Enhancing Cybersecurity: Addressing Vulnerabilities and Embracing Cloud Security


Enhancing Cybersecurity: Addressing Vulnerabilities and Embracing Cloud Security

In recent news, the Cybersecurity and Infrastructure Security Agency (CISA) in the United States issued a binding directive highlighting the urgent need to remove internet-visible devices from government departments. This action was prompted by the Volt Typhoon cyber threat, which exploited vulnerabilities in outdated devices such as those manufactured by ASUS, Cisco, D-Link, Netgear, Zyxel and Fortinet. The directive aims to safeguard government networks and protect sensitive information from potential breaches. In this blog post, we will explore the challenges posed by internet-visible devices and the benefits of embracing cloud Networking and Security services (SASE) to enhance cybersecurity.

The Volt Typhoon Incident and unpatched Vulnerabilities

On May 25th, Volt Typhoon came to the forefront as a significant cyber threat. Exploiting vulnerabilities in devices such as Fortinet VPN, this attack raised concerns about the security of government networks. In response, vendors promptly issued patches to address the vulnerabilities that had been exploited during the Volt Typhoon incident. Many vendors today push the onus of patching security and network hardware onto their customers. However, even your phone updates itself……what gives?

The Risks of Internet-Visible Devices

In the Volt Typhoon attacks - the major attack entry point has a common architecture. They are self-contained standalone devices that operate with open ports required for discovery, reachability and/or remote management. This often means these devices respond to requests from the other devices internet. This visibility on the internet makes them attractive targets for threat actors who actively search for vulnerable devices.

CISA's Binding Operational Directive

Recognizing the urgency to protect government networks, CISA issued a binding operational directive, 23-02 Implementation Guidance. This directive mandates the removal of internet-visible devices from government departments. Unfortunately, some departments have struggled to execute the directive due to the scale of the problem and the complexity of the technology involved, continuing to leave networks exposed to potential threats.

CISA calls out vendors on substandard security

Recently Jen Easterly Director of Cyber Security and Infrastructure Agency called out to the tech industry to stop producing hardware with substandard security, calling out on vendors who do not adequately harden devices out of the box. More recently CISA issued a paper on Secure-by-design, Secure-by-default for manufacturers and the public.

The Vendor Security Masquerade

You would think hardware firewalls should be Secure-by-design and default. They should run silent on the internet and not respond to any kind of scan. This is a basic premise of security, anonymity.

Recently our Superloop Security team scanned Australia for a Tier 1 security vendor's devices and found 7000+ plus entries visible on the internet. Hackers 1, customer network anonymity zero. If you're running these types of devices, then your business could be significantly at risk. In many cases it's not as simple as closing off the ports as these provide critical services e.g. Remote access for all employees SSL VPN.

The Advantages of Cloud Security and SASE

Cloud network security platforms such as Palo Alto's Prisma that extends to Secure Access Service Edge (SASE) solutions, provide a more secure approach to safeguarding networks . Here some of the key advantages they provide that directly address the issues discussed.

  1. Obfuscation of Infrastructure
    Cloud security platforms generally operate silently on the internet, minimising their exposure and advertising of open ports and systems. Further connecting existing internet connect devices to these platforms renders them silent. Eliminating the internet visibility problem
  2. Built-in Modern Security Practices
    Cloud security platforms incorporate modern security practices and processes into the code, including a native Zero Trust approach, comprehensive logging, and automated response and mechanisms. These features enhance the overall security posture and reduce the risk of unauthorised access.
  3. Automated Security Updates
    Prisma ensures continuous monitoring, patching, and updating of systems and infrastructure including Common Vulnerabilities and Exploits (CVE) and Indicators Of Compromise (IOC). This proactive approach to security maintenance reduces the window of vulnerability and provides reassurance that the latest security measures are in place.

The Benefits of Prisma and Cloud Native Security in hiding and securing assets

The recent directive from CISA highlights the need for urgent action to remove internet-visible devices. Embracing cloud security solutions, such as Prisma, can provide a significant boost to cybersecurity. With the ability to obfuscate infrastructure from the internet , built-in modern security practices, and automatic security updates, cloud security platforms offer enhanced protection against cyber threats. By leveraging these solutions, organisations can strengthen their defence against potential breaches and ensure the integrity and confidentiality of their sensitive data.

At Superloop we're here to help and as Palo Alto's Managed Security Partner of the Year 2022, that an even better reason to get in touch to improve your network security and connectivity.