Press ESC to close

How secure are network security devices in today’s IT environments?

    In today’s cybersecurity landscape, network security devices such as firewalls, VPNs, and routers have become critical components in protecting organizational IT environments. However, as cybersecurity measures on endpoints have improved, malicious actors have shifted their focus towards exploiting vulnerabilities in these very devices, transforming them into potential entry points for cyberattacks. This alarming trend highlights the urgent need for robust security measures to ensure these devices remain secure.

    The Increasing Threat

    The recent widespread compromise of Ivanti VPN devices and a series of attacks targeting vulnerabilities in on-premises firewalls have underscored the seriousness of this issue. Ironically, the devices designed to safeguard IT environments are now seen as weak links that can be exploited by cybercriminals. Geoffrey Mattson, CEO of Xage Security, aptly captures this irony: “It’s the security devices that are making us less secure.”

    The Patching Challenge

    One of the significant challenges in securing network security devices is the patching process. IT and security teams, along with managed service providers (MSPs), are often caught in a relentless cycle of vulnerability disclosure, patching, and repeating the process. The sheer volume of vulnerabilities and limited organizational resources make timely patching difficult, leaving many systems exposed to potential attacks. MacKenzie Brown, VP of Security at Blackpoint Cyber, acknowledges the struggle, noting that many organizations lack the time and resources to patch vulnerabilities quickly.

    Delays in Patching

    The problem is further compounded when vendors delay releasing patches for known vulnerabilities. The Ivanti Connect Secure VPN vulnerabilities serve as a prime example. Despite the severity of the threat, Ivanti took three weeks to release the first patch after the initial disclosure, drawing criticism from the security community.

    Rising Exploits

    The exploitation of vulnerabilities in network security devices has been on the rise. Forescout reports a near quadrupling of exploits targeting these systems in 2023, accounting for 11% of all vulnerability exploits. Mandiant researchers also observed a doubling in the exploitation of vulnerabilities affecting security products from 2022 to 2023. Jurgen Kutscher, VP at Mandiant Consulting, stresses the need for increased focus on securing these critical devices.

    See also  What Are The 7 Steps To Minimize Technological Risk?

    Case Study: Ivanti Connect Secure VPN

    The Ivanti Connect Secure VPN attacks in early 2024 illustrate the severity of the threat. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent order to disconnect Ivanti VPN devices due to mass exploitation, affecting thousands of devices, including those of CISA and Mitre. Caleb Gross, Director of Capability Development at Bishop Fox, highlights the limited capacity of internal security teams to address multiple overlapping issues across various products, leading to drastic measures like disconnecting vulnerable devices.

    The Rise of Zero-Day Vulnerabilities

    Zero-day vulnerabilities, previously unknown issues already exploited in attacks, are becoming more common in network security devices. Caitlin Condon, Director of Vulnerability Research and Intelligence at Rapid7, notes a high incidence of zero-day exploitation for these devices over the past year. This trend emphasizes the need for vendors to respond swiftly and transparently when vulnerabilities are discovered.

    Hackers’ Attraction to Network Security Devices

    Network security devices are prime targets for threat actors due to their internet-facing nature and the administrative privileges they often possess. Elisa Costante, VP of Research at Forescout, explains that once hackers gain access to these devices, they are in a favorable position to launch further attacks. For ransomware operators, compromising these devices provides direct privileged access, eliminating the need for lateral movement or persistence within the environment.

    Challenges of a Hyper-Connected World

    Many network security devices were designed decades ago when the threat landscape was vastly different. Deepen Desai, Chief Security Officer at Zscaler, points out that while these devices have served their purpose, the evolving threat landscape requires more advanced solutions. The transition to newer approaches like Secure Access Service Edge (SASE) and Security Service Edge (SSE) is underway, but the shift is gradual. Prakash Venkata of PricewaterhouseCoopers notes that even security-conscious industries plan to maintain a hybrid model for the foreseeable future due to operational familiarity with on-premises firewalls.

    See also  What Are 10 Safety Rules For The Internet?

    The Case for Automatic Patching

    As organizations continue to rely on VPNs and firewalls, some experts advocate for better automatic patching options for critical vulnerabilities. Sophos, for instance, has implemented automatic deployment of “hotfix” updates for severe vulnerabilities in its XG next-generation firewalls, covering the majority of its over 500,000 deployed XG firewalls. This approach has reportedly resulted in no significant disruptions, contrary to industry fears. Dan Cole, SVP of Product Management at Sophos, emphasizes that automatic hotfixes save time and effort for partners and customers. Bishop Fox’s Gross supports this, noting lower exploitation rates for Sophos firewalls during penetration testing due to rapid patching capabilities.

    Moving Forward

    To secure the cybersecurity landscape, the industry must prioritize the protection of network security devices. Vendors should aim for transparency, prompt patching, and consider implementing automatic update mechanisms for critical vulnerabilities. Organizations, on the other hand, should assess vendors’ track records in addressing vulnerabilities and consider transitioning to newer, more secure technologies like SASE and SSE. The industry must collectively recognize the heightened threat posed by vulnerabilities in network security devices and take proactive measures to fortify these critical systems, ensuring they remain a robust defense against cyber threats.

    Conclusion

    Network security devices are the front door to IT environments, and their security is paramount. As threat actors increasingly target these systems, it is crucial for both vendors and organizations to prioritize their protection. By addressing vulnerabilities promptly and transparently, implementing automatic patching where feasible, and transitioning to newer security technologies, the industry can better safeguard these critical components of cybersecurity infrastructure. Ensuring these devices remain secure is not just about protecting individual organizations but about fortifying the entire digital landscape against evolving cyber threats.

    Strengthen Your Cybersecurity with Jamieson-Don Consultants

    Are your network security devices truly secure? As cyber threats evolve, it’s crucial to protect your IT environment with cutting-edge solutions. Jamieson-Don Consultants offers robust cybersecurity services through our business partners Zscaler, Netskope, Palo Alto Networks, and Sophos.

    See also  Why Is It Difficult To Defend Against Cyber Attacks?

    Our Services:

    Why Choose Us?

    • Expert Management: Managed services tailored to your needs.
    • Comprehensive Protection: Safeguard your network with leading-edge technology.
    • Proactive Approach: Stay ahead of vulnerabilities with automatic updates and rapid response.

    Partner with Us Today!

    Ensure your network security devices are under lock and key. Contact djamieson@jamieson-don.com for a consultation and secure your business’s digital fortress.

    For more information, call us at 312-975-1755. Protect your organization with Jamieson-Don Consultants and our trusted partners.

    CyberBestPractices

    I am CyberBestPractices, the author behind EncryptCentral's Cyber Security Best Practices website. As a premier cybersecurity solution provider, my main focus is to deliver top-notch services to small businesses. With a range of advanced cybersecurity offerings, including cutting-edge encryption, ransomware protection, robust multi-factor authentication, and comprehensive antivirus protection, I strive to protect sensitive data and ensure seamless business operations. My goal is to empower businesses, even those without a dedicated IT department, by implementing the most effective cybersecurity measures. Join me on this journey to strengthen your cybersecurity defenses and safeguard your valuable assets. Trust me to provide you with the expertise and solutions you need.