Five Eyes cyber agencies issue guidance on edge device vulnerabilities
Cybersecurity agencies have issued guidance encouraging manufacturers to implement security-by-default
A host of cybersecurity agencies have teamed up to offer guidance on how to secure edge devices from ever-increasing threats.
The advice covers network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers and internet-facing operational technology (OT) systems.
Issued by the UK's National Cyber Security Centre (NCSC), CISA, and agencies in Australia, Canada, New Zealand, and the US, the guidelines encourage device manufacturers to include and enable standard logging and forensic features that are robust and secure by default.
This, the NCSC points out, should make it easier for network defenders to detect malicious activity and investigate following an intrusion.
The guidelines also set out a set of minimum standards for forensic visibility to help network defenders secure organizational networks, both proactively and when responding to a compromise.
"In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat," said NCSC technical director Ollie Whitehouse.
"In doing so, we are giving manufacturers and their customers the tools to ensure products not only defend against cyber attacks but also provide investigative capabilities post-intrusion."
The NCSC said malicious actors are increasingly exploiting vulnerabilities and insecure design features to gain and maintain valuable accesses. Devices often aren't secure by design or by default, aren't given regular firmware updates, or have weak authentication measures with limited logging, making it hard to detect suspicious activity.
Similarly, many may not be configured securely, lack proper network segmentation, and use unsupported or end-of-life (EOL) hardware, thereby increasing their vulnerability to exploitation.
Last summer, a report from WithSecure identified the mass exploitation of edge services as the year's prevailing trend for attackers.
The year saw a sharp rise in security incidents caused by the mass exploitation of edge devices, including such as MOVEit, CitrixBleed, Cisco XE, Fortinet’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect.
RELATED WHITEPAPER
The number of edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) added to the Known Exploited Vulnerability Catalogue (KEV) was 22% higher than in 2023.
Juliette Hudson, CTO of CybaVerse, said the new guidance is much needed given the scale of threats facing edge devices currently.
"These are guidelines that shouldn't be ignored, because when edge devices are insecure, the entire networks they run within are at heightened exposure to attack. Today, all businesses are digital businesses, where they rely on smart devices and the internet to deliver services, but this expands the enterprise attack surface," she said.
"Having good visibility across network assets and running proactive monitoring for threats are essential, but device manufacturers also have a key role to play, and it is essential they practice good security hygiene in the development process."
MORE FROM ITPRO
- Five Eyes raises alarm over 'living off the land' attacks
- How edge computing can benefit businesses
- Check out the best VPNs for enterprises
-
AI-generated code is fast becoming the biggest enterprise security riskNews Security teams are scrambling to catch AI-generated flaws that appear correct before disaster strikes
-
Sundar Pichai hails AI gains as Google Cloud, Gemini growth surgesNews The company’s cloud unit beat Wall Street expectations as it continues to play a key role in driving AI adoption
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
How to MFA everywhereIndustry Insights Identity online is not who you are; it is what the system accepts as proof of you, and that gap is exactly what the attackers take advantage of
-
The NCSC touts honeypots and ‘cyber deception’ tactics as the key to combating hackers — but they could ‘lead to a false sense of security’News Trials to test the real-world effectiveness of cyber deception solutions have produced positive results so far
-
Chinese hackers are using ‘stealthy and resilient’ Brickstorm malware to target VMware servers and hide in networks for months at a timeNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
-
What role does a VPN play in modern business?Sponsored Businesses wanting to protect sensitive data need to consider how they protect their data in motion as well as at rest
-
Government urges large enterprises to shore up defenses as NCSC warns UK faces four 'nationally significant' cyber attacks every weekNews UK enterprises of all sizes face escalating cybersecurity threats, ministers have warned
-
Cisco ASA customers urged to take immediate action as NCSC, CISA issue critical vulnerability warningsNews Cisco customers are urged to upgrade and secure systems immediately
