How Organizations Can Stay Ahead of Emerging Threats Targeting Edge Devices

The Cybersecurity and Infrastructure Security Agency (CISA) recently gave a big emergency order: all federal agencies must disconnect any edge devices that vendors no longer send security updates to within the next 18 months. This includes routers, firewalls, network security appliances, Internet of Things (IoT) devices, and other similar devices that are at the edge of the network. These end-of-support (EOS) devices are very important for change, but they are also a big and ongoing threat because advanced threat actors often target them because they are so well connected to organizational networks.

Most businesses, whether they are in the public or private sector, aren't ready for the security risks that come with using edge devices.

A lot of the time, people don't think about this kind of device security or design it with protection against threats in mind, which makes networks very easy to attack. Related: Cisco SD-WAN Zero-Day Has Been Used for Three Years To make IT structures last, they need to be designed to support seamless integration and centralized control, no matter where devices or users are. This means using cloud-native platforms, following zero trust security principles, and using automation to make it easier to enforce compliance and find threats throughout the whole ecosystem.

Making Compliance a Competitive Edge In the world of IoT and EOS, any device that is connected to the internet could be a target, and the effects of a breach can be very serious and wide-ranging.

The most recent order from CISA is a good reminder that security is not something you do once and then forget about. Organizations can no longer ignore the fact that unsupported infrastructure is a problem.