Government agencies from the Five Eyes countries have released joint guidance for device manufacturers to secure their edge products against increasingly frequent malicious attacks.
Sitting at the edge of a network, always connected to the internet, and acting as entry points for data between the network and the web, edge devices may include firewalls, routers, IoT devices, VPN gateways, sensors, servers, smart appliances, and operational technology (OT) systems.
These devices are of particular interest because they handle important data, and threat actors are increasingly targeting them in malicious attacks, cybersecurity agencies from Australia, Canada, New Zealand, the US, and the UK warn.
The joint guidance sets a minimum standard for forensic visibility, encouraging device makers to integrate secure-by-default logging and forensic features to help detect malicious activity and investigate incidents.
The guidance is limited to VPNs, firewalls, and routers, which the authoring agencies deem as the most used edge devices, providing secure connections, enabling monitoring and control of data traffic, and directing traffic between internal networks and the web.
According to the Five Eyes agencies, threats to edge devices include misconfigurations, security vulnerabilities, distributed denial-of-service (DDoS) attacks, exposed web-based applications, and default configuration settings.
Attacks targeting vulnerabilities in Fortinet FortiOS (CVE-2024-21762 and CVE-2022-42475) and Cisco IOS (CVE-2023-20198 and CVE-2023-20273) are prime examples of how threat actors may attempt to exploit edge devices to compromise organizations.
To protect their edge devices, organizations should follow vendor hardening guides, subscribe to vendor notifications and advisories, keep devices always updated, enable centralized logging, implement strong multi-factor authentication (MFA), disable unused functionality, maintain detailed device inventories, alert on configuration changes, detect hardware changes, review security policies, implement role-based access control, and include edge device compromise in their incident response plans.
The guidance also encourages device manufacturers to adhere to secure-by-design principles to improve the security of their products and decrease the number of potentially exploitable vulnerabilities.
As detailed in previous guidance from the Five Eyes agencies, device makers should enable secure logging by default in edge devices and the full non-volatile storage collection of the current running state of the device.
Related: CISA, FBI Update Software Security Recommendations
Related: Five Eyes Agencies Release Guidance on Detecting Active Directory Intrusions
Related: Upleveling the State of SMB Cybersecurity
Related: Gaining and Retaining Security Talent: A Cheat Sheet for CISOs
