A host of cybersecurity agencies have teamed up to offer guidance on how to secure edge devices from ever-increasing threats.
The advice covers network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers and internet-facing operational technology (OT) systems.
Issued by the UK's National Cyber Security Centre (NCSC), CISA, and agencies in Australia, Canada, New Zealand, and the US, the guidelines encourage device manufacturers to include and enable standard logging and forensic features that are robust and secure by default.
This, the NCSC points out, should make it easier for network defenders to detect malicious activity and investigate following an intrusion.
The guidelines also set out a set of minimum standards for forensic visibility to help network defenders secure organizational networks, both proactively and when responding to a compromise.
"In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat," said NCSC technical director Ollie Whitehouse.
"In doing so, we are giving manufacturers and their customers the tools to ensure products not only defend against cyber attacks but also provide investigative capabilities post-intrusion."
The NCSC said malicious actors are increasingly exploiting vulnerabilities and insecure design features to gain and maintain valuable accesses. Devices often aren't secure by design or by default, aren't given regular firmware updates, or have weak authentication measures with limited logging, making it hard to detect suspicious activity.
Similarly, many may not be configured securely, lack proper network segmentation, and use unsupported or end-of-life (EOL) hardware, thereby increasing their vulnerability to exploitation.
Last summer, a report from WithSecure identified the mass exploitation of edge services as the year's prevailing trend for attackers.
The year saw a sharp rise in security incidents caused by the mass exploitation of edge devices, including such as MOVEit, CitrixBleed, Cisco XE, Fortinet’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect.
RELATED WHITEPAPER
The number of edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) added to the Known Exploited Vulnerability Catalogue (KEV) was 22% higher than in 2023.
Juliette Hudson, CTO of CybaVerse, said the new guidance is much needed given the scale of threats facing edge devices currently.
"These are guidelines that shouldn't be ignored, because when edge devices are insecure, the entire networks they run within are at heightened exposure to attack. Today, all businesses are digital businesses, where they rely on smart devices and the internet to deliver services, but this expands the enterprise attack surface," she said.
"Having good visibility across network assets and running proactive monitoring for threats are essential, but device manufacturers also have a key role to play, and it is essential they practice good security hygiene in the development process."
MORE FROM ITPRO
- Five Eyes raises alarm over 'living off the land' attacks
- How edge computing can benefit businesses
- Check out the best VPNs for enterprises
-
Global IT spending set to exceed $6 trillion in 2026News Several key areas are expected to drive the bulk of investment next year
-
Data engineers have never been more important, as businesses are starting to find outNews An MIT survey for Snowflake shows the changing role of data engineers – and their rise in influence
-
What role does a VPN play in modern business?Sponsored Businesses wanting to protect sensitive data need to consider how they protect their data in motion as well as at rest
-
Government urges large enterprises to shore up defenses as NCSC warns UK faces four 'nationally significant' cyber attacks every weekNews UK enterprises of all sizes face escalating cybersecurity threats, ministers have warned
-
Cisco ASA customers urged to take immediate action as NCSC, CISA issue critical vulnerability warningsNews Cisco customers are urged to upgrade and secure systems immediately
-
ExpressVPN updates Windows app to fix vulnerabilityNews The flaw was reported through ExpressVPN's bug bounty program
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
A sneaky cyber espionage campaign is exploiting IoT devices and home office routers – here's what you need to know
News Researchers at SecurityScorecard have issued a warning about a new China-linked threat campaign, dubbed 'LapDogs', targeting IoT devices and home routers.
-
‘States don’t do hacking for fun’: NCSC expert urges businesses to follow geopolitics as defensive strategyNews Paul Chichester, director of operations at the UK’s National Cyber Security Centre, urged businesses to keep closer tabs on geopolitical events to gauge potential cyber threats.
-
Do you really need to fix that critical flaw?News Many CVEs represent no risk in a cloud container environment, researchers claim
