Danger looms at the edge of the network

Attacker strikes through critical vulnerabilities

Network edge devices refer to devices that act as traffic relays between your own network and the public internet, such as firewalls, routers and VPN servers. Network edge devices pose significant risks to a company’s security, as all incoming and outgoing network traffic passes through the edge devices. Many companies still use a division into a “secure internal network” and an external network on the internet. If an attacker manages to gain access to the internal network by exploiting vulnerabilities in the edge devices, they can do whatever they want.

Traficom's Cyber ​​Security Center has warned several times over the past year about vulnerabilities and security risks in network edge devices. In addition to identity leaks, factors that expose edge device data to the internet and incorrect configurations are among others. Several manufacturers such as Ivanti, Fortinet and SonicWall have announced serious vulnerabilities in their products over the past year. Some of these vulnerabilities have been targeted by attackers even before the device users have been informed of the danger.

In its press releases, the Cybersecurity Center has said that it is aware of several dozen data breaches related to Ivanti and Fortinet devices, with which they have helped organizations. The US cybersecurity authority CISA, on the other hand, issued a statement with partner countries, stating that the tool provided by Ivanti does not necessarily detect intrusion into the device, and that a skilled attacker can hide in the network environment for a long time without being detected by exploiting vulnerabilities. It was also noted that even a factory reset or software update does not always remove the attacker's access to the device.

Monitor unusual activity and prepare for the worst

It is very likely that vulnerabilities will continue to be found in edge devices, so it would be very important to detect unusual activity in a timely manner. Therefore, a company should have a log management tool. JMJping's Log Guard SIEMservice features include collecting and storing log data (e.g. access rights, events and errors) in one place, which helps monitor the operation of IT systems. In addition JMJ Log Guardmonitors and analyzes the collected log data and alerts when it detects unusual activities, such as failed login attempts with administrator credentials from an unusual location, at an unusual time. Log data from which events can be investigated is extremely important when something unusual happens on your network.

Critical vulnerabilities in network edge devices are published almost monthly. The most severe of these are: ”zero-day threat” i.e. zero-day vulnerabilities, which are only known to the attacker until the attack or its attempt is detected. However, in the worst case, it may take days or even weeks for the device manufacturer to issue corrective updates or instructions. It is worth noting that any critical vulnerability can lead to a situation in which a company needs to take quick action. Inadequate information security in general can lead to financial losses, reputational damage and legal consequences in addition to data leaks.

Regular InfoSec Mapping helps you prepare

A company's information security should be regularly reviewed, and as we have seen over the past year, some of the devices and practices in use have already reached their end of the road. Traditional firewalls and VPNs have long been the foundation of information security, but they are no longer enough to protect a company's networks and data. Today, multi-layered security solutions are needed that can respond to complex and constantly evolving threats. In addition, remote working and the use of cloud services have made corporate network architectures more complex. 

Comprehensive security solution - SASE

The solution to the above problems is Secure Access Service Edge or more familiarly SASE, which combines network and security functions into a single cloud-based service. It provides a comprehensive and flexible solution that enables secure access to corporate resources from anywhere. SASEsolutions include SD-WAN, firewalls, threat prevention, and the Zero Trust model. The Zero Trust model assumes that the network environment is under constant attack and all traffic, both inbound and outbound, is monitored. It is based on the idea that nothing inside or outside the network should be automatically trusted. All users and devices must be identified and authorized before they are granted access to corporate resources. This model helps prevent unauthorized access and reduces the risk of data breaches. 

If you are interested in SASE, please contact us and we will tell you more about it and CATO Networks, which offers a cloud-based SASE solution that combines network and information security functions into a single entity. Cato Networks offers comprehensive information security that protects all users and devices regardless of their location.

Read more about SASE, Zero Trust and Cato Networks

JMJping is every entrepreneur's reliable partner in information security matters

Be prepared for threats - make sure of at least the following:

Visibility on the internet

Remove the control panels and other user interfaces of network edge devices from the visible internet. Make sure that only essential things are visible to the internet from network edge devices.

Stay safe with backups

Make sure your backups are
up-to-date and available. It's a good idea to have multiple backups and keep at least one separate, offline.

Updates up to date

Keep devices updated and monitor vulnerability communications for products in use. Ensure device licenses are up-to-date and that the device is covered by the manufacturer's update support.

Only what is necessary
is enough

Check that only the necessary features are enabled on the devices; everything else
should be disabled.

Enable MFA

Multi-factor authentication (MFA) should always be enabled when possible, for both users and administrators. 

Fixing operating models

Practice your procedures in advance for sudden security incidents. How do you act, who do you contact first?

source material: Cybersecurity Center
More articles
en_GB
fi en_GB