge devices, including such as MOVEit, CitrixBleed, Cisco XE, Fortinet’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect.
RELATED WHITEPAPER
The number of edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) added to the Known Exploited Vulnerability Catalogue (KEV) was 22% higher than in 2023.
Juliette Hudson, CTO of CybaVerse, said the new guidance is much needed given the scale of threats facing edge devices currently.
"These are guidelines that shouldn't be ignored, because when edge devices are insecure, the entire networks they run within are at heightened exposure to attack. Today, all businesses are digital businesses, where they rely on smart devices and the internet to deliver services, but this expands the enterprise attack surface," she said.
"Having good visibility across network assets and running proactive monitoring for threats are essential, but device manufacturers also have a key role to play, and it is essential they practice good security hygiene in the development process."
MORE FROM ITPRO
- Five Eyes raises alarm over 'living off the land' attacks
- How edge computing can benefit businesses
- Check out the best VPNs for enterprises
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Edge devices are now your weakest link: VPNs, firewalls, and routers were the leading source of initial compromise in 30% of incidents last year – here’s why
News Compromised network edge devices have rapidly emerged as one of the biggest attack points for small and medium businesses.
By Bobby Hellard
-
CISA issues warning in wake of Oracle cloud credentials leak
News The security agency has published guidance for enterprises at risk
By Ross Kelly
-
Hackers are targeting Ivanti VPN users again – here’s what you need to know
News Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
By Emma Woollacott
-
Warning issued over ‘fast flux’ techniques used to obscure malicious signals on compromised networks
News Cybersecurity agencies have issued a stark message that too little is being done to sniff out malware hiding in corporate networks
By Rory Bathgate
-
So long, Defender VPN: Microsoft is scrapping the free-to-use privacy tool over low uptake
News Defender VPN, Microsoft's free virtual private network, is set for the scrapheap, so you might want to think about alternative services.
By Nicole Kobie
-
Billions of IoT devices will need to be secured in the next four years – zero trust could be the key to success
News Researchers have warned more than 28 billion IoT devices will need to be secured by 2028 as attacks on connected devices surge.
By Emma Woollacott
-
Cisco claims new smart switches provide next-level perimeter defense
News Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
By Solomon Klappholz
-
2024 was a record year for commercial cyber attacks
News China-backed attacks on IoT systems helped keep numbers high
By Emma Woollacott