Network Security, Endpoint/Device Security, Governance, Risk and Compliance

CISA, international agencies offer guidance on edge threats

The Cybersecurity and Infrastructure Security Agency (CISA) emblem is seen at its headquarters in Arlington, Va.

A U.S. cybersecurity agency issued a fresh set of guidance for organizations regarding best practices in securing their networks and data storage.

The U.S. Cyber Security and Infrastructure Security Agency (CISA) posted a set of guidelines aimed at helping companies better secure the commonly used devices that sit at the edges of most networks.

“This set of guidance, led by international cybersecurity authorities, is intended to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers, and internet-facing operational technology (OT) systems,” CISA explained.

It's thought that American organizations will be motivated in the new year to brush up on security and install updates for commonly exploited security vulnerabilities in their edge devices.

Such flaws are commonly exploited by threat actors who rely on organizations neglecting to patch known exploited vulnerabilities for months or years on end, creating low-hanging fruit for attackers.

This is especially true for edge network devices, which face the open internet and, in many cases, do not receive the regular attention for updates and patches that would be afforded to regular Windows and Linux boxes, thus leaving them open to attackers who, in many cases, automate the process of scanning and attacking for known exploits in the hope of gaining a network foothold.

CISA also brought in a few of its partners to offer guidance on how companies can secure the edge of their networks. The agency offered up guidance from the UK’s National Cyber Security Centre on digital forensics monitoring. The guidelines cover critical areas such as data logging and management of records.

America’s Hat also entered the conversation, as the Canadian Centre for Cyber Security offered some of its own real-world experiences with some hosers trying to get at its own end points, you know. The Great White North has extensive experience defending extended networks due to its oil and gas reserves all the way up in Santa country.

At the other end of the globe, CISA offers words of wisdom from its Australian counterparts who are charged with not only hardening devices from foreign threat actors, but also 70 kinds of animals nobody else has heard about.

The Aussies hope to “provide a summary of mitigation strategies and best practices on securing, hardening, and managing edge devices effectively, and technical details on seven mitigation strategies for operational, procurement and cybersecurity staff to implement to reduce risk to edge devices.”

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.
Shaun Nichols

A career IT news journalist, Shaun has spent 17 years covering the industry with a specialty in the cybersecurity field.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds